Abstract: A device runs a hypervisor and a virtual machine. The virtual machine includes a virtual security module, which can be a virtual trusted platform module (TPM). The virtual security module for the virtual machine is encrypted, and in order for the hypervisor to run the virtual machine the virtual security module is decrypted using a security module key. If a host guardian service is accessible, then the hypervisor obtains the key to decrypt the virtual security module from the host guardian service. However, if the host guardian service is inaccessible, then the hypervisor uses a key securely stored in a key cache of the device to decrypt the virtual security module. In one or more embodiments, the hypervisor can obtain the key from the key cache only if a health certificate indicating that the host guardian service trusts the device has been previously obtained from the host guardian service.

Abstract: A device runs a hypervisor and a virtual machine. The virtual machine includes a virtual security module, which can be a virtual trusted platform module (TPM). The virtual security module for the virtual machine is encrypted, and in order for the hypervisor to run the virtual machine the virtual security module is decrypted using a security module key. If a host guardian service is accessible, then the hypervisor obtains the key to decrypt the virtual security module from the host guardian service. However, if the host guardian service is inaccessible, then the hypervisor uses a key securely stored in a key cache of the device to decrypt the virtual security module. In one or more embodiments, the hypervisor can obtain the key from the key cache only if a health certificate indicating that the host guardian service trusts the device has been previously obtained from the host guardian service.