Edit

Share via

New-ShieldingDataFile

Module:
ShieldedVMDataFile Module

Creates a shielding data file.

Syntax

ShieldedTemplateParameterSet 

New-ShieldingDataFile
    [-ShieldingDataFilePath] <String>
    [-Owner] <Guardian>
    [-VolumeIDQualifier] <VolumeIDQualifier[]>
    [-AnswerFile] <NamedFileContent>
    [[-OtherFile] <NamedFileContent[]>]
    [[-Guardian] <Guardian[]>]
    [-Policy <FabricPolicyValue>]
    [-WhatIf]
    [-Confirm]

ExistingVMParameterSet 

New-ShieldingDataFile
    [-ShieldingDataFilePath] <String>
    [-Owner] <Guardian>
    [[-OtherFile] <NamedFileContent[]>]
    [[-Guardian] <Guardian[]>]
    [-Policy <FabricPolicyValue>]
    [-WhatIf]
    [-Confirm]

Description

The New-ShieldingDataFile cmdlet creates a shielding data file for use in provisioning a shielded virtual machine. The shielding data file contains information about which fabrics the VM can run on, which template disks can be used, the security policy, and files such as the specialization answer file.

The specialization answer file and any additional files you add to the shielding data file will be encrypted until a shielded VM is provisioned.

Examples

Example 1

PS C:\> $owner = Get-HgsGuardian -Name Owner
PS C:\> $hoster = Get-HgsGuardian -Name MyHostingProvider
PS C:\> $viq = New-VolumeIDQualifier -VolumeSignatureCatalogFilePath 'C:\temp\trustedtemplate.vsc' -VersionRule Equals
PS C:\> New-ShieldingDataFile -ShieldingDataFilePath 'C:\temp\shieldingdata.pdk' -Owner $owner -Guardian $hoster -VolumeIDQualifier $viq -AnswerFile 'C:\temp\unattend.xml'

Creates a shielding data file using the "Owner" and "MyHostingProvider" guardians and a single volume ID qualifier representing the trusted template disk.

Parameters

-AnswerFile

Path to an XML file containing specialization information needed to automatically set up the OS in a shielded VM. For Windows VMs, this file is typically the unattend.xml file. The file varies for Linux distributions based on the specialization agent installed in the template disk.

Parameter properties

Type:NamedFileContent
Default value:None
Supports wildcards:False
DontShow:False
Aliases:WindowsUnattendFile

Parameter sets

ShieldedTemplateParameterSet
Position:3
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False
Aliases:cf

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Guardian

One or more HGS guardian objects representing fabrics trusted to run your virtual machine.

Parameter properties

Type:

Guardian[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:5
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-OtherFile

Additional files (limited to 384KB) that should be encrypted at rest and copied to a provisioned virtual machine.

Parameter properties

Type:

NamedFileContent[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:4
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-Owner

The guardian object containing the certificates of the VM owner. Only the VM owner can modify the shielding data file in the future.

Parameter properties

Type:Guardian
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:1
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-Policy

Specifies the security policy for the resulting VM. The EncryptionSupported policy allows all normal VM devices, while the shielded policy adds additional protections to the VM, prevents basic console access and requires live migration traffic to be encrypted.

Parameter properties

Type:FabricPolicyValue
Default value:None
Accepted values:Shielded, EncryptionSupported
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-ShieldingDataFilePath

Specifies the path where the newly created shielding data file should be saved.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:0
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-VolumeIDQualifier

One or more VolumeIDQualifier objects representing template disks trusted for shielded VM deployment.

Parameter properties

Type:

VolumeIDQualifier[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ShieldedTemplateParameterSet
Position:2
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False
Aliases:wi

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

Inputs

Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian

Microsoft.Windows.HardenedFabric.Cmdlets.Common.VolumeIDQualifier[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.FabricPolicyValue

Outputs

Object