Add-HgsAttestationDumpPolicy

Adds an authorized dump encryption key to HGS.

Syntax

Add-HgsAttestationDumpPolicy
   [-PublicKeyHash] <String>
   -Name <String>
   [-PolicyVersion <PolicyVersion>]
   [-Stage]
   [-WhatIf]
   [-Confirm]
Add-HgsAttestationDumpPolicy
   [-Path] <String>
   [-Name <String>]
   [-PolicyVersion <PolicyVersion>]
   [-Stage]
   [-WhatIf]
   [-Confirm]

Description

The Add-HgsAttestationDumpPolicy cmdlet authorizes the specified key to be used to encrypt memory dumps on a Hyper-V host. Only hosts that encrypt dumps using an authorized key and hosts that do not allow any memory dumps will be able to successfully attest.

Examples

Example 1

PS C:\> Add-HgsAttestationDumpPolicy -PublicKeyHash 'e91c254ad58860a02c788dfb5c1a65d6a8846ab1dc649631c7db16fef4af2dec' -Name 'Contoso Dump Encryption'

Adds the dump encryption key with the specified SHA256 public key hash to HGS.

Example 2

PS C:\> Add-HgsAttestationDumpPolicy -Path 'C:\temp\TpmBaselineWithDumpEncryption.tcglog' -Name 'Contoso Dump Encryption'

Adds the dump encryption key to HGS using a TCG log (TPM baseline) obtained after a host was configured to use dump encryption.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Friendly name for the dump policy.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Path

Specifies the path of a TPM baseline file (TCG log) that contains the public key hash of a dump encryption certificate. The TPM baseline specified should be obtained after configuring a Hyper-V host to use dump encryption.

Type:String
Aliases:FilePath, PSPath
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PolicyVersion

Reserved for future use.

Type:PolicyVersion
Accepted values:None, PolicyVersion1503, PolicyVersion1704
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublicKeyHash

SHA256 hash of the public key of the certificate used for dump encryption.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Stage

Reserved for future use.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

Object