Add-HgsAttestationDumpPolicy
Adds an authorized dump encryption key to HGS.
Syntax
Add-HgsAttestationDumpPolicy
[-PublicKeyHash] <String>
-Name <String>
[-PolicyVersion <PolicyVersion>]
[-Stage]
[-WhatIf]
[-Confirm] Add-HgsAttestationDumpPolicy
[-Path] <String>
[-Name <String>]
[-PolicyVersion <PolicyVersion>]
[-Stage]
[-WhatIf]
[-Confirm] Description
The Add-HgsAttestationDumpPolicy cmdlet authorizes the specified key to be used to encrypt memory dumps on a Hyper-V host. Only hosts that encrypt dumps using an authorized key and hosts that do not allow any memory dumps will be able to successfully attest.
Examples
Example 1
PS C:\> Add-HgsAttestationDumpPolicy -PublicKeyHash 'e91c254ad58860a02c788dfb5c1a65d6a8846ab1dc649631c7db16fef4af2dec' -Name 'Contoso Dump Encryption'Adds the dump encryption key with the specified SHA256 public key hash to HGS.
Example 2
PS C:\> Add-HgsAttestationDumpPolicy -Path 'C:\temp\TpmBaselineWithDumpEncryption.tcglog' -Name 'Contoso Dump Encryption'Adds the dump encryption key to HGS using a TCG log (TPM baseline) obtained after a host was configured to use dump encryption.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Friendly name for the dump policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Path
Specifies the path of a TPM baseline file (TCG log) that contains the public key hash of a dump encryption certificate. The TPM baseline specified should be obtained after configuring a Hyper-V host to use dump encryption.
| Type: | String |
| Aliases: | FilePath, PSPath |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PolicyVersion
Reserved for future use.
| Type: | PolicyVersion |
| Accepted values: | None, PolicyVersion1503, PolicyVersion1704 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PublicKeyHash
SHA256 hash of the public key of the certificate used for dump encryption.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Stage
Reserved for future use.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |