Add-HgsAttestationDumpPolicy

Module:

HgsAttestation Module

Adds an authorized dump encryption key to HGS.

Syntax

Console (Default)

Add-HgsAttestationDumpPolicy
    [-PublicKeyHash] <String>
    -Name <String>
    [-PolicyVersion <PolicyVersion>]
    [-Stage]
    [-WhatIf]
    [-Confirm]

File

Add-HgsAttestationDumpPolicy
    [-Path] <String>
    [-Name <String>]
    [-PolicyVersion <PolicyVersion>]
    [-Stage]
    [-WhatIf]
    [-Confirm]

Description

The Add-HgsAttestationDumpPolicy cmdlet authorizes the specified key to be used to encrypt memory dumps on a Hyper-V host. Only hosts that encrypt dumps using an authorized key and hosts that do not allow any memory dumps will be able to successfully attest.

Examples

Example 1

PS C:\> Add-HgsAttestationDumpPolicy -PublicKeyHash 'e91c254ad58860a02c788dfb5c1a65d6a8846ab1dc649631c7db16fef4af2dec' -Name 'Contoso Dump Encryption'

Adds the dump encryption key with the specified SHA256 public key hash to HGS.

Example 2

PS C:\> Add-HgsAttestationDumpPolicy -Path 'C:\temp\TpmBaselineWithDumpEncryption.tcglog' -Name 'Contoso Dump Encryption'

Adds the dump encryption key to HGS using a TCG log (TPM baseline) obtained after a host was configured to use dump encryption.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Name

Friendly name for the dump policy.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Console

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Path

Specifies the path of a TPM baseline file (TCG log) that contains the public key hash of a dump encryption certificate. The TPM baseline specified should be obtained after configuring a Hyper-V host to use dump encryption.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	FilePath, PSPath

Parameter sets

File

Position:	0
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	True
Value from remaining arguments:	False

-PolicyVersion

Reserved for future use.

Parameter properties

Type:	PolicyVersion
Default value:	None
Accepted values:	None, PolicyVersion1503, PolicyVersion1704
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PublicKeyHash

SHA256 hash of the public key of the certificate used for dump encryption.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Console

Position:	0
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Stage

Reserved for future use.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Inputs

String

Outputs

Object