Apr 15, 20212 min

Worried about Bootkit & Rootkit in your virtual environments?

Microsoft Azure has a solution for you, let's learn about it.

Azure has a solution for the same, threats like Bootkit and Rootkits are sophisticated malware types that run with the same kernel-mode privileges as the operating system they infect. Using these privileges, they can go invisible from the diagnostic process and antimalware, making them extremely difficult to detect and almost impossible to remove.

If you wish to prevent those, choose Azure Trusted Launch for your virtual machines on Azure.

Trusted Launch allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy that leverages the Trusted Launch Virtual Trusted Platform Module (vTPM) to measure and attest to whether the boot was compromised.

The vTPM measurements give administrators visibility into the integrity of the entire boot process, and vTPM release policies ensure that keys, certificates, and secrets aren't accessible to compromised virtual machines.

NOTE: ONLY GEN 2 machines will be supporting Trusted Launch.

Public preview limitations

Size support: All Generation 2 VM sizes, except:

  • Lsv2-series

  • M-series

  • Mv2-series

  • NDv4 series

  • NVv4-series

OS support:

  • Red Hat Enterprise Linux 8.3

  • SUSE 15 SP2

  • Ubuntu 20.04 LTS

  • Ubuntu 18.04 LTS

  • Windows Server 2019

  • Windows Server 2016

  • Windows 10 Pro

  • Windows 10 Enterprise

  • Windows 10 Enterprise multi-session

Regions:

  • South Central US

  • North Europe

Pricing: No additional cost to existing VM pricing.

The following features are not supported in this preview:

  • Backup

  • Azure Site Recovery

  • Shared Image Gallery

  • Ephemeral OS disk

  • Shared disk

  • Managed image

  • Azure Dedicated Host

Do and Learn:

Sign in to the Azure portal. There is a different link available for preview.
 

  • Search for Virtual Machines.

  • Under Services, select Virtual machines.

  • On the Virtual machines page, select Add, and then select Virtual machine.

  • Under Project details, make sure the correct subscription is selected.

  • Under Resource Group, select Create new and type a name for your resource group or select an existing resource group from the dropdown.

  • Under Instance details, type a name for the virtual machine name and choose a region that supports trusted launch.

  • Under Image, select a Gen 2 image that supports trusted launch.

  • Switch over to the Advanced tab by selecting it at the top of the page.

  • Scroll down to the VM generation section. Make sure Gen 2 is selected.

  • While still on the Advanced tab, scroll down to Trusted launch, and then select the Trusted launch checkbox. This will make two more options appear - Secure boot and vTPM. Select the appropriate options for your deployment.

  • Go back to the Basics tab, under Image, and make sure you see the following message: This image supports trusted launch preview. Configure in the Advanced tab. The gen 2 images should now be selected.

  • On the Create a virtual machine page, you can see the details about the VM you are about to deploy. When you are ready, select Create.

"Connect to the VM using remote desktop and then run msinfo32.exe"

Check Secure Boot State as showcased below:

Please share your views and suggestions, thank you Techsmith for offering Snagit.

You can use Snagit to snap and edit images.