Quote:
This way I can not quickly add a TPM to a VM and later remove it without going through a long process or en- and then de-cryptionof the virtual drives.
|
You should be able to remove it (and re-add it) without decrypting and reencrypting the VM.
The VM-encryption happens on the hypervisor level and is 100% invisible to the guest OS. So you can have Bitlocker full-disk active within an encrypted VM. The only danger is that you encrypt your guest OS with Bitlocker-on-TPM, then delete the virtual TPM -> now you have a very big problem...