I need a clear answer on accessing TPM functionality with a VM. From the "About TBS" page (http://msdn.microsoft.com/en-us/library/windows/desktop/aa446792%28v=vs.85%29.aspx), first paragraph: "(...) It simultaneously shares the TPM resources among multiple applications on the same physical machine, even if those applications run on different virtual machines." (emphasis mine) My interpretation of that sentence is that TBS allows applications running on the host OS and guest OS to access features of the TPM. Everything else I have read on the internet at large and on TechNet says unambiguously that the TPM is unavailable within VMs. Conversely, if there is documentation somewhere on how to use TBS within a VM, a link would be very helpful. Thanks. J.

My guess is that TPM is unavailable for VM due to the Hyper-V layer. You have larger chance to get response from Hyper-V forum here http://social.technet.microsoft.com/Forums/hr/winserverhyperv/threads Regards Milos

Thanks. I have done quite a bit of reading over on the Hyper-V forums, and I know that the TPM is not virtualized in Hyper-V (nor VMWare, for that matter). The TPM is usually mentioned when people ask about using BitLocker within a VM. The response is always "Don't do it. Put your VM image in a BitLocker-encrypted volume on the Host." This is where I am getting confused. From what I've read, BitLocker does not access the TPM directly, it uses TBS. If TBS services are available from within a VM (as my highlighted quotation seems to state) then there shouldn't be any reason why you couldn't use BitLocker in a VM. The only conclusion I can come to from all of this is that the statement made on the "About TBS" page is that it is false. What I was hoping for in posting here was some sort of official statement about accessing TBS within a VM. I'll still try posting over on Hyper-V as well and see if I can get a definitive answer. J.

Hi, Based on my understanding, each virtual machine has its own BIOS and it is different from the one in your physical machine. Although TPM resources can be shared to virtual machines, virtual machines does not use or support TPM by default. If you want to add TPM in virtual machines, Im afraid that you may need to modify the source codes of virtual machines or contact the virtual machine developers for help. In addition, if you want to use BitLocker in virtual machines, please refer to: Bitlocker in a Windows 7 Guest running on a Hyper-V R2 environment (or any environment without a TPM) Using BitLocker under Virtual PC / Virtual Server For more information, please refer to BitLocker Drive Encryption in Windows 7: Frequently Asked Questions. Hope this helps. Jeremy Wu TechNet Community Support

Thanks Jeremy. This helps, but I'm afraid the discussion has gone off on a tangent. I am not interested in running BitLocker in a VM. I mentioned it only because from what I have read, BitLocker uses TBS to interface with the TPM, which makes it useful for illustrating the inconsistency between the TBS documentation and its use. If you check back to my original post, I cite the "About TBS" page, which states that TBS can make TPM services available to applications in a VM. If this was true BitLocker could be configured exactly the same whether it was running on the physical machine or in the VM. In practice, everyone says it can't be done. The only conclusion I can draw is that the statement made on the "About TBS" page is false or that I have somehow managed to completely misunderstand that one sentence. If I appear to be fixated on that one sentence, it's because I am. I have a project whose viability depends on that once sentence being true. If it is not true, then the whole project goes back to the drawing board. I've even used the "send comments" link at the bottom of the "About TBS" page to ask about this, and other than an automated response, I've heard nothing. J.

This may not be an anwser to your question but still intresting info http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/01/23/using-bitlocker-under-virtual-pc-virtual-server.aspx It looks like it is only possible if you use virtual floppy disk