deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-12 04:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/book/includes/vbs-key-protection.md
Paolo Matarazzo a79c929fae split content
2025-02-26 08:20:36 -05:00

1.0 KiB
Raw Blame History

author, ms.author, ms.date, ms.topic
author ms.author ms.date ms.topic
paolomatarazzo paoloma 12/11/2024 include

:::image type="icon" source="../images/new-button-title.svg" border="false"::: VBS key protection

VBS key protection enables developers to secure cryptographic keys using Virtualization-based security (VBS). VBS uses the virtualization extension capability of the CPU to create an isolated runtime outside of the normal OS. When in use, VBS keys are isolated in a secure process, allowing key operations to occur without ever exposing the private key material outside of this space. At rest, private key material is encrypted by a TPM key, which binds VBS keys to the device. Keys protected in this way can't be dumped from process memory or exported in plain text from a user's machine, preventing exfiltration attacks by any admin-level attacker.

[!INCLUDE learn-more]