Secure boot of virtualized computing instances

What is claimed is: 1. A method for a client device, comprising: encrypting, at the client device, an operating system image under a data encryption key (DEK) to generate a wrapped operating system image; encrypting the DEK under a key encryption key (KEK) to generate a wrapped DEK; transmitting the KEK to a key management server to encrypt the KEK under an account root key of the key management server to generate a wrapped KEK; and after receiving the wrapped KEK from the key management service, transmitting the wrapped DEK, the wrapped KEK, and the wrapped operating system image from the client device to a virtual data center, wherein the virtual data center subsequently: sends a decryption request to the key management server, the decryption request including the wrapped KEK; receives a response from the key management server that includes the KEK; unwraps the wrapped DEK using the KEK to obtain the DEK; and boots up a guest operating system using the DEK. 2. The method of claim 1 , wherein the virtual data center further generates an encrypted machine image by merging the wrapped operating system image with an intermediary guest manager machine image to boot up the guest operating system. 3. The method of claim 2 , wherein the virtual data center generates the encrypted machine image based on: booting up a temporary instance from the intermediary guest manager machine image; mounting the wrapped operating system image as a guest drive of an intermediary guest manager; and storing a snapshot of the temporary instance as the encrypted machine image. 4. The method of claim 1 , wherein an intermediary guest manager running in the virtual data center performs steps of sending the decryption request, receiving the response, unwrapping the wrapped DEK and booting up the guest operating system. 5. The method of claim 4 , wherein the intermediary guest manager does not store the KEK or the DEK in persistent storage of the virtual data center. 6. The method of claim 4 , further comprising: generating, by the intermediary guest manager, a different DEK for new root volume data produced during execution of the instance; generating, by the intermediary guest manager, a different KEK; and wrapping, by the intermediary guest manager, the DEK and the different DEK using the different KEK. 7. The method of claim 1 , wherein the virtual data center further: launches an instance with one or more data volumes; generates a data volume DEK and a data volume KEK; wraps the data volume DEK with the data volume KEK to produce a wrapped data volume DEK; sends an encryption request to the key management server to wrap the data volume KEK with an account root key; receives a wrapped data volume KEK that has been wrapped with the account root key from key management server; and writes the wrapped data volume DEK and the wrapped data volume KEK to the data volume. 8. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors of a client device, cause: encrypting, at the client device, an operating system image under a data encryption key (DEK) to generate a wrapped operating system image; encrypting the DEK under a key encryption key (KEK) to generate a wrapped DEK; transmitting the KEK to a key management service to encrypt the KEK under an account root key of the key management server to generate a wrapped KEK; and after receiving the wrapped KEK from the key management service, transmitting the wrapped DEK, the wrapped KEK, and the wrapped operating system image from the client device to a virtual data center, wherein the virtual data center subsequently: sends a decryption request to the key management server, the decryption request including the wrapped KEK; receives a response from the key management server that includes the KEK; unwraps the wrapped DEK using the KEK to obtain the DEK; and boots up a guest operating system using the DEK. 9. The non-transitory computer-readable storage medium of claim 8 , wherein the virtual data center further generates an encrypted machine image by merging the wrapped operating system image with an intermediary guest manager machine image to boot up the guest operating system. 10. The non-transitory computer-readable storage medium of claim 9 , wherein transmitting the KEK is based on: establishing a secure connection to the key management service. 11. The non-transitory computer-readable storage medium of claim 9 , wherein an intermediary guest manager running in the virtual data center performs steps of sending the decryption request, receiving the response, unwrapping the wrapped DEK and booting up the guest operating system. 12. The non-transitory computer-readable storage medium of claim 11 , storing instructions which, when executed by one or more processors, cause: generating, by the intermediary guest manager, a different DEK for new root volume data produced during execution of the instance; generating, by the intermediary guest manager, a different KEK; and wrapping, by the intermediary guest manager, the DEK and the different DEK using the different KEK. 13. The non-transitory computer-readable storage medium of claim 9 , wherein the virtual data center generates the encrypted machine image based on: booting up a temporary instance from the intermediary guest manager machine image; mounting the wrapped system image as a guest drive of an intermediary guest manager; and storing a snapshot of the temporary instance as the encrypted machine image. 14. The non-transitory computer-readable storage medium of claim 8 , wherein the virtual data center further: launches an instance with one or more data volumes; generates a data volume DEK and a data volume KEK; wraps the data volume DEK with the data volume KEK to produce a wrapped data volume DEK; sends an encryption request to the key management service to wrap the data volume KEK with the account root key; receives a wrapped data volume KEK that has been wrapped with the account root key from key management service; and writes the wrapped data volume DEK and the wrapped data volume KEK to the data volume. 15. A computer system, comprising: an on-premises device having one or more processors and storage media storing first instructions for execution by the one or more processors of the on-premises device; a virtual data center having one or more processors and storage media storing second instructions for execution by the virtual data center; wherein the on-premises device is communicatively coupled to the virtual data center by a data network; wherein the first instructions are configured for: encrypting an operating system image under a data encryption key (DEK) to generate a wrapped operating system image; encrypting the DEK under a key encryption key (KEK) to generate a wrapped DEK; transmitting the KEK to a key management service to encrypt the KEK under an account root key of the key management server to generate a wrapped KEK; receiving the wrapped KEK from the key management service; and transmitting, through the data network, the wrapped DEK, the wrapped KEK, and the wrapped operating system to the virtual data center, wherein the virtual data center subsequently uses the wrapped DEK and the wrapped KEK to decrypt the wrapped operating system image; wherein the second instructions are configured for: sending a decryption request to the key management server, the decryption request including the wrapped KEK; receiving a response from the key management server that includes the KEK; unw