Secure Creation of Encrypted Virtual Machines from Encrypted Templates

What is claimed is: 1 . In a computing environment, a method of booting a machine in a secure fashion in a potentially unsecure environment, the method comprising: a target machine beginning a boot process; the target machine determining that it needs provisioning data to continue booting; the target machine contacting a secure infrastructure to obtain the provisioning data; the target machine providing an identity claim that can be verified by the secure infrastructure; as a result of the secure infrastructure verifying the identity claim, the target machine receiving a request from the secure infrastructure to establish a key sealed to the target machine; the target machine providing the established key to the secure infrastructure; the target machine receiving the provisioning data from the secure infrastructure, wherein the provisioning data is encrypted to the established key; and the target machine decrypting the encrypted provisioning data, and using the provisioning data to finish booting. 2 . The method of claim 1 , wherein using the provisioning data to finish booting comprises using the provisioning data to connect to network storage to perform a network boot. 3 . The method of claim 1 , wherein using the provisioning data to finish booting comprises using the provisioning data to join a cluster of machines. 4 . The method of claim 1 , wherein using the provisioning data to finish booting comprises using the provisioning data to create a virtual machine (VM) on a host where the provisioning data comprises data for the VM. 5 . The method of claim 1 , wherein the target machine begins the boot process based on a template. 6 . The method of claim 5 , further comprising using the provisioning data to verify that the template is acceptable for use in booting the target machine. 7 . The method of claim 6 , farther comprising re-encrypting the template to the target machine as part of verifying the template to prevent tampering with the template after portions of the template have been verified. 8 . The method of claim 6 , further comprising injecting secret data into the target machine after verifying that the template is acceptable for use in booting the target machine. 9 . The method of claim 6 , further comprising: receiving non-secret data to be injected into the target machine; determining that the non-secret data is data in a category of non-secret data that is allowed to be injected into the target machine; and as a result, injecting the non-secret data into the target machine. 10 . In a computing environment, one or more computer readable storage media comprising computer executable instructions stored thereon that when executed by one or more processors cause the following to be performed: a target machine beginning a boot process wherein the target machine begins the boot process based on a template; the target machine determining that it needs provisioning data to continue booting; the target machine contacting a secure infrastructure to obtain the provisioning data; the target machine providing an identity claim that can be verified by the secure infrastructure; as a result of the secure infrastructure verifying the identity claim, the target machine receiving a request from the secure infrastructure to establish a key sealed to the target machine; the target machine providing the established key to the secure infrastructure; the target machine receiving the provisioning data from the secure infrastructure, wherein the provisioning data is encrypted to the established key; the target machine decrypting the encrypted provisioning data; the target machine using the provisioning data to verify that the template is acceptable for use in booting the target machine; and the target machine using the provisioning data to finish booting. 11 . The one or more computer readable storage media of claim 10 , further comprising computer executable instructions stored thereon that when executed by one or more processors cause the re-encrypting the template to the target machine as part of verifying the template to prevent tampering with the template after portions of the template have been verified. 12 . The one or more computer readable storage media of claim 10 , further comprising computer executable instruction stored thereon that when executed by one or more processors cause the following to be performed: receiving non-secret data to be injected into the target machine; determining that the non-secret data is data in a category of non-secret data that is allowed to be injected into the target machine; and as a result, injecting the non-secret data into the target machine. 13 . In a computing environment, a system configured to booting in a secure fashion in a potentially unsecure environment, the system comprising one or more processors; and one or more computer readable media, wherein the one or more computer readable media comprise computer executable instructions that when executed by at least one of the one or more processors cause the system to perform the following: the system beginning a boot process; the system determining that it needs provisioning data to continue hooting; the system contacting a secure infrastructure to obtain the provisioning data; the system providing an identity claim that can be verified by the secure infrastructure; as a result of the secure infrastructure verifying the identity claim, the system receiving a request from the secure infrastructure to establish a key sealed to the target machine; the system providing the established, key to the secure infrastructure; the system receiving the provisioning data from the secure infrastructure, wherein the provisioning data is encrypted to the established key; and the system decrypting the encrypted provisioning data, and using the provisioning data to finish booting. 14 . The system of claim 13 , wherein using the provisioning data to finish booting comprises using the provisioning data to connect to network storage to perform a network boot. 15 . The system of claim 13 , wherein using the provisioning data to finish booting comprises using the provisioning data to join a cluster of machines. 16 . The system of claim 13 , wherein using the provisioning data to finish booting comprises using the provisioning data to create a virtual machine (VM) on a host where the provisioning data comprises data for the VM. 17 . The system of claim 13 , wherein the system begins the boot process based on a template. 18 . The system of claim 17 , wherein the one or more computer readable media further comprise computer executable instructions that when executed by at least one of the one or more processors cause the system to use the provisioning data to verify that the template is acceptable for use in booting the target machine. 19 . The system of claim 17 , wherein the one or more computer readable media further comprise computer executable instructions that when executed by at least one of the one or more processors cause the system to re-encrypt the template to the target machine as part of verifying the template to prevent tampering with the template after portions of the template have been verified. 20 . The system of claim 17 , wherein the one or more computer readable media further comprise computer executable instructions that when executed by at least one of the one or more processors cause the system to inject secret data into the target machine after veri