Method and system for migratable composed per-lcs secure enclaves

What is claimed is: 1 . A method for managing a logically composed system (LCS), comprising: sending a request to a microvisor kernel of a microvisor to provision an LCS on a first information handling system (IHS), wherein the request comprises at least a configuration template (CT), wherein the microvisor executes on the first IHS to manage at least a portion of the LCS; sending a second request to the microvisor kernel to verify that an enclave with a virtual trusted platform module (vTPM) is ready to communicate with the LCS; initiating, upon successfully verifying, provisioning of the LCS based on the CT, wherein the provisioning of the LCS comprises at least an initiation of a guest basic input/output system (BIOS) of the LCS; receiving a notification, from the microvisor kernel, specifying that the LCS has been provisioned; after the notification has been received: receiving a public key from the enclave with the vTPM, wherein the public key is generated by the enclave with the vTPM using a data chunk from an LCS kernel of the LCS; upon receiving the public key, encrypting the public key using a wrap key associated with the LCS to generate a wrapped public key; storing the wrapped public key in a storage device; and initiating a display notification of an administrator about the storing using a graphical user interface (GUI). 2 . The method of claim 1 , further comprising: after storing the wrapped public key in the storage device: making a determination that the LCS has been terminated by a user of the first IHS; and removing, based on the determination, the enclave with the vTPM from the first IHS. 3 . The method of claim 1 , further comprising: prior to sending the CT to the microvisor kernel: generating the enclave with the vTPM; deploying the enclave with the vTPM to the first IHS, wherein the enclave with the vTPM is ephemeral on the first IHS; and sending a third request to a processor of the first IHS to initiate the microvisor, wherein, upon receiving the third request, the processor initiates the microvisor via a BIOS microvisor loader. 4 . The method of claim 3 , further comprising: prior to generating the enclave with the vTPM: receiving a vendor key that is assigned to the first IHS from the processor to initiate a bi-directional trust establishment process; in response to receiving the vendor key, sending a second vendor key to the processor to complete bi-directional trust establishment process; and notifying the administrator about the completed bi-directional trust establishment process. 5 . The method of claim 1 , wherein the CT specifies at least one hardware resource set, wherein the at least one hardware resource set comprises: a first hardware resource set of a second IHS; a second hardware resource set of a third IHS; and a third hardware resource set of an external resource, wherein the first IHS, the second IHS, and the third IHS are distinct devices operably connected to each other and the external resource over a network. 6 . The method of claim 5 , wherein the first hardware resource set specifies at least one selected from a group consisting of a minimum user count, a maximum user count, a central processing unit (CPU) count per-LCS, a speed select technology configuration, an LCS hardware virtualization configuration, and an LCS IO memory management unit configuration. 7 . The method of claim 5 , wherein the second hardware resource set specifies at least one selected from a group consisting of a minimum user count, a maximum user count, a swap space configuration per-LCS, a reserved memory configuration, and a memory ballooning configuration. 8 . The method of claim 5 , wherein the third hardware resource set specifies at least one selected from a group consisting of a minimum user count, a maximum user count, a graphics processing unit (GPU) count per-LCS, a type of a GPU scheduling policy, and a type of a GPU virtualization approach that needs to be implemented. 9 . The method of claim 5 , wherein the first hardware resource set comprises hardware resources that are distinct from second hardware resources of the second hardware resource set. 10 . The method of claim 1 , wherein the enclave with the vTPM is a proxy variant of a global enclave, wherein the global enclave is external to the first IHS. 11 . The method of claim 10 , wherein the global enclave is a runtime container. 12 . The method of claim 1 , wherein the enclave with the vTPM is external to the LCS, wherein the enclave with the vTPM performs at least data encryption and decryption operations for the LCS. 13 . The method of claim 1 , wherein the public key is stored as the wrapped public key to make the public key unavailable outside of the enclave with the vTPM and to prevent an unauthorized initiation of the guest BIOS of the LCS. 14 . A method for managing a logically composed system (LCS), comprising: sending a request to a microvisor kernel of a microvisor to provision an LCS on a first information handling system (IHS), wherein the request comprises at least a configuration template (CT); sending a second request to the microvisor kernel to verify that an enclave with a virtual trusted platform module (vTPM) is ready to communicate with the LCS; initiating, based successfully verifying, provisioning of the LCS based on the CT, wherein the provisioning of the LCS comprises at least an initiation of a guest basic input/output system (BIOS) of the LCS; receiving a notification, from the microvisor kernel, specifying that the LCS has been provisioned; after the notification has been received: receiving a public key from the enclave with the vTPM, wherein the public key is generated by the enclave with the vTPM using a data chunk from an LCS kernel of the LCS; upon receiving the public key, encrypting the public key using a wrap key associated with the LCS to generate a wrapped public key; storing the wrapped public key in a storage device; after storing the wrapped public key in the storage device: making a first determination that the LCS is not terminated by a user of the first IHS; making, based on the first determination, a second determination that the enclave with the vTPM is terminated; deploying, based on the second determination, a second enclave with a second vTPM to the first IHS; and initiating a display notification of an administrator about the deploying using a graphical user interface (GUI). 15 . The method of claim 14 , further comprising: prior to sending the CT to the microvisor kernel: generating the enclave with the vTPM; deploying the enclave with the vTPM to the first IHS, wherein the enclave with the vTPM is ephemeral on the first IHS; and sending a third request to a processor of the first IHS to initiate the microvisor, wherein, upon receiving the third request, the processor initiates the microvisor via a BIOS microvisor loader. 16 . The method of claim 15 , further comprising: prior to generating the enclave with the vTPM: receiving a vendor key that is assigned to the first IHS from the processor to initiate a bi-directional trust establishment process; in response to receiving the vendor key, sending a second vendor key to the processor to complete bi-directional trust establishment process; and notifying, via the GUI, the administrator about the completed bi-directional trust establishment process. 17 . The method of claim 14 , wherein the CT specifies at least one hardware resource set, wherein the at least one hardware resour