Secure creation of encrypted virtual machines from encrypted templates

What is claimed is: 1. In a computing environment, a method of booting a machine in a secure fashion in a potentially unsecure environment, the method comprising: a target machine beginning a boot process based on a template; the target machine determining that it needs provisioning data to continue booting; the target machine contacting a secure infrastructure to obtain the provisioning data; the target machine providing an identity claim that can be verified by the secure infrastructure; as a result of the secure infrastructure verifying the identity claim, the target machine receiving a request from the secure infrastructure to establish a key sealed to the target machine; the target machine providing the established key to the secure infrastructure; the target machine receiving the provisioning data from the secure infrastructure, wherein the provisioning data is encrypted to the established key; and the target machine decrypting the encrypted provisioning data, and using the provisioning data to verify that the template is acceptable for use in booting the target machine, and then using the provisioning data to finish booting the target machine. 2. The method of claim 1 , wherein using the provisioning data to finish booting comprises using the provisioning data to connect to network storage to perform a network boot. 3. The method of claim 1 , wherein using the provisioning data to finish booting comprises using the provisioning data to join a cluster of machines. 4. The method of claim 1 , wherein using the provisioning data to finish booting comprises using the provisioning data to create a virtual machine (VM) on a host where the provisioning data comprises data for the VM. 5. The method of claim 1 , further comprising re-encrypting the template to the target machine as part of verifying the template to prevent tampering with the template after portions of the template have been verified. 6. The method of claim 1 , further comprising injecting secret data into the target machine after verifying that the template is acceptable for use in booting the target machine. 7. The method of claim 1 , further comprising: receiving non-secret data to be injected into the target machine; determining that the non-secret data is data in a category of non-secret data that is allowed to be injected into the target machine; and as a result, injecting the non-secret data into the target machine. 8. In a computing environment, one or more computer readable physical storage media comprising computer executable instructions stored thereon that when executed by one or more processors cause the following to be performed: a target machine beginning a boot process wherein the target machine begins the boot process based on a template; the target machine determining that it needs provisioning data to continue booting; the target machine contacting a secure infrastructure to obtain the provisioning data; the target machine providing an identity claim that can be verified by the secure infrastructure; as a result of the secure infrastructure verifying the identity claim, the target machine receiving a request from the secure infrastructure to establish a key sealed to the target machine; the target machine providing the established key to the secure infrastructure; the target machine receiving the provisioning data from the secure infrastructure, wherein the provisioning data is encrypted to the established key; the target machine decrypting the encrypted provisioning data; the target machine using the provisioning data to verify that the template is acceptable for use in booting the target machine; and the target machine using the provisioning data to finish booting. 9. The one or more computer readable storage media of claim 8 , further comprising computer executable instructions stored thereon that when executed by one or more processors cause the re-encrypting the template to the target machine as part of verifying the template to prevent tampering with the template after portions of the template have been verified. 10. The one or more computer readable storage media of claim 8 , further comprising computer executable instruction stored thereon that when executed by one or more processors cause the following to be performed: receiving non-secret data to be injected into the target machine; determining that the non-secret data is data in a category of non-secret data that is allowed to be injected into the target machine; and as a result, injecting the non-secret data into the target machine. 11. A computing system comprising one or more processors executing computer executable instructions which, when executed, configure the computing system with an architecture that boots a target machine in a secure fashion in a potentially unsecure environment, and wherein the architecture performs the following: begins a boot process for a target machine based on a template; makes a determination that provisioning data is needed to continue booting; contacts a secure infrastructure to obtain the provisioning data; provides an identity claim that can be verified by the secure infrastructure; as a result of the secure infrastructure verifying the identity claim, receives a request from the secure infrastructure to establish a key sealed to the target machine; provides the established key to the secure infrastructure; receives the provisioning data from the secure infrastructure, wherein the provisioning data is encrypted to the established key; and decrypts the encrypted provisioning data, and uses the provisioning data to verify that the template is acceptable for use in booting the target machine, and then uses the provisioning data to finish booting the target machine. 12. The system of claim 11 , wherein using the provisioning data to finish booting comprises using the provisioning data to connect to network storage to perform a network boot. 13. The system of claim 11 , wherein using the provisioning data to finish booting comprises using the provisioning data to join a cluster of machines. 14. The system of claim 11 , wherein using the provisioning data to finish booting comprises using the provisioning data to create a virtual machine (VM) on a host where the provisioning data comprises data for the VM. 15. The system of claim 11 , wherein the architecture further performs the following: re-encrypts the template to the target machine as part of verifying the template to prevent tampering with the template after portions of the template have been verified. 16. The system of claim 11 , wherein the architecture further performs the following: injects secret data into the target machine after verifying that the template is acceptable for use in booting the target machine. 17. The system of claim 11 , wherein the architecture further performs the following: receives non-secret data to be injected into the target machine; determines that the non-secret data is data in a category of non-secret data that is allowed to be injected into the target machine; and as a result, injects the non-secret data into the target machine.