Content based hardware security module assignment to virtual machines

What is claimed is: 1. A method of assigning at least one hardware security module of a plurality of hardware security modules to a guest system, the method comprising: configuring at least one hardware security module of a plurality of hardware security modules with a master key; establishing, by a guest system, that the at least one hardware security module of the plurality of hardware security modules is configured with the master key, the establishing using, by the guest system, a data pattern for a challenge protocol to prove that the at least one hardware security module of the plurality of hardware security modules is configured with the master key, the challenge comprising: obtaining, by the guest system, an unencrypted guest key, an encrypted guest key, an unencrypted data pattern, and an encrypted data pattern, the encrypted guest key comprising the unencrypted guest key of the guest system encrypted using the master key, and the encrypted data pattern having been encrypted by the guest system using the unencrypted guest key; sending by the guest system, the encrypted guest key to the at least one hardware security module along with a guest data pattern, the guest data pattern being either the encrypted data pattern or the unencrypted data pattern; decrypting the encrypted guest key by the at least one hardware security module using the master key, and obtaining for return to the guest system a host data pattern, the host data pattern being the other of the encrypted data pattern or the unencrypted data pattern, the obtaining including using the unencrypted guest key by the at least one hardware security module on the guest data pattern; sending, by the at least one hardware security module, the host data pattern to the guest system; comparing, by the guest system, the host data pattern with at least one of the unencrypted data pattern or the encrypted data pattern to determine whether the challenge protocol has a positive outcome; and based on the establishing obtaining the positive outcome of the challenge protocol, assigning the at least one hardware security module of the plurality of hardware security modules configured with the master key to the guest system on a positive outcome of said challenge protocol. 2. The method of claim 1 , wherein the guest data pattern comprises the encrypted data pattern. 3. The method of claim 2 , wherein the decrypting comprises decrypting the encrypted data pattern by the at least one hardware security module using the decrypted guest key resulting in the unencrypted data pattern. 4. The method of claim 3 , wherein the challenge protocol comprises generating the positive outcome based on the guest system determining that the host data pattern by the at least one hardware security module comprises the unencrypted data pattern and is identical to the unencrypted data pattern before being encrypted. 5. The method of claim 1 , wherein the host data pattern comprises the encrypted data pattern, generated by the at least one hardware security module using the decrypted guest key. 6. The method of claim 5 , wherein the challenge protocol comprises generating the positive outcome based on the guest system determining that the encrypted data pattern generated by the at least one hardware security module is identical to the encrypted data pattern obtained by the guest system. 7. The method of claim 1 , wherein the configuring the at least one hardware security module, the establishing, and the assigning the at least one hardware security module out of the plurality of hardware security modules to the guest system are performed by trusted firmware. 8. The method of claim 1 , wherein the unencrypted data pattern is a random data pattern.