[Feature] Support for Disk encryption on AKS EE CBL-Maniner VM

[erwinkersten]

Feature request:

On the physical edge device, we will utilize the Bitlocker encryption feature to achieve full disk encryption. This proactive approach mitigates the risks associated with data theft or exposure resulting from lost, stolen, or improperly decommissioned devices. In addition to this, we aim to bolster security by encrypting the disks of AKS EE VMs, ensuring that they remain inaccessible when copied or transferred to another machine.

While CBL-Maniner currently supports disk encryption with a startup password, this method is not seamless, as it necessitates user intervention: and not something what you want to enable on edge devices. Is it feasible option to implement transparent disk encryption by securely binding the disk encryption keys to the virtual machine's TPM, thereby ensuring that only the AKS EE VM has exclusive access to the protected disks?