A short one, but one that took some digging and debugging and help from others. Saving here, so I remember, as do others.
I had a VMWare Workstation v12.x VM of SQL Server 2016 and was working with this tutorial on Always Encrypted with Secure Enclaves. In setting up the HGS server, I got to step 3 which has this code:
Initialize-HgsAttestation -HgsServiceName 'hgs' -TrustHostKey
When I ran this, I got an error:
That’s not good. In trying to find why this won’t run, eventually, I realized that my VMWare system needs the Microsoft Virtualization Based Security. This isn’t an option in my older VM, I believe because this is
a) v12 and not v14+
b) BIOS firmware
You can see my settings here:
Fortunately I had an upgrade for VMWare available and updated to v15, and then build a new VM as a v14+ hardware version. This gave me UEFI and once the VM was shut down, I could check the VBS box.
After doing this, I could move forward with my secure enclave config.