The vTPM can also be used to store “sealed” drive encryption keys, making it difficult if not impossible to gain access to the contents of a virtual machine’s drives unless the operating system boots in a “known-good” state. If the VM’s operating system, boot loader, or firmware image is compromised, the system won’t reboot—so an attacker won’t be able to decrypt the virtual disks. The same would be true if a snapshot of the VM is moved into a different context by an attacker.
I need to unpack this more but at first glance it sounds very promising for improving the reliability of cloud computing. This approach sounds very similar to Device Guard, Credential Guard and Secure Boot we deploy on modern workstations today.