It was mentioned in this topic:
But it’s not an absolute solution. It’ll require to disable passwordless root for your AppVM template. And if attacker has a way to elevate privileges to root inside AppVM then he’ll still know your hardware info including its serial numbers.