Fuck, sadly I just talked to safenet at their booth at aws and they don't do this, so you are totally vulnerable to giving keys to a fake hsm, essentially making cloud hsm useless. Unless their booth dudes were misinformed.