The servers I have in my lab are Dell PowerEdge R630’s. Yes, we use TXT when using TPM 1.2 but it is not yet implemented in TPM 2.0 on ESXi (and yes, I ran in to this specifically!).If available, it must also be set to use the IS/FIFO (First-In, First-Out) interface and not CRB (Command Response Buffer).To use a TPM 2.0 chip, your vCenter Server environment must meet these requirements:ĮSXi 6.7 host with TPM 2.0 chip installed and correctly configured in the UEFI biosĬorrectly configuring the TPM 2.0 devices in the BIOS involves ensuring a number of settings are correct. First rule of good troubleshooting, limit the number of changes! PrerequisitesĪs called out in the documentation, there are a few prerequisites you need to meet before starting this process. ![]() ![]() ![]() If you cannot successfully boot with Secure Boot FIRST then don’t don’t bother trying to configure the host for TPM 2.0. TPM 2.0’s function on an ESXi host to attest that Secure Boot has done its job. Please see my other blog on “ Prepping an ESXi 6.7 host for Secure Boot“. Now, I have only a limited number of hardware systems in my lab from which to do this, but the steps should be familiar, regardless of the server model. In this blog article I’m going to go over some of steps necessary to configure the ESXi host to use TPM 2.0 chip. ![]() In a previous blog post I went over the details on how ESXi uses a TPM 2.0 chip to provide assurance that Secure Boot did its job and how that “attestation” rolls up to vCenter to be reported on.
0 Comments
Leave a Reply. |