Showing posts from March, 2022

ESXi 7 and TPM 2.0 - Host TPM attestation alarm explanation

     With ESXi 7, new or 6.x upgraded systems, there are couple of changes introduced at host hardware security tampering level using Trusted Platform Module (TPM) chip. Occasionally, alarm, which is seen inside vCenter console, looks like on below picture (myself encountered this with Dell PowerEdge hardware):     Per this VMware LINK 1  TPM 2.0 chip provides, using configured UEFI secure boot, successful attestation, verified remotely by vCenter system, based on stored measurements of the software modules booted in the ESXi system. Specifically, from vSphere v7 new " vSphere Trust Authority Attestation Service is introduced, which signs a JSON Web Token (JWT) that it issues to the ESXi host, providing the  assertions about the identity, validity, and configuration of the ESXi host " - giving option to build something like completely Trusted infrastructure inside vSphere LINK 2 . But, before that could happen, couple of requirements are mentioned: vCenter/ESXi minimum versio