Unlocking Security with TPM 2.0 in vSphere 6.7

The blog post discusses TPM 2.0 and secure boot in ESXi, providing technical details on the attestation process. It explains that TPM 2.0 provides assurance that Secure Boot did its job, and vCenter provides a handy report to show which hosts have failed their attestation. The post also mentions that there is no standalone option for attestation, as it requires a third-party comparison of TPM values with ESXi event logs and VIB metadata.

Here are some key points from the blog post:

1. TPM 2.0 provides assurance that Secure Boot did its job.

2. vCenter provides a handy report to show which hosts have failed their attestation.

3. There is no standalone option for attestation, as it requires a third-party comparison of TPM values with ESXi event logs and VIB metadata.

4. The current method of retrieving the attestation status is via the report in the HTML5 client in vCenter.

5. VMs will continue to run on hosts that have failed attestation, but there is a request for the ability to prevent this in the future.

6. The post encourages readers to provide feedback on the topic, and mentions that there will be an FAQ on vSphere Central for more information on TPM and virtual TPM coming soon.

VMware Troubleshooter!

Unlocking Security with TPM 2.0 in vSphere 6.7

A VMware Troubleshooting Internet Resource on everything VMware related