For Intel NUC 10 (Frost Canyon) owners who have installed ESXi may have noticed that even after disabling Intel's Trusted Platform Module (TPM), the following warning message "TPM 2.0 device detected but a connection cannot be established." is still being displayed in the vSphere UI as shown in the screenshot below.
Thanks to Reddit member mscaff and casperette who recently discovered and confirmed that the latest BIOS (FN0044) resolves an issue where disabling TPM in the BIOS was not actually working which would explain the behavior observed above. The really interesting thing is that I had initially ran into this problem several months back and after speaking with some internal VMware folks, I was able to get rid of this message without this update. This involved installing Windows 10 and clear the TPM keys which may have still been cache but since then, it has not been reproducible by other folks. In any case, it is always recommended to check and update to latest BIOS to ensure you have all the latest bug fixes.
Lastly, Intel states support for TPM 2.0 for these NUCs, so why is ESXi complaining? Well, it has to do with the interface type and not with SHA1 vs SHA256 which are both supported on the NUC 10. The NUC only supports CRB but proper compliant TPM 2.0 chip must support FIFO which is not configurable the last time I had checked. For more detail requirements and configuration of TPM 2.0 on ESXi, please refer to this blog post.
Bill says
Is there no way to disable/supress the message?
Steve says
Same question
Leon Straathof says
The statement that CRB is not in the final spec for TPM is not valid. The final official document of the spec shows clearly on page 9 in the flowchart that a driver for TPM must contain both methods. And that FIFO is the preferred way and must be tried first. If not available CRB must be tried. And only after both fail the invalid TPM message should appear. https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_Design_Principles_TPM2p0_Driver_rp27_190809_final.pdf