WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple

Quick Tip - Adding a vTPM (Virtual Trusted Platform Module) to a Nested ESXi VM

05.13.2022 by William Lam // 1 Comment

I had an interesting question this morning asking whether it was possible to add a vTPM (Virtual Trusted Platform Module) to a Nested ESXi VM? The user was interested in testing a particular scenario with the new vSphere Trust Authority feature that was introduced in the vSphere 7.0. I personally had not done much with vTPM and I had assumed it should just work as long as you have a physical TPM chip in the underlying hardware and you have setup either a Standard or Native Key Provider within your vCenter Server.

The user observed that adding a vTPM to a Windows VM was possible using the vSphere UI but when attempting to perform the same operation on a Nested ESXi VM, the option to add vTPM device was not available. After spending ~30 minutes asking around for hardware that had a physical TPM, I remember that my Quartz Canyon NUC (NUC 9 Pro) is a Xeon based system and it has TPM 2.0 chip. I was able to take a closer look and quickly found the solution was very pretty straight forward!

[Read more...]

Share this...
  • Twitter
  • Facebook
  • Linkedin
  • Reddit
  • Pinterest

Categories // ESXi, Nested Virtualization, vSphere Tags // Nested ESXi, TPM, vTPM

Disabling TPM 2.0 connection cannot be established message in ESXi for Intel NUC 10

08.21.2020 by William Lam // 2 Comments

For Intel NUC 10 (Frost Canyon) owners who have installed ESXi may have noticed that even after disabling Intel's Trusted Platform Module (TPM), the following warning message "TPM 2.0 device detected but a connection cannot be established." is still being displayed in the vSphere UI as shown in the screenshot below. 


Thanks to Reddit member mscaff and casperette who recently discovered and confirmed that the latest BIOS (FN0044) resolves an issue where disabling TPM in the BIOS was not actually working which would explain the behavior observed above. The really interesting thing is that I had initially ran into this problem several months back and after speaking with some internal VMware folks, I was able to get rid of this message without this update. This involved installing Windows 10 and clear the TPM keys which may have still been cache but since then, it has not been reproducible by other folks. In any case, it is always recommended to check and update to latest BIOS to ensure you have all the latest bug fixes.

Lastly, Intel states support for TPM 2.0 for these NUCs, so why is ESXi complaining? Well, it has to do with the interface type and not with SHA1 vs SHA256 which are both supported on the NUC 10. The NUC only supports CRB but proper compliant TPM 2.0 chip must support FIFO which is not configurable the last time I had checked. For more detail requirements and configuration of TPM 2.0 on ESXi, please refer to this blog post.

Share this...
  • Twitter
  • Facebook
  • Linkedin
  • Reddit
  • Pinterest

Categories // ESXi, Home Lab Tags // Frost Canyon, Intel NUC, TPM

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Support

Recent

  • ESXi running in unexpected places ... 05/20/2022
  • Quick Tip - Adding a vTPM (Virtual Trusted Platform Module) to a Nested ESXi VM 05/13/2022
  • vSphere Event-Driven Automation using VMware Event Router on VMware Cloud on AWS with Knative or AWS EventBridge 05/10/2022
  • Integrating VMware Event Broker Appliance (VEBA) with Zapier 04/28/2022
  • Using Terraform to activate Tanzu Kubernetes Grid Service on VMware Cloud on AWS 04/27/2022

Advertisment

Copyright WilliamLam.com © 2022

 

Loading Comments...