She had me look at the logs and sure enough, we found something grep tpm vmkernel.log I have to give her credit for maintaining her patience with me. I was getting an alarm that things weren’t configured correctly. I cleared the “TPM Hierarchy” (the contents of the TPM) but that didn’t do it. I went in to the BIOS and started playing around with settings. Note: I do not have 117 ESXi hosts at my disposal. What resulted next was an error on the summary page of the ESXi host. When I started, I got the TPM 2.0 devices installed and I then installed 6.7 (after updating my VCSA first of course!). Oh, sure, 99% of you actually read the docs before jumping on to Twitter to ask a question, right? RIGHT? Well, I’m there for that 1% who don’t! Also, I’m trying to replicate what customers may encounter. Why do I do this? Well, for one, I believe I learn faster by breaking and fixing and besides, it’s a lot more fun for me. I like to break things and see if I can fix them. When I first started this process I did what most do. Your systems may look different but the options should be similar. Here are the settings in the System Security part of my servers BIOS. They originally came with TPM 1.2 devices but I had them upgraded to TPM 2.0 and they are running BIOS version 2.6.0. The servers I have in my lab are Dell PowerEdge R630’s.
![hp vmware esxi 6 hp vmware esxi 6](https://i.ytimg.com/vi/kChWlXWAhJg/maxresdefault.jpg)
![hp vmware esxi 6 hp vmware esxi 6](https://www.virtubytes.com/wp-content/uploads/2017/04/Update_Manager.gif)
First rule of good troubleshooting, limit the number of changes! PrerequisitesĪs called out in the documentation, there are a few prerequisites you need to meet before starting this process. If you cannot successfully boot with Secure Boot FIRST then don’t don’t bother trying to configure the host for TPM 2.0. TPM 2.0’s function on an ESXi host to attest that Secure Boot has done its job. Please see my other blog on “ Prepping an ESXi 6.7 host for Secure Boot“. Now, I have only a limited number of hardware systems in my lab from which to do this, but the steps should be familiar, regardless of the server model. In this blog article I’m going to go over some of steps necessary to configure the ESXi host to use TPM 2.0 chip. In a previous blog post I went over the details on how ESXi uses a TPM 2.0 chip to provide assurance that Secure Boot did its job and how that “attestation” rolls up to vCenter to be reported on.