Trusted Platform Module (TPM) attestation fails due to larger RSA key blobs.
search cancel

Trusted Platform Module (TPM) attestation fails due to larger RSA key blobs.

book

Article ID: 313226

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:
TPM attestation failure alarms in VCSA.

Environment

VMware vSphere 7.0.x

Cause

Some TPM firmware use larger than supported RSA key blobs. Due to this, some of the attestation APIs fail with error code TSS2_SYS_RC_INSUFFICIENT_BUFFER resulting in attestation alarms in VCSA.

To conform with these larger RSA key blobs, some changes were made in VMware vSphere 7.0U3i and VMware vSphere 8.0P01. Any vSphere versions (with a TPM chip) older than VMware vSphere 7.0U3i and VMware vSphere 8.0P01 using such firmware will fail attestation.

Resolution

To resolve the issue, please upgrade to VMware vSphere 7.0U3i or VMware vSphere 8.0P01.