Unable to provision Endorsement Key on TPM 2.0 device: Failed to parse RSA Endorsement Key certificate found in TPM 2.0 device's non-volatile memory.
search cancel

Unable to provision Endorsement Key on TPM 2.0 device: Failed to parse RSA Endorsement Key certificate found in TPM 2.0 device's non-volatile memory.

book

Article ID: 382318

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • ESXi Summary tab shows the following information:

Unable to provision Endorsement Key on TPM 2.0 device: Failed to parse RSA Endorsement Key certificate found in TPM 2.0 device's non-volatile memory.

  • In /var/log/hostd.log , you can see lines similar to:

<timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Hostsvc.TpmEventLogProvider] TpmEventLogProvider created
<timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: Unable to parse default RSA EK certificate
<timestamp> Er(163) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown
<timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: Vendor provided RSA endorsement key template is not present in NV memory. Using default template per TGC spec
<timestamp> Er(163) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown
<timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: Unable to parse default RSA EK certificate
<timestamp> Er(163) Hostd[2099281]: [Originator@6876 sub=Hostsvc.Tpm20Provider] Unable to provision default rsa endorsement key.

Environment

vSphere ESXi 8.x

Cause

  • Endorsement Key certificate in TPM is corrupted
  • This is not a vSphere issue

Resolution

  • Contact your hardware vendor to replace TPM faulty component
Powered by Wolken Software