Error: "Unable to provision Endorsement Key on TPM 2.0 device: Failed to parse RSA Endorsement Key certificate found in TPM 2.0 device's non-volatile memory."
search cancel

Error: "Unable to provision Endorsement Key on TPM 2.0 device: Failed to parse RSA Endorsement Key certificate found in TPM 2.0 device's non-volatile memory."

book

Article ID: 382318

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • ESXi Summary tab shows the following information:  
    Unable to provision Endorsement Key on TPM 2.0 device: Failed to parse RSA Endorsement Key certificate found in TPM 2.0 device's non-volatile memory.
  • In /var/log/hostd.log , you can see lines similar to:  
    <timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Hostsvc.TpmEventLogProvider] TpmEventLogProvider created
<timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: Unable to parse default RSA EK certificate
<timestamp> Er(163) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown
<timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: Vendor provided RSA endorsement key template is not present in NV memory. Using default template per TGC spec
<timestamp> Er(163) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown
<timestamp> In(166) Hostd[2099281]: [Originator@6876 sub=Libs] Tpm2Cmd: Unable to parse default RSA EK certificate
<timestamp> Er(163) Hostd[2099281]: [Originator@6876 sub=Hostsvc.Tpm20Provider] Unable to provision default rsa endorsement key.

 

 

Environment

VMware vSphere ESXi 8.0.x

Cause

  • This issue is caused by a corrupt Endorsement Key certificate in TPM.

Resolution

  1. This is not a vSphere issue, but a problem within the Trusted Platform Module. Please reach out to your hardware vendor to replace the faulty TPM component.
Powered by Wolken Software