TPM 2.0 device detected but a connection cannot be established
search cancel

TPM 2.0 device detected but a connection cannot be established

book

Article ID: 397211

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

The ESXi host shows below error after configuring TPM in Bios: "TPM 2.0 device detected but a connection cannot be established"

Environment

VMware vSphere ESXi

Cause

TPM 2.0 setting's is not properly configured in BIOS

Resolution

Option1: Disable TPM from BIOS/UEFI

Pre-requisite

  • Verify TPM is visible from ESXi.
[root@esxi:~] esxcli hardware trustedboot get
   Drtm Enabled: false             
   Tpm Present: true     
  • Verify ESXi boot mode is NOT configured to TPM.
[root@esxi:~] esxcli system settings encryption get
   Mode: NONE                      
   Require Executables Only From Installed VIBs: false      
   Require Secure Boot: false             

Option2: Configure TPM 2.0 with TPM enabled.

Pre-requisite

  • Ensure ESXi host hardware supports TPM 2.0 and that the TPM chip is correctly installed.
  • Place the ESXi host in maintenance mode through vCenter Server UI or Host Client. 

Access the BIOS settings, enable UEFI Secure Boot, and then enable the TPM 2.0 feature.

  1. Restart the ESXi host and enter the BIOS/UEFI settings during startup (usually by pressing F2, F12, Delete, or another key depending on your system). 
  2. Enable UEFI Secure Boot if not already enabled:
    • Navigate to the "Boot" or "Security" options in the BIOS/UEFI menu. 
    • Enable UEFI Secure Boot. This is a prerequisite for TPM 2.0 functionality. 
  1. Enable TPM 2.0:
    • Locate the TPM settings within the BIOS/UEFI menu, often under "Security" or "System Security". 
    • Enable TPM 2.0 (or a similar option like "TPM Security" or "Enable TPM"). 
  1.  (Optional but recommended) Some systems may offer advanced TPM settings. You might need to:
    • Enable Intel TXT if using TPM 1.2 with Intel TXT (note that ESXi 6.7 and later generally ignore TXT settings for TPM 2.0, according to Broadcom's support portal).
    • Select the TPM algorithm (e.g., SHA256).
    • Ensure the TPM is set to use the IS/FIFO interface (if available, instead of CRB). 
  1. Save and Exit:
    • Save the changes in the BIOS/UEFI settings and exit. 
  1. Reboot and Verify in vSphere:
    • The ESXi host will reboot.
    • Log in to the vSphere client and navigate to the host settings to verify that TPM 2.0 is enabled. You may also see an "Attestation Message" under the "Monitor" tab > "Security" within vSphere, which should be "Passed". 
Powered by Wolken Software