Unable to boot the VM deployed via vCloud Director using an OVF with Secure Boot and TPM enabled
search cancel

Unable to boot the VM deployed via vCloud Director using an OVF with Secure Boot and TPM enabled

book

Article ID: 404836

calendar_today

Updated On:

Products

VMware vCenter Server VMware Cloud Director VMware vSphere ESXi

Issue/Introduction

 Unable to boot the VM deployed via vCloud Director using an OVF with Secure Boot and TPM enabled: 

  • Deployment uses "vim.OvfManager.createImportSpec" to process the OVF XML.
  • The vTPM placeholder is recognized, and a vTPM add operation is included in the import spec. However, the native VPXD import workflow lacks specific logic for vTPM.
  • When the vTPM device is present in the initial VM configuration, the VM home directory is encrypted, which interferes with uploading the nvram file. Consequently, the nvram from the template is not uploaded.

Environment

vCloud Director
ESXi
vCenter Server

Cause

When vCD passes the request to vCenter server to import a VM with vTPM and nvram files, the folder is encrypted in vCenter server.

A new nvram file then gets created and the old one is removed.

vCD relies on vCenter server APIs to include any config or files for importing a VM into vCenter server.

Hence, VM deployment via vCloud Director using an OVF with Secure Boot and TPM enabled is not supported.

Resolution

Broadcom Engineering team will consider this as a feature request and will look for the possibility to implement in future releases of vCloud Director.

Workaround:

It is recommended to use OVFTool to successfully deploy such OVF's.

The OVFTool workflow removes the vTPM device from the import spec, creates the VM without a vTPM, uploads the nvram files, and then reconfigures the VM to add the vTPM device, which encrypts the VM. 

Powered by Wolken Software