"TPM 1.2 device detected. Support for TPM version 1.2 is discontinued. Installation may proceed, but may cause the system to behave unexpectedly." warning after running compliance check on vSphere Cluster
Article ID: 406191
Updated On:
Products
VMware vSphere ESXi
VMware vCenter Server 8.0
VMware vCenter Server
VMware vSphere ESXi 8.0
Issue/Introduction
Symptoms:
- When attempting to upgrade an ESXi host via vCenter, the compliance check task results in Status as Incompatible with below warning:
"TPM 1.2 device detected. Support for TPM version 1.2 is discontinued. Installation may proceed, but may cause the system to behave unexpectedly."
Steps: vSAN Cluster > Updates > Image > vSAN node > Run Pre-Check
- On vCenter Server, in
/var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log
####-##-##T##:###:##.###Z info vmware-vum-server[10875] [Originator@6876 sub=HostUpgradeScanner] [scannerImpl 1757] (vmodl.LocalizableMessage) [--> (vmodl.LocalizableMessage) {--> key = "com.vmware.vcIntegrity.HostUpgrade.UnsupportedTPMVersion",--> arg = <unset>,--> message = <unset>--> }--> ]
Environment
VMware vSphere ESXi
Cause
- The ESXi host's hardware is currently configured with TPM 1.2 but vSphere 8.0 has deprecated support for TPM 1.2.
Resolution
Below are the two engineering-approved paths to resolve TPM compatibility issues when upgrading to ESXi 8.0:
- If ESXi hosts use TPM:
- Upgrade Firmware: Contact the hardware vendor (e.g., Dell, HPE, Lenovo) to upgrade the TPM Firmware from 1.2 to 2.0.
- Configure BIOS: After upgrading to TPM 2.0, the BIOS setting "Physical Presence" MUST be set to "Asserted". Refer Error: UEFI Secure Boot failed after changing TPM to version 2.0 on ESXi host
- Upgrade Firmware: Contact the hardware vendor (e.g., Dell, HPE, Lenovo) to upgrade the TPM Firmware from 1.2 to 2.0.
- If ESXi hosts don't use TPM:
ESXi 7.x -
- Remediate the ESXi hosts and check the box for
"Ignore warnings about unsupported hardware devices"to allow the upgrade to proceed but no TPM functionality will be available for the host.
- Remediate the ESXi hosts and check the box for
ESXi 8.x -
- Select the cluster > Updates > Image > Edit remediation settings > Uncheck "Prevent remediation if hardware compatibility issues are found".
- Select the cluster > Updates > Image > Edit remediation settings > Uncheck "Prevent remediation if hardware compatibility issues are found".
Additional Information
- ESXi command to check if TPM hardware Module is present on the ESXi host:
#esxcli hardware trustedboot getOutput -
Drtm Enabled: falseTpm Present: true - ESXi command to list the current encryption settings on the ESXi host:
# esxcli system settings encryption getOutput -
Mode: TPMRequire Executables Only From Installed VIBs: falseRequire Secure Boot: trueIf mode is set to 'TPM', then the TPM feature is enabled on the Host BIOS settings and TPM is enabled.
Mode: NONE
Require Executables Only From Installed VIBs: false
Require Secure Boot: false
Refer the below articles for more information about TPM:
Feedback
Yes
No
Powered by
