"TPM 1.2 device detected. Support for TPM version 1.2 is discontinued. Installation may proceed, but may cause the system to behave unexpectedly." warning after running compliance check on vSphere Cluster
search cancel

"TPM 1.2 device detected. Support for TPM version 1.2 is discontinued. Installation may proceed, but may cause the system to behave unexpectedly." warning after running compliance check on vSphere Cluster

book

Article ID: 406191

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server 8.0 VMware vCenter Server VMware vSphere ESXi 8.0

Issue/Introduction

  • When attempting to upgrade an ESXi host via vCenter, the compliance check task results in Status as Incompatible with below warning:
    "TPM 1.2 device detected. Support for TPM version 1.2 is discontinued. Installation may proceed, but may cause the system to behave unexpectedly."

  • On vCenter Server, in /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log

####-##-##T##:###:##.###Z info vmware-vum-server[10875] [Originator@6876 sub=HostUpgradeScanner] [scannerImpl 1757] (vmodl.LocalizableMessage) [
-->    (vmodl.LocalizableMessage) {
-->       key = "com.vmware.vcIntegrity.HostUpgrade.UnsupportedTPMVersion",
-->       arg = <unset>,
-->       message = <unset>
-->    }
--> ]

Environment

VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x

Cause

  • The ESXi hosts' hardware is currently configured with TPM 1.2 but vSphere 8.0 has deprecated support for TPM 1.2.

Resolution

Below are the two engineering-approved paths to resolve TPM compatibility issues when upgrading to ESXi 8.0:

  1. If ESXi hosts use TPM:

    1. Upgrade Firmware: Contact the hardware vendor (e.g., Dell, HPE, Lenovo) to upgrade the TPM Firmware from 1.2 to 2.0.
    2. Configure BIOS: After upgrading to TPM 2.0, the BIOS setting "Physical Presence" MUST be set to "Asserted". Refer Error: UEFI Secure Boot failed after changing TPM to version 2.0 on ESXi host

  2. If ESXi hosts don't use TPM:

    1. Remediate the ESXi hosts and check the box for "Ignore warnings about unsupported hardware devices" to allow the upgrade to proceed but no TPM functionality will be available for the host.

Additional Information

  • ESXi command to check if TPM hardware Module is present on the ESXi host:

       esxcli hardware trustedboot get

    OUTPUT:
        Drtm Enabled: false
      Tpm Present: true

  • ESXi command to list the current encryption settings on the ESXi host: 

    esxcli system settings encryption get

    OUTPUT 1:
        Mode: TPM
        Require Executables Only From Installed VIBs: false
        Require Secure Boot: true

    If mode is set to 'TPM', then the TPM feature is enabled on the Host BIOS settings and TPM is enabled. 

    OUTPUT 2:
    Mode: NONE
      Require Executables Only From Installed VIBs: false
      Require Secure Boot: false

    If mode is set to 'NONE', then the TPM feature is not enabled on the Host BIOS settings.

 

Refer the below articles for more information about TPM:

Powered by Wolken Software