vTPM option missing when adding a new device to VMs in vSphere
Article ID: 413610
Updated On:
Products
Issue/Introduction
This article explains the issue where the Trusted Platform Module (vTPM) option is not available when editing virtual machine (VM) hardware settings in vSphere. The article provides possible causes and the resolution steps verified in the field.
Cause
The issue occurs because the virtual hardware version of the VM does not meet the minimum requirement for vTPM support.
Resolution
To resolve the issue, upgrade the VM hardware version to match the ESXi host’s supported level.
- Power off the affected virtual machine.
- Right-click the VM > Compatibility > Upgrade VM Compatibility.
- Select the highest supported version available (for ESXi 8.x, select Version 20 or above).
- Confirm the upgrade.
- Edit Settings > Add New Device > Trusted Platform Module.
After performing these steps, the vTPM option will appear, and can successfully be added as a Device.
Additional Information
vTPM functionality was introduced in virtual hardware version 14 (ESXi 6.7 and later).
Additional conditions that may prevent vTPM from appearing include:
- VM is configured with BIOS firmware instead of EFI.
- The VM is not encrypted or a Key Provider (KMS / Native Key Provider) is not configured.
- The VM is powered on during configuration changes.
Below are the best practices for the vTPM:
- Ensure the VM uses EFI firmware: Edit Settings > VM Options > Boot Options > set Firmware Type to EFI.
- Verify that a Key Provider (vCenter Native Key Provider or external KMS) is configured and trusted.
- Go to Menu → Security → Key Providers in the vSphere Client.
Verify that a Native Key Provider or External KMS is listed with status Enabled and Trusted.
- Go to Menu → Security → Key Providers in the vSphere Client.
Hardware Features Available with Virtual Machine Compatibility Settings
Virtual machine hardware versions
Feedback
