Trusted Platform Module missing when adding new device to VM
search cancel

Trusted Platform Module missing when adding new device to VM

book

Article ID: 417844

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Trusted Platform Module (vTPM) option is not available when adding new device via virtual machine (VM) hardware settings in vSphere. 

  • VM virtual hardware version is 14 and above.
  • VM is configured with EFI firmware and not BIOS.
  • VM is powered off.
  • Cluster is created in vCenter and hosts are added to the cluster.
  • A standalone host cannot use Native Key Provider (NKP) for vTPM or VM encryption.

Environment

VMware vCenter Server 6.7 or later
ESXi 6.7 host or later with TPM 2.0 chip installed and enabled in UEFI
UEFI Secure Boot enabled

    Cause

    The vCenter is not configured with a Key Provider (KMS / Native Key Provider).

    Resolution

    Verify that a Key Provider (vCenter Native Key Provider or external KMS) is configured and trusted. 

      • Go to Menu → Security → Key Providers in the vSphere Client.
      • Verify that a Native Key Provider or External KMS is listed with status Enabled and Trusted.
      • Then validate if you are able to add vTPM.

     

    Additional Information

    A standalone host cannot use Native Key Provider (NKP) for vTPM or VM encryption.
    Enabling TPM on ESXi
    Securing ESX Hosts with Trusted Platform Module

     

    Powered by Wolken Software