ESXi host reports "TPM 2.0 device detected, but a connection cannot be established" after TPM enablement or post-upgrade to ESXi 8.0
search cancel

ESXi host reports "TPM 2.0 device detected, but a connection cannot be established" after TPM enablement or post-upgrade to ESXi 8.0

book

Article ID: 323610

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

When adding a TPM-enabled ESXi host to vCenter, or after enabling TPM 2.0 on an existing host, below alert may be observed even when the configuration appears to be correct:

"TPM 2.0 device detected, but a connection cannot be established."

This issue may also occur after upgrading the ESXi host to version 8.0, indicating a potential mismatch or incomplete TPM configuration despite the feature being enabled.

Environment

VMware vSphere ESXi 6.5
VMware vSphere ESXi 6.7
VMware vSphere ESXi 7.0
VMware vSphere ESXi 8.0

Cause

  • tpmdriver was missing from the installed vibs, causing the host not to communicate with the underlying TPM hardware, resulting in the error.

    From var/run/log/vmkwarning/ and var/run/log/vmkernel.log below errors can be identified.
    ------------------------------------------------------------
    vmkwarning.log
    YYYY-DD-MMTHH:MM:SS.007Z cpu24:2097931)WARNING: tpmDriver: TpmDriverInitImpl:307: TPM 2 SHA-256 PCR bank not found to be active.
    YYYY-DD-MMTHH:MM:SS.007Z cpu24:2097931)WARNING: tpmDriver: TPMDriverAttachDevice:216: \_SB_.TPM_: couldn't perform TIS init
    YYYY-DD-MMTHH:MM:SS.008Z cpu24:2097931)WARNING: Elf: 3110: Kernel-based module load of tpmdriver failed: Failure <Mod_LoadDone failed>
  • Incorrect TPM2 algorithm setting in the BIOS will also cause this same TPM error in the UI and logs.
  • vSphere does not support the SHA1 security algorithm. The algorithm for TPM 2.0 must be SHA2 ("SHA256") or higher.
    What Are the vSphere Requirements to Use a TPM

Resolution

Engage with hardware vendor to provide the tpmdriver vib for the host to communicate with underlying TPM or modifying the BIOS configuration.

Additional Information

Impact/Risks:
TPM 2.0 will not work on host.

As an example, here is Dell's documentation to address the issue : https://www.dell.com/support/kbdoc/en-in/000193231/tpm-2-0-errors-on-esxi-7-0
Powered by Wolken Software