Solved: Re: Not able to add TPM to Win10 VM

KjetilEVRY · ‎06-09-2018

I see that v14 now supports virtual TPM. But when I create and add test Win10 VM's, the "Finish" button to add TPM is greyed out. I've read somewhere that this is because my host doesn't support TPM... don't know if that's true.

My host is Lenovo P50 with TPM and Win10 Enterprise running on it. No matter what option I play with in the settings of the VM, I just can't seem to enable the virtual TPM.
Anyone succeeded in this? Thanks

bluefirestorm · ‎06-11-2018

I don't know why the option is greyed out that is why I suggested to add the line manually instead.

As to not being able to boot up after you add the vtpm.present line, as I had indicated earlier, after you add that line, the VM now has to be encrypted. So you need to encrypt the VM.

View solution in original post

bluefirestorm · ‎06-10-2018

The VTPM feature does not rely on an actual TPM chip on the host hardware. It uses software emulation. Once you manage to get it up and running you should see a TPM2EMU process running. If you think about it, it is sort of logical that two or more VMs should not be sharing the use of the same TPM chip on the host nor should the TPM chip be shared between the host and any VM. And if the VTPM is tied to the physical TPM, the VM is no longer portable to other host machines.

The requirements for VTPM to work is that the VM virtual firmware is UEFI.

I am still on version 12.5.9 but did get to try the VTPM feature when Workstation 14.x/Fusion 10.x was on beta.

Assuming the Windows 10 VM you created is already on UEFI as virtual firmware, power off the VM and add the following line to the vmx configuration file.

vtpm.present = "TRUE"

After you add that line, the next time the VM is powered up, it would require that the VM be encrypted (to store the virtual TPM parameters in encrypted form). Since the VM is encrypted, you can no longer manually edit the vmx configuration file unless you decrypt the VM.

KjetilEVRY · ‎06-11-2018

Thanks, but I still don't understand why the "Finish" button is grayed out in the add hardware wizard, if I try to add the virtual TPM chip. This happens both for existing Win10 VM's and during the creation of a new Win10 VM from scratch.

Adding the line as you suggested, just made the VM unbootable (Workstation says in a popup: The virtual machine must be encrypted. Virtual TPM initialization failed. Modeul "DevicePowerOn" failed.).

bluefirestorm · ‎06-11-2018

I don't know why the option is greyed out that is why I suggested to add the line manually instead.

As to not being able to boot up after you add the vtpm.present line, as I had indicated earlier, after you add that line, the VM now has to be encrypted. So you need to encrypt the VM.

KjetilEVRY · ‎06-13-2018

Thank you! Didn't understand I had go into the settings of the VM and setup encryption.

Django14 · ‎11-04-2021

This is how to enable encryption. After enabling this it will work!

bracka · ‎11-13-2021

I am not seeing that option?

VMware Workstation 16: yes
VMware ESXi 6.7 U3 (15160138): nope

Thanks in Advance

All

Not able to add TPM to Win10 VM