VMware Cloud Community
Charizard_1998
Contributor
Contributor

Unable to clone a vTPM vm from one vCenter to another successfully

Hi Team,
I want to clone a vTPM vm from one vCenter to another. Both the source and target vCenter's have same KMS(Standard Key Provider) configured. I am able to back up the disks from the source to the target vCenter. I am also able to create a vm(on target vCenter) out of it with the same config as the source vCenter, but if I enable vTPM the home configuration files will be encrypted using a key different from the one used in the source, because of this even if I copy the nvram file and also get the vtpm endorsement key pair from the source. I am not able to use the vtpm contents in the nvram

Am I missing something? or is there any problem with the way I am handling this. Please help

Thanks

0 Kudos
1 Reply
Charizard_1998
Contributor
Contributor

I have found an article related to this, which explains how to backup and restore encrypted vms it also includes restoring nvram file. But the problem is that, the fields ConfigInfo.keyId, the encryption.bundle from ConfigInfo.extraConfig needs to be preserved and it does not have any viable way to save these fields on the target. I have used mob functions ReconfigVM_Task and CreateVM_Task but they are not working and also no suitable methods were found in govmomi.

It would be helpful if someone can point on how to backup and restore encrypted uefi secure boot vms(including nvram), that can be a good breakthrough point.

https://vdc-download.vmware.com/vmwb-repository/dcr-public/1528ee25-7f22-43e8-aa0e-05d8c6542b4a/607f...

0 Kudos