VMware Cloud Community
burdweiser
Enthusiast
Enthusiast
Jump to solution

Trusted Platform Module (TPM)

I've been hunting today for some documentation on Trusted Platform Module (TPM) and some deep dive info on how it interacts with a host server. I've noticed that there are very few posts on this subject, and even fewer details on checking the status of TPM via the host server or how to interface with TPM to "assert physical pressence".

I have some new IBM HS22 blades that look like they have the TPM in them, but the BIOS interface is a little confusing. It says it is enable, but physcial presence is "not asserted". I know this is something I need to look up via IBM, but I was hoping to find more info on the subject in the VMware admin guides or deployment guides. Anyone know where I can find some good documentation?

Reply
0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
Jump to solution

Hello,

I think you have an issue with your system BIOS and the TPM device then you really have a hardware issue. The OS (ESX) is not really involved at this time. TPM 'stuff' happens before ESX even boots.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

Reply
0 Kudos
3 Replies
Texiwill
Leadership
Leadership
Jump to solution

Hello,

You can use TPM to ensure the boot disk has not changed within vSphere. There was a white paper on this from VMware. Mainly it was for ESXi. You cannot have the vTPM for each VM however.

It is mainly used as an integrity check. This becomes quite important as the vmkernel is opened up to allow third party drivers such as VMsafe.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
burdweiser
Enthusiast
Enthusiast
Jump to solution

I'm not looking to use TPM for virtual machines, only the host. I'm mainly looking for more info on fixing the message in the BIOS of physcial presence is "not asserted"

James

Reply
0 Kudos
Texiwill
Leadership
Leadership
Jump to solution

Hello,

I think you have an issue with your system BIOS and the TPM device then you really have a hardware issue. The OS (ESX) is not really involved at this time. TPM 'stuff' happens before ESX even boots.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos