Solved: Can you switch between 'fast' and 'regular' encryp...

gbohn · ‎05-10-2023

This might be a dumb question, but is it possible to switch between 'regular' and 'fast-encryption' when you have an existing guest with a virtual TPM added?

My understanding is that Workstation Pro 17 will allow you to set up either 'Regular'/traditional full Guest encryption or a new 'fast' encryption (one of which is needed to allow you to add a Virtual TPM).

I'm thinking about using this for a RHEL 8 Linux Guest, but I guess the same question applies to a Windows Guest.

My concern is that once you choose one of the two types, are you permanently locked in to that choice?

For example, would you have to remove the Virtual TPM and re-add it if you switched encryption type? (Which would lose all the TPM data presumably).

Technogeezer · ‎05-10-2023

In order to switch encryption types:

Remove the TPM device.
Decrypt the VM.
Re-encrypt the VM with your desired option.
Add back the TPM device

And yes that may involve losing the data in the TPM. You would have to treat the situation as if you replaced the motherboard or corrupted the TPM on a physical system.

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides

View solution in original post

Technogeezer · ‎05-10-2023

In order to switch encryption types:

Remove the TPM device.
Decrypt the VM.
Re-encrypt the VM with your desired option.
Add back the TPM device

And yes that may involve losing the data in the TPM. You would have to treat the situation as if you replaced the motherboard or corrupted the TPM on a physical system.

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides

gbohn · ‎05-10-2023

Thanks.

I was afraid that that was the case.

All

Can you switch between 'fast' and 'regular' encryption for TPM?

encrypted

TPM