VMware Cloud Community
Sofa_
Contributor
Contributor
‎10-26-2023 08:36 AM

Host TPM attestation alarm | Fresh Installed vCenter 8

Hi all,

i have a fresh installed vCenter Installation what shows a triggered alarm: Host TPM attestation alarm but no details.

Sofa__0-1698334539468.png

Can anybody tell me where i find details what the problem is?

Thanks

Reply
0 Kudos
7 Replies
pmichelli
Hot Shot
Hot Shot
‎10-27-2023 04:59 AM

You need to figure out how to enable the TPM 2.0 module in your system BIOS. What type of hardware are you using? We have to do this with our Dell equipment when we first deploy it.

Reply
0 Kudos
Sofa_
Contributor
Contributor
‎10-28-2023 12:11 AM

Hi there,

It's a Dell PowerEdge, the TPM is Enabled.

Sofa__0-1698477019411.png

 

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot
‎10-31-2023 07:51 AM

But is it enabled the way VMware wants it done? The default settings were not good enough for me. 

Look at this post 

https://www.reddit.com/r/vmware/comments/q5hk72/dell_r640_vmware_vcenter_70u3_esxi_702u2a05_dell/

Reply
0 Kudos
lukaszzasko
Enthusiast
Enthusiast
‎10-31-2023 10:17 AM

Hi,

From vCenter inventory try below procedure:

1. Enter maitanance mode

2. Disconnect host

3. Connect host

5. Exit maitanance mode

6. go to cluser > monitor > security to see that now attestation has status "passed"

7. [Optionally] check in bios > security menu that TXT has also status "on"

Reply
0 Kudos
Sofa_
Contributor
Contributor
‎11-02-2023 11:41 AM

Where i find the TXT Feature, it doesn't show up ?

CPU AES-NI Enabled
System Password Empty
Confirm System Password Empty
Setup Password Empty
Confirm Setup Password Empty
Password Status Unlocked
SHA256 hash of the System password Empty
Salt string appended to the System password prior to hash Empty
SHA256 hash of the Setup password Empty
Salt string appended to the Setup password prior to hash Empty
TPM Security On
TPM Information Type: 2.0 NTC
TPM Firmware 7.2.2.0
TPM Hierarchy Enabled
TPM Advanced Settings
AMD DRTM Off
Power Button Enabled
AC Power Recovery Last
AC Power Recovery Delay Immediate
User Defined Delay (120s to 600s) 120
UEFI Variable Access Standard
SMM Security Mitigation Disabled
Secure Boot Disabled
Secure Boot Policy Standard
Secure Boot Mode Deployed Mode
Authorize Device Firmware Disabled
UEFI CA Certificate Scope Device Firmware and OS

 

Reply
0 Kudos
Sofa_
Contributor
Contributor
‎11-02-2023 11:46 AM

Thanks for you Reply but i can't see any usable hint to get me forward.

Is there no message vmware log where the problem is? 

Reply
0 Kudos
Sofa_
Contributor
Contributor
‎11-07-2023 03:16 AM

It is solved. You've click to Datacenter -> Security at this Point you've the exact problem vcenter is expecting.

Bildschirmfoto 2023-11-07 um 11.52.03.png

in that case, Secure Boot - Disabled was the problem. 

 

Reply
0 Kudos