VMware Cloud Community
markey165
Hot Shot
Hot Shot
‎09-09-2023 06:22 PM

Does ESXi secure boot specifically require a TPM chip?

Hi experts, sorry if this is an obvious question.

 

As per question, does ESXi secure boot specifically require a TPM chip? I kind of think the answer is no, but i can't definitively find an answer to this. The documentation talks about being able to securely store the private key in a TPM chip, but doesn't make clear if the it is an absolute requirement?

 

My suspicion is that the private key may otherwise be stored in an NVRAM part of the UEFI chip, and that the TPM is simply a more secure alternative, but i can't validate this. Can anyone confirm? 

 

Many Thanks :smiling_face_with_smiling_eyes:

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
Reply
0 Kudos
3 Replies
maksym007
Expert
Expert
‎09-10-2023 06:13 AM

TPM modul is for something different. 

For secure boot mostly uefy setting are used

Reply
0 Kudos
battybishop
Hot Shot
Hot Shot
‎09-10-2023 06:16 AM

Secure boot does not require a TPM module and is part of the UEFI firmware standard.

Check out this VMware doc link

UEFI Secure Boot for ESXi Hosts (vmware.com)

Reply
0 Kudos
markey165
Hot Shot
Hot Shot
‎09-10-2023 06:57 AM

@battybishop wrote:

Secure boot does not require a TPM module and is part of the UEFI firmware standard.

Check out this VMware doc link

UEFI Secure Boot for ESXi Hosts (vmware.com)

Thanks Rob, I read that very article, but it wasn't clear from the TPM reference, if it was optional or required, or where it stores the private key if a TPM chip isn't present. I couldn't really find that documented anywhere.

Thanks for confirming my suspicions though :smiling_face_with_smiling_eyes:

 

 

 

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
Reply
0 Kudos