altadjeepsta
Contributor
Contributor

VSPHERE Security test shows N/A for several hosts

I was reviewing recently posted steps to secure my ESXi hosts against ransomware (https://blog.truesec.com/2021/04/13/secure-your-vmware-esxi-hosts-against-ransomware/).  The first step is checking if the hosts have passed attestation. I am running In VSPHERE 7.0.1 on my hosts. When I go to the cluster in VSPHERE client, then Monitor and then Security, i see one ESXi host that show it passed, listing Attestation Passed, the verified date, attested by vCenter, and TPM version 2.0. The other three show N/A under all of the columns. All three are newer servers than the one that passed and have a TPM 2.0 installed. I was just trying to figure out why they would all list not available. I was wondering if i need to turn on (initialize) the TPM 2.0 in bios for the chips to be recognized.

Then i was concerned about enabling the chip on a production ESXi host. Will there be problems on boot of the host?

Good Day,

AJ

 

0 Kudos
1 Reply
e_espinel
Virtuoso
Virtuoso

Hello.
Attached is a link with information about TPM
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-10F7022C-DBE1-47A...

You can directly in a SSH session on the ESXi host run the command to check the TPM version on your server
# esxcli hardware trustedboot get


In the technical characteristics of the server you must indicate if it has TPM 1.2 or 2.0. You can enter the UEFI of the server to verify and activate the TPM, it is recommended first on a single server and verify that everything is OK  in VMware (test shutdowns, reboots, disconnection from vcenter and reconnection with vcenter).

 

 

 

Enrique Espinel
Senior Technical Support IBM, Lenovo, VMware vSphere and Veeam Backup.
VMware VSP-SV, VTSP-SV, VTSP-HCI, VTSP 5
Please mark my comment as Correct Answer or assign Kudos if my answer was helpful to you, Thank you.
Пожалуйста, отметьте мой комментарий как Правильный ответ или поставьте Кудо, если мой ответ был вам полезен, Спасибо.
0 Kudos