With vSphere 6.7 I’m happy to announce the support of TPM 2.0! This blog will go into detail on how we are leveraging the TPM 2.0 chip found on most modern servers. I’ll also clarify some mis-conceptions and try to put into context what pieces are doing what during the boot of ESXi 6.7.
First, we’ll start out with “What is a TPM?” and what its capabilities are.
Trusted Platform Module or “TPM”
A TPM (Trusted Platform Module) is a computer chip/microcontroller that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include measurements, passwords, certificates, or encryption keys. A TPM can also be used to digitally sign content and store platform measurements that help ensure that the platform remains trustworthy. The Trusted Computing Group has a great detailed overview of what a TPM is and does. I will attempt to provide a journeyman’s overview below.