You can add a Virtual Trusted Platform Module (vTPM) to an existing virtual machine to provide enhanced security to the guest operating system. You must set up the KMS before you can add a vTPM.
You can enable a vTPM for virtual machines running on vSphere 6.7 and later. The VMware virtual TPM is compatible with TPM 2.0, and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.
Prerequisites
- Ensure your vSphere environment is configured for virtual machine encryption. See Set up the Key Management Server Cluster.
- The guest OS you use can be Windows Server 2008 and later, and Windows 7 and later.
- Verify that the virtual machine is turned off.
- The ESXi hosts running in your environment must be ESXi 6.7 or later.
- The virtual machine must use EFI firmware.
- Verify that you have the required privileges: