You can add a Virtual Trusted Platform Module (vTPM) when you create a virtual machine to provide enhanced security to the guest operating system. You must create a key provider before you can add a vTPM.
The VMware virtual TPM is compatible with TPM 2.0 and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.
- Ensure that your vSphere environment is configured with a key provider. See the following for more information:
- The guest OS you use can be Windows Server 2008 and later, Windows 7 and later, or Linux.
- The ESXi hosts running in your environment must be ESXi 6.7 or later (Windows guest OS), or 7.0 Update 2 (Linux guest OS).
- The virtual machine must use EFI firmware.
- Verify that you have the required privileges:
- Connect to vCenter Server by using the vSphere Client.
- Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
- Right-click the object, select New Virtual Machine, and follow the prompts to create a virtual machine.
Option Action Select a creation type Create a new virtual machine. Select a name and folder Specify a name and target location. Select a compute resource
Specify an object for which you have privileges to create a virtual machine. See Prerequisites and Required Privileges for Encryption Tasks.
Select storage Select a compatible datastore. Select compatibility You must select ESXi 6.7 and later for Windows guest OS, or ESXi 7.0 U2 and later for Linux guest OS. Select a guest OS Select Windows or Linux for use as the guest OS. Customize hardware
Click Add New Device and select Trusted Platform Module.
You can further customize the hardware, for example, by changing disk size or CPU.
Ready to complete Review the information and click Finish.
The vTPM-enabled virtual machine appears in your inventory as specified.