You can add a Virtual Trusted Platform Module (vTPM) to an existing virtual machine to provide enhanced security to the guest operating system. You must create a key provider before you can add a vTPM.
The VMware virtual TPM is compatible with TPM 2.0, and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.
- Ensure your vSphere environment is configured for a key provider. See the vSphere Security documentation.
- The guest OS you use can be Windows Server 2008 and later, Windows 7 and later, or Linux.
- Verify that the virtual machine is turned off.
- The ESXi hosts running in your environment must be ESXi 6.7 or later (Windows guest OS), or 7.0 Update 2 (Linux guest OS).
- The virtual machine must use EFI firmware.
- Verify that you have the required privileges:
- Connect to vCenter Server by using the vSphere Client.
- Right-click the virtual machine in the inventory that you want to modify and select Edit Settings.
- In the Edit Settings dialog box, click Add New Device and select Trusted Platform Module.
- Click OK.
The virtual machine Summary tab now includes Virtual Trusted Platform Module in the VM Hardware pane.