You can add a Virtual Trusted Platform Module (vTPM) when you create a virtual machine to provide enhanced security to the guest operating system. You must create a key provider before you can add a vTPM.

The VMware virtual TPM is compatible with TPM 2.0 and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.

Prerequisites

Note: After creating a virtual machine with a vTPM, the Cryptographic operations.Direct Access privilege is required to open a console session.

Procedure

  1. Connect to vCenter Server by using the vSphere Client.
  2. Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
  3. Right-click the object, select New Virtual Machine, and follow the prompts to create a virtual machine.
    Option Action
    Select a creation type Create a new virtual machine.
    Select a name and folder Specify a name and target location.
    Select a compute resource

    Specify an object for which you have privileges to create a virtual machine. See Prerequisites and Required Privileges for Virtual Machine Encryption Tasks.

    Select storage Select a compatible datastore.
    Select compatibility You must select ESXi 6.7 and later for Windows guest OS, or ESXi 7.0 U2 and later for Linux guest OS.
    Select a guest OS Select Windows or Linux for use as the guest OS.
    Customize hardware

    Click Add New Device and select Trusted Platform Module.

    You can further customize the hardware, for example, by changing disk size or CPU.

    Ready to complete Review the information and click Finish.

Results

The vTPM-enabled virtual machine appears in your inventory as specified.