Securing the ESXi Configuration

In vSphere 7.0 Update 2 and later, the ESXi configuration is protected by encryption.

What Is a Secure ESXi Configuration

Many ESXi services store secrets in their configuration files. These configurations persist in an ESXi host's boot bank as an archived file. Before vSphere 7.0 Update 2, the archived ESXi configuration file is not encrypted. In vSphere 7.0 Update 2 and later, the archived configuration file is encrypted. As a result, attackers cannot read or alter this file directly, even if they have physical access to the ESXi host's storage.

In addition to preventing an attacker from accessing secrets, a secure ESXi configuration when used with a TPM can save virtual machine encryption keys across reboots. When the ESXi host is configured with a TPM, the TPM is used to "seal" the configuration to the host, providing a strong security guarantee. As a result, encrypted workloads can continue to function when a key server is unavailable or unreachable. See vSphere Key Persistence on ESXi Hosts.

You do not need to activate the ESXi configuration encryption manually. When you install or upgrade to vSphere 7.0 Update 2 or later, the archived ESXi configuration file is encrypted.

For tasks associated with a secure ESXi configuration, see Manage a Secure ESXi Configuration.

ESXi Configuration Files Before vSphere 7.0 Update 2

The configuration of an ESXi host consists of configuration files for each service that runs on the host. The configuration files typically reside in the /etc/ directory, but they can also reside in other namespaces. The configuration files contain run-time information about the state of the services. Over time, the default values in the configuration files can change, for example, when you change settings on the ESXi host. A cron job backs up the ESXi configuration files periodically, or when ESXi shuts down gracefully, or on demand, and creates an archived configuration file in the boot bank. When ESXi reboots, it reads the archived configuration file and recreates the state that ESXi was in when the backup was taken. Before vSphere 7.0 Update 2, the archived configuration file is unencrypted. As a result, it is possible for an attacker who has access to the physical ESXi storage to read and alter this file while the system is offline.

How Is Secure ESXi Configuration Implemented

During the first boot after installing or upgrading the ESXi host to vSphere 7.0 Update 2 or later, the following occurs:

If the ESXi host has a TPM, and it is activated in the firmware, the archived configuration file is encrypted by an encryption key stored in the TPM. From this point on, the configuration of the host is sealed by the TPM.
If the ESXi host does not have a TPM, ESXi uses a Key Derivation Function (KDF) to generate a secure configuration encryption key for the archived configuration file. The inputs to the KDF are stored on disk in the encryption.info file.

Note: When an ESXi host has an activated TPM device, you gain additional protection.

When the ESXi host reboots after the first boot, the following occurs:

If the ESXi host has a TPM, the host must obtain the encryption key from the TPM for that specific host. If the TPM measurements satisfy the sealing policy that was used when creating the encryption key, then the host obtains the encryption key from the TPM.
If the ESXi host does not have a TPM, ESXi reads information from the encryption.info file to unlock the secure configuration.

Secure ESXi Configuration Requirements

ESXi 7.0 Update 2 or later
TPM 2.0 for configuration encryption and ability to use a sealing policy

Secure ESXi Configuration Recovery Key

A secure ESXi configuration includes a recovery key. If you must recover the ESXi secure configuration, you use a recovery key whose contents you enter as a command-line boot option. You can list the recovery key to create a recovery key backup. You can also rotate the recovery key as part of your security requirements.

Taking a backup of the recovery key is an important part of managing your secure ESXi configuration. vCenter Server generates an alarm to remind you to back up the recovery key.

Secure ESXi Configuration Recovery Key Alarm

Taking a backup of the recovery key is an important part of managing your secure ESXi configuration. Whenever an ESXi host in TPM mode is connected or reconnected to vCenter Server, vCenter Server generates an alarm to remind you to back up the recovery key. When you reset the alarm, it is not triggered again unless conditions change.

Best Practices for Secure ESXi Configuration

Follow these best practices for the secure ESXi recovery key:

When you list a recovery key, it is temporarily displayed in an untrusted environment and is in memory. Remove traces of the key.
- Rebooting the host removes the residual key in memory.
- For enhanced protection, you can activate encryption mode on the host. See Activate Host Encryption Mode Explicitly.
When you perform a recovery:
- To eliminate any traces of the recovery key in an untrusted environment, reboot the host.
- For enhanced security, rotate the recovery key to use a new key after having recovered the key one time.

What Are TPM Sealing Policies

A TPM can use Platform Configuration Register (PCR) measurements to implement policies that restrict unauthorized access to sensitive data. When you install or upgrade an ESXi host with a TPM to vSphere 7.0 Update 2 and later, the TPM seals the sensitive information by using a policy that incorporates the secure boot setting. This policy checks that if secure boot was activated when data was first sealed with the TPM, then secure boot must still be activated when attempting to unseal the data on a subsequent boot.

Secure boot is part of the UEFI firmware standard. With UEFI Secure Boot activated, a host refuses to load any UEFI driver or app unless the operating system bootloader has a valid digital signature.

You can choose to deactivate or activate UEFI Secure Boot enforcement. See Activate or Deactivate the Secure Boot Enforcement for a Secure ESXi Configuration.

Note: If you do not activate a TPM when you install or upgrade to vSphere 7.0 Update 2 or later, you can do so later with the following command.

esxcli system settings encryption set --mode=TPM

Once you have activated the TPM, you cannot undo the setting.

The esxcli system settings encryption set command fails on some TPMs even when the TPM is activated for the host.

In vSphere 7.0 Update 2: TPMs from NationZ (NTZ), Infineon Technologies (IFX), and certain new models (like NPCT75x) from Nuvoton Technologies Corporation (NTC)
In vSphere 7.0 Update 3: TPMs from NationZ (NTZ)

If an installation or upgrade of vSphere 7.0 Update 2 or later is unable to use the TPM during the first boot, the installation or upgrade continues, and the mode defaults to NONE (that is, --mode=NONE). The resulting behavior is as though the TPM is not activated.

The TPM can also enforce the setting for the execInstalledOnly boot option in the sealing policy. The execInstalledOnly enforcement is an advanced ESXi boot option that guarantees that the VMkernel executes only binaries that have been properly packaged and signed as part of a VIB. The execInstalledOnly boot option has a dependency on the secure boot option. The secure boot enforcement must be activated before you can enforce the execInstalledOnly boot option in the sealing policy. See Activate or Deactivate the execInstalledOnly Enforcement for a Secure ESXi Configuration.