Host Trusted Platform Module Privileges

Host Trusted Platform Module privileges control operations related to managing Trusted Platform Module (TPM) chips.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Table 1. Host Trusted Platform Module Privileges
Privilege Name in the vSphere Client	Description	Required On	Privilege Name in the API
Trusted Platform Module Read Unseal	Read allows reading detailed information about the state of the TPM installed in the ESXi host. Unseal allows requesting an ESXi host to decrypt a challenge to prove its state.	Hosts	Host.Tpm.Read Host.Tpm.Unseal