Host Trusted Platform Module privileges control operations related to managing Trusted Platform Module (TPM) chips.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the folder level, you can propagate the privilege to one or more objects within the folder. The object listed in the Required On column must have the privilege set, either directly or inherited.

Table 1. Host Trusted Platform Module Privileges
Privilege Name in the vSphere Client Description Required On Privilege Name in the API
  • Trusted Platform Module
    • Read
    • Unseal

Read allows reading detailed information about the state of the TPM installed in the ESXi host.

Unseal allows requesting an ESXi host to decrypt a challenge to prove its state.

Hosts

Host.Tpm.Read

Host.Tpm.Unseal