You can add a Virtual Trusted Platform Module (vTPM) when you create a virtual machine to provide enhanced security to the guest operating system. You must create a key provider before you can add a vTPM.
The VMware virtual TPM is compatible with TPM 2.0 and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.
Prerequisites
- Ensure your vSphere environment is configured with a key provider. See the vSphere Security documentation.
- The guest OS you use can be Windows Server 2008 and later, Windows 7 and later, or Linux.
- The ESXi hosts running in your environment must be ESXi 6.7 and later (Windows guest OS), or 7.0 Update 2 and later (Linux guest OS).
- The virtual machine must use EFI firmware.
- Verify that you have the required privileges:
Note: After creating a virtual machine with a vTPM, the
privilege is required to open a console session.
Procedure
- Connect to vCenter Server by using the vSphere Client.
- Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
- Right-click the object, select New Virtual Machine, and follow the prompts to create a virtual machine.
Option Action Select a creation type Create a new virtual machine. Select a name and folder Specify a name and target location. Select a compute resource Specify an object for which you have privileges to create a virtual machine. See "Prerequisites and Required Privileges for Encryption Tasks" in the vSphere Security documentation.
Select storage Select a compatible datastore. Select compatibility You must select ESXi 6.7 and later for Windows guest OS, or ESXi 7.0 U2 and later for Linux guest OS. Select a guest OS Select Windows or Linux for use as the guest OS. Customize hardware Click Add New Device and select Trusted Platform Module.
You can further customize the hardware, for example, by changing disk size or CPU.
Ready to complete Review the information and click Finish.
Results
The vTPM-enabled virtual machine appears in your inventory as specified.