HPE Community
HPE SimpliVity
1837407 Members
3236 Online
110116 Solutions
New Discussion

Rif.: Secure Boot

 
SOLVED
Go to solution
NZamp
Valued Contributor

‎06-19-2023 12:03 AM - last edited on ‎06-20-2023 02:33 AM by

‎06-19-2023 12:03 AM - last edited on ‎06-20-2023 02:33 AM by

Secure Boot

Hello guys,

i have a pair of new SimpliVity nodes deployed at a customer site. Now i get the error "Host TPM attension alarm".

Normaly i would acitvate Secure boot and all the TPM stuff needed but i´m unsure if this can also be done withe the SimpliVity nodes or if this isn´t supported.

i´ve found the following:

https://community.hpe.com/t5/hpe-simplivity/secure-boot-with-simplivity/m-p/7170783#M3429

but the answers is one time YES and one time NO so this doesn´t clarify the problem

So what is true?

 

Best regards,

Nick

0 Kudos
Reply
4 REPLIES 4
FabrizioDV
Advisor

‎06-20-2023 12:29 AM

‎06-20-2023 12:29 AM

Solution

Rif.: Secure Boot

 

 

from this document : HPE OmniStack 4.2.0 for vSphere Release Notes.pdf

link : https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00131390en_us 

 

 
 

image.png

 

 

image.png

 

 

Reply
NZamp
Valued Contributor

‎06-20-2023 03:56 AM

‎06-20-2023 03:56 AM

Rif.: Secure Boot

Hello Fabrizio,

secure boot is not supported, got it

Thanks for clarifying answer.

 

Best regards,

Nick

Reply
Sunitha_Mod
Honored Contributor

‎06-20-2023 10:09 PM

‎06-20-2023 10:09 PM

Rif.: Secure Boot

Hello Nick, 

We are glad to know your concern has been addressed. 

0 Kudos
Reply
Matt4istal
Established Member

yesterday

yesterday

ESX 9 "Unable to acquire ownership of TPM 2.0 device on HPE DL380 Gen11 server solution.

VMware ESX 9 "Unable to acquire ownership of TPM 2.0 device. Please clear TPM through the BIOS." on HPE DL380 Gen11 server solution.
The solution was a 4-step process in the HPE DL380 Gen11 server BIOS. The configuration steps that fixed the TPM issue with VMware in this case were as follows:

Step 1 – Enable Secure Boot in System Configuration > BIOS/Platform Configuration (RBSU) > Server Security.
Reboot server.
Step 2 – Enable the following Advanced Trusted Platform Module Options in System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Trusted Platform Module Options
• TPM UEFI Option ROM Measurement: Default = Disabled --> Change to Enabled
• TPM 2.0 Endorsement Hierarchy: Default = Disabled --> Change to Enabled
• TPM 2.0 Storage Hierarchy: Default = Disabled --> Change to Enabled
Reboot server.
Step 3 – Clear the TPM in System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Trusted Platform Module Options > TPM 2.0 Operation
Step 4 – Perform a Cold Boot of server (full power off and back on) to clear the TPM.

After performing these 4 steps, the TPM attestation alert message was cleared in vCenter on the ESX 9 hosts. (Note: Also have to disconnect / reconnect each host to vCenter since the TPM settings were changed on hosts that were already joined to vCenter in order to clear attestation failed messages that were in the "Cluster -> Security" menu).

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.