SOLVED
Hy!
I want to run the latest SPP for my HPE DL380 Gen10 Plus server. The TPM 2.0 is enabled. I use the interactive firmware update option and when the SPP inventory run successfully I get the following warning:
Warning - A Trusted Platform Module (TPM) is enabled in this system.
If TPM features have been configured at the OS, please check that any recovery passwords provided for TPM features are available before continuing the firmware update. Updateing firmware may impact any security functionality enabled on the platform.
The server OS is VMware ESXi.
I dind't do anything like clik on "Ignore Warning". What should I do to update the firmwares safetily?
Thanks.
System recommended content:
1. HPE ProLiant DL380 Gen10 Plus Server with VMware vSphere Distributed Services Engine User Guide
Please click on "Thumbs Up/Kudo" icon to give a "Kudo".
Thank you for being a HPE valuable community member.
Hello,
Are you performing the update to the server offline (booting from SPP)? The following page in the HPSUM user guide gives you the various scenario's when using a TPM and the result for each. The page is indicating bitlocker, but the same type of information would apply to an ESXi host as well.
There should be no issue with selecting ignore warning, especially if the update is being performed offline.
Thanks
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hello,
I would not recommend going into the BIOS and disabling the TPM. Selecting the checkbox "ignore warnings" you can see in the screenshot will allow it to continue past the TPM warning and the updates will proceed.
Regards
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hello @adam900331,
Let us know if you were able to resolve the issue.
If you have no further query and you are satisfied with the answer then kindly mark the topic as Solved so that it is helpful for all community members.
Thanks,
Sunitha G
I'm an HPE employee.
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hello,
You should never move a TPM from a system onto a replacement system board. If you get a replacement system board, you should also get a replacement TPM.
In your situation, the problem may be due to having secure boot enabled in the BIOS. If any actions are taken that results in the keys being cleared from the TPM, then the chances are that secure boot will be disabled on the next boot. This will result in a purple screen on ESXi with the security violation message. To correct this, you may only need to go into the BIOS and under the secure boot options select to enable it again.
Regards
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hello,
I believe the following KB would cover this type of situation:
https://kb.vmware.com/s/article/81446
Following the replacement of a system board (and new TPM), the TPM may be disabled. It is also possible secure boot is disabled. For each of these, you should go into the BIOS and ensure they are configured to be enabled. The keys should automatically be pulled in again. A worse case scenario would likely involve following the procedure in the KB related to the ESXi installer and modifying the boot options for the existing install.
Regards
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]