1820390 Members
3764 Online
109623 Solutions
New Discussion

Powershell TPM config

 
RogerH1
Occasional Contributor

Powershell TPM config

I'm new to TPM and my company has a security initiave to enable TPM on our ESXi hosts.  My initial thought is to collect information about all our ESXi hosts first to get a view of where we're at.  However, I'm not sure what all I can get via powershell?  What is my best approach here?  What should I be looking for?  Is TPM chip present?  Is UEFI BIOS enabled?  I could really use some guidance here.  Also, should I be doing this using iLO Powershell cmdlets/ module?

Thanks for any help!

 

RH

4 REPLIES 4
rabindra11sharm
Esteemed Contributor

Re: Powershell TPM config

Dear  RogerH1 

TPM stands for Trusted Platform Module is A security chip that's embedded into a motherboard or processor to improve security. TPMs use cryptography to store sensitive information like passwords, certificates, and encryption keys. They can also help protect against malware and cyberattacks. It shoul be enable from BIOS configuration menu. Please go though the link to check, is it assist/fullfilment of your requairment. if yes you may configure it. HPE have support for ESXi tools and drivers. Please find support matrix and check  your server compatible ESXi version.

ESXI configuration for TPM :  https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-10F7022C-DBE1-47A2-BD86-3840C6955057.html

HPE Support matrix : https://www.hpe.com/us/en/collaterals/collateral.a50010841enw.html

TPM enable Procedure : 

  1. During the server startup sequence, press the F9 key to access System Utilities.
  2. From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Trusted Platform Module options.
  3. Verify the following:
    • "Current TPM Type" is set to TPM 2.0.

    • "Current TPM State" is set to Present and Enabled.

    • "TPM Visibility" is set to Visible.

  4. If changes were made in the previous step, press the F10 key to save your selection.
  5. If F10 was pressed in the previous step, do one of the following:
    • If in graphical mode, click Yes.

    • If in text mode, press the Y key.

  6. Press the ESC key to exit System Utilities.
  7. If changes were made and saved, the server prompts for reboot request. Press the Enter key to confirm reboot.

    If the following actions were performed, the server reboots a second time without user input. During this reboot, the TPM setting becomes effective.

    • Changing from TPM 1.2 and TPM 2.0

    • Changing TPM bus from FIFO to CRB

    • Enabling or disabling TPM

    • Clearing the TPM

  8. Enable TPM functionality in the OS, such as Microsoft Windows BitLocker or measured boot.

Hope, I could provide you with clear and helpful instructions. If you have any more questions or need further assistance, don't hesitate to ask. I'm here to help! Have a great day!

hpe_banner_SME_signature.png


Thanks & Regards...
Rabindra
RogerH1
Occasional Contributor

Re: Powershell TPM config

@rabindra11sharm 

Hi Rabindra,

Thank you for your reply!  Do you know if there's a way to automate this process?  Using Powershell for example?  I have a large number of hosts that need to have this configuration and I would like to automate the process if possible.

Also, just a note, when I attempt to make this change view BIOS settings.   The settings below are either missing or grayed out and can't modify.

  • "Current TPM Type" is set to TPM 2.0.

  • "Current TPM State" is set to Present and Enabled.

  • "TPM Visibility" is set to Visible.

rabindra11sharm
Esteemed Contributor

Re: Powershell TPM config

Dear RogerH1 

for TPM grey out option, please go through the document do needful to isolate the issue. it might be resolved your issue.

https://support.hpe.com/hpesc/public/docDisplay?docId=sf000087663en_us&docLocale=en_US

hpe_banner_SME_signature.png


Thanks & Regards...
Rabindra
support_s
System Recommended

Query: Powershell TPM config

Hello,

 

Let us know if you were able to resolve the issue.

 

If you have no further query, and you are satisfied with the answer then kindly mark the topic as Solved so that it is helpful for all community members.

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo