Manage Host Hardware TPM Endorsement Keys

You can use
interfaces from the
com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm
package
to retrieve a list of configured TPM endorsement keys on a host and information about each endorsement key. You can also retrieve the TPM event log and unseal a secret that is bound to an endorsement key.
You can retrieve the TPM event log for different purposes, such as configuring firmware trust with an attestation service or validating the boot time TPM measurements. You can unseal a secret that is bound to an endorsement key to verify reported measurements. For example, you can verify measurements from the TPM event log.
  1. List configured TPM endorsement keys on a host
    by calling the
    list(java.lang.String host, java.lang.String tpm, EndorsementKeysTypes.FilterSpec filter)
    method of the
    EndorsementKeys
    interface
    .
  2. Retrieve detailed information about a specific TPM endorsement key
    by calling the
    get(java.lang.String host, java.lang.String tpm, java.lang.String key)
    method of the
    EndorsementKeys
    interface
    .
  3. Retrieve the event log associated with a TPM device
    by calling the
    get(java.lang.String host, java.lang.String tpm)
    method of the
    EventLog
    interface
    .
  4. Unseal a secret that is bound to an endorsement key
    by calling the
    unseal(java.lang.String host, java.lang.String tpm, java.lang.String key, EndorsementKeysTypes.UnsealSpec spec)
    method of the
    EndorsementKeys
    interface
    .