Manage Host Hardware TPM Endorsement Keys
You can use
interfaces from the
to retrieve a list of configured TPM endorsement keys on a host and
information about each endorsement key. You can also retrieve the TPM event log and unseal a
secret that is bound to an endorsement key.com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm
packageYou can retrieve the TPM event log for different
purposes, such as configuring firmware trust with an attestation service or
validating the boot time TPM measurements. You can unseal a secret that is bound to
an endorsement key to verify reported measurements. For example, you can verify
measurements from the TPM event log.
- List configured TPM endorsement keys on a hostby calling the.list(java.lang.String host, java.lang.String tpm, EndorsementKeysTypes.FilterSpec filter)method of theEndorsementKeysinterface
- Retrieve detailed information about a specific TPM endorsement keyby calling the.get(java.lang.String host, java.lang.String tpm, java.lang.String key)method of theEndorsementKeysinterface
- Retrieve the event log associated with a TPM deviceby calling the.get(java.lang.String host, java.lang.String tpm)method of theEventLoginterface
- Unseal a secret that is bound to an endorsement keyby calling the.unseal(java.lang.String host, java.lang.String tpm, java.lang.String key, EndorsementKeysTypes.UnsealSpec spec)method of theEndorsementKeysinterface