Configure Trusted TPMs of Attested ESXi Hosts on a Cluster Level
ESXi
Hosts on a Cluster LevelYou can use
interfaces from the
to manage remote attestation configuration for TPM trust.com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2
package- Verify that you have access to a workingvSphere Trust Authorityenvironment.
- Verify that you have Trusted Infrastructure administrative privileges.
You can add, list, remove, and retrieve details
about TPM CA certificates and TPM endorsement keys. You can also set and retrieve
TPM 2.0 attestation settings.
- Add a new TPM CA certificate to a Trusted Cluster to specify a trusted platform OEMby calling the.create_Task(java.lang.String cluster, CaCertificatesTypes.CreateSpec spec)method of theCaCertificatesinterface
- Retrieve a list of configured TPM CA certificates on a Trusted Cluster to identify the trusted platform OEMsby calling the.list_Task(java.lang.String cluster)method of theCaCertificatesinterface
- Remove a TPM CA certificate from a Trusted Cluster because a platform OEM is no longer trustedby calling the.delete_Task(java.lang.String cluster, java.lang.String name)method of theCaCertificatesinterface
- Retrieve details about a specific TPM CA certificate on a Trusted Cluster to get more information about the trusted platform OEMby calling the.get_Task(java.lang.String cluster, java.lang.String name)method of theCaCertificatesinterface
- Add a new TPM endorsement key to a Trusted Cluster to specify a trustedESXihostby calling the.create_Task(java.lang.String cluster, EndorsementKeysTypes.CreateSpec spec)method of theEndorsementKeysinterface
- Retrieve a list of configured TPM endorsement keys in a Trusted Cluster to identify the trustedESXihostsby calling the.list_Task(java.lang.String cluster)method of theEndorsementKeysinterface
- Remove a TPM endorsement key from a Trusted Cluster because anESXihost is no longer trustedby calling the.delete_Task(java.lang.String cluster, java.lang.String name)method of theEndorsementKeysinterface
- Retrieve details about a specific TPM endorsement key on a Trusted Cluster to get more information about the trustedESXihostby calling the.get_Task(java.lang.String cluster, java.lang.String name)method of theEndorsementKeysinterface
- Set the TPM 2.0 attestation settings by specifying that TPM endorsement keys on a Trusted Cluster do not need to be signed because the trusted OEM does not sign endorsement keysby calling the.update_Task(java.lang.String cluster, SettingsTypes.UpdateSpec spec)method of theSettingsinterface
- Determine the TPM 2.0 attestation settings in a Trusted Clusterby calling the.get_Task(java.lang.String cluster)method of theSettingsinterface