VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Configure Trusted TPMs of Attested
ESXi
 Hosts on a Cluster Level

You can use
interfaces from the
com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2
 package
 to manage remote attestation configuration for TPM trust.
  • Verify that you have access to a working
    vSphere Trust Authority
     environment.
  • Verify that you have Trusted Infrastructure administrative privileges.
You can add, list, remove, and retrieve details about TPM CA certificates and TPM endorsement keys. You can also set and retrieve TPM 2.0 attestation settings.
  1. Add a new TPM CA certificate to a Trusted Cluster to specify a trusted platform OEM
    by calling the
    create_Task(java.lang.String cluster, CaCertificatesTypes.CreateSpec spec)
     method of the
    CaCertificates
     interface
    .
  2. Retrieve a list of configured TPM CA certificates on a Trusted Cluster to identify the trusted platform OEMs
    by calling the
    list_Task(java.lang.String cluster)
     method of the
    CaCertificates
     interface
    .
  3. Remove a TPM CA certificate from a Trusted Cluster because a platform OEM is no longer trusted
    by calling the
    delete_Task(java.lang.String cluster, java.lang.String name)
     method of the
    CaCertificates
     interface
    .
  4. Retrieve details about a specific TPM CA certificate on a Trusted Cluster to get more information about the trusted platform OEM
    by calling the
    get_Task(java.lang.String cluster, java.lang.String name)
     method of the
    CaCertificates
     interface
    .
  5. Add a new TPM endorsement key to a Trusted Cluster to specify a trusted
    ESXi
     host
    by calling the
    create_Task(java.lang.String cluster, EndorsementKeysTypes.CreateSpec spec)
     method of the
    EndorsementKeys
     interface
    .
  6. Retrieve a list of configured TPM endorsement keys in a Trusted Cluster to identify the trusted
    ESXi
     hosts
    by calling the
    list_Task(java.lang.String cluster)
     method of the
    EndorsementKeys
     interface
    .
  7. Remove a TPM endorsement key from a Trusted Cluster because an
    ESXi
     host is no longer trusted
    by calling the
    delete_Task(java.lang.String cluster, java.lang.String name)
     method of the
    EndorsementKeys
     interface
    .
  8. Retrieve details about a specific TPM endorsement key on a Trusted Cluster to get more information about the trusted
    ESXi
     host
    by calling the
    get_Task(java.lang.String cluster, java.lang.String name)
     method of the
    EndorsementKeys
     interface
    .
  9. Set the TPM 2.0 attestation settings by specifying that TPM endorsement keys on a Trusted Cluster do not need to be signed because the trusted OEM does not sign endorsement keys
    by calling the
    update_Task(java.lang.String cluster, SettingsTypes.UpdateSpec spec)
     method of the
    Settings
     interface
    .
  10. Determine the TPM 2.0 attestation settings in a Trusted Cluster
    by calling the
    get_Task(java.lang.String cluster)
     method of the
    Settings
     interface
    .

Content feedback and comments