TPM 2.0 device containing endorsement key certificate with public key (rsaesOaep) are not supported by openssl
Article ID: 334591
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
2017-12-12T08:06:39.092Z info hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Preprovisioned endorsement key not found at 0x81010001
2017-12-12T08:06:39.114Z verbose hostd[1001392663] [Originator@6876 sub=PropertyProvider] RecordOp ASSIGN: summary.runtime, ha-root-pool. Sent notification immediately.
2017-12-12T08:06:39.247Z error hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] NV_ReadPublic: (0x18b) Unknown
2017-12-12T08:06:39.247Z info hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Vendor provided RSA endorsement key template is not present in NV memory. Using default template per TGC spec.
2017-12-12T08:06:39.288Z error hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] NV_ReadPublic: (0x18b) Unknown
2017-12-12T08:06:39.375Z info hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Could not extract X509 public key.
2017-12-12T08:06:39.376Z error hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Unable to provision default rsa endorsement key.
- vCenter Server reports below message after adding host with TPM2.0 enabled:
- In the host summary page of the vCenter UI, you see message similar to:
- In the hostd.log, you see message similar to:
2017-12-12T08:06:39.092Z info hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Preprovisioned endorsement key not found at 0x81010001
2017-12-12T08:06:39.114Z verbose hostd[1001392663] [Originator@6876 sub=PropertyProvider] RecordOp ASSIGN: summary.runtime, ha-root-pool. Sent notification immediately.
2017-12-12T08:06:39.247Z error hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] NV_ReadPublic: (0x18b) Unknown
2017-12-12T08:06:39.247Z info hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Vendor provided RSA endorsement key template is not present in NV memory. Using default template per TGC spec.
2017-12-12T08:06:39.288Z error hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] NV_ReadPublic: (0x18b) Unknown
2017-12-12T08:06:39.375Z info hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Could not extract X509 public key.
2017-12-12T08:06:39.376Z error hostd[1001392646] [Originator@6876 sub=Hostsvc.Tpm20Provider] Unable to provision default rsa endorsement key.
Environment
VMware vSphere ESXi 6.7
Resolution
To resolve this issue, perform one of the below:
- Disable TPM from BIOS
- Switch to TPM 1.2 mode
Additional Information
Feedback
Yes
No
Powered by
