Starting with vSphere 7.0 U2, all ESXi hosts that have a TPM 2.0 enabled device will start using TPM to encrypt the host configuration.
It’s possible that the host may not be able to complete booting due to host configuration encryption related problems, see
Boot time failures due to ESX configuration encryption. In such cases, the host’s configuration may be restored by going through the configuration recovery process.
Symptoms:
Adding an ESXi host to vCenter Server triggers the “TPM Encryption Recovery Key Backup” warning alarm if:
- TPM 2.0 is enabled
- The environment is Sphere 7.0U2 (or later)