By checking that the information corresponds to a configuration it deems trusted, a vCenter Server identifies the platform on a previously untrusted host.
VCenter Server requests that the host sends an Attestation Report, which contains a quote of Platform Configuration Registers (PCRs), signed by the TPM, and other signed host binary metadata.
Retrieve the Attestation Report from the host. Part of the AK creation process also involves the verification of the TPM hardware itself, to ensure that a known (and trusted) vendor has produced it. When an ESXi host is added to, rebooted from, or reconnected to vCenter Server, vCenter Server requests an AK from the host. Establish the trustworthiness of the remote TPM and create an Attestation Key (AK) on it. The high-level steps of the remote attestation process are: The TPM 2.0 chip records and securely stores measurements of the software modules booted in the system, which vCenter Server remotely verifies. UEFI secure boot, which ensures that only signed software is loaded at boot time, is a requirement for successful attestation. Host attestation is the process of authenticating and attesting to the state of the host's software at a given point in time. 
vSphere 6.7 and later supports TPM version 2.0.Ī TPM 2.0 chip attests to an ESXi host's identity. TPM chips are found in most of today's computers, from laptops, to desktops, to servers. TPM is an industry-wide standard for secure cryptoprocessors. ESXi hosts can use Trusted Platform Modules (TPM) chips, which are secure cryptoprocessors that enhance host security by providing a trust assurance rooted in hardware as opposed to software.
0 kommentar(er)
