文档ID:a00136546en_us Last Updated: 2025-01-31
影响范围:
任何符合以下配置的 HPE ProLiant 或 Synergy Gen10 服务器:
已配置 TPM 2.0 安全芯片
VMware ESXi 7.x
VMware ESXi 8.x
更早版本的 VMware ESXi
任何 ProLiant Gen10 服务器或 Synergy Gen10 计算模块,如果其配备的 TPM ,在系统配置 (RBSU) 中配置为 2.0 设备,且包含带公钥 (rsaesOaep) 的认可密钥证书,则VMware ESXi 7.x、8.x 或更早版本不支持使用OpenSSL。
在主机日志中会出现如下错误:
hostd.7:2023-05-25T15:19:15.419Z info hostd[2099610] [Originator@6876 sub=Hostsvc.TpmEventLogProvider] TpmEventLogProvider created hostd.7:2023-05-25T15:19:15.430Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: DictionaryAttackLockReset: (0x921) TPM_RC_LOCKOUT hostd.7:2023-05-25T15:19:15.430Z info hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: Unable to reset the dictionary attack counter hostd.7:2023-05-25T15:19:15.469Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: EK does not match EK certificate by public key content hostd.7:2023-05-25T15:19:15.479Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown hostd.7:2023-05-25T15:19:15.479Z info hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: Vendor provided RSA endorsement key template is not present in NV memory. Using default template per TGC spec hostd.7:2023-05-25T15:19:15.490Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown hostd.7:2023-05-25T15:19:15.569Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: EK does not match EK certificate by public key content hostd.7:2023-05-25T15:19:15.569Z error hostd[2099610] [Originator@6876 sub=Hostsvc.Tpm20Provider] Unable to provision default rsa endorsement key. hostd.7:2023-05-25T15:19:15.569Z info hostd[2099610] [Originator@6876 sub=Hostsvc.Tpm20Provider] Raised TPM Config Issue: (vim.event.EventEx) {
添加启用了 TPM2.0 功能的主机后,vCenter Server 报告以下消息:
"Host attestation is failing."
N/A
可以使用以下解决方法:
BIOS中禁用TPM或BIOS更改TPM设置,将2.0更改为1.2
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作