TPM with ESXi on a Gen8 Microserver?

[ak88 3]

I have ordered a couple of TPM modules from China for my two Gen8 servers (Hyper-V and ESXi 7). My objective is to encrypt a VM on the ESXi box, at the moment I have Eset Encryption running on the VM but when it boots I have to connect to the console to log into the encryption so would prefer to use the TPM for authentication. I know there are other options for VM encryption but it seems a lot of messing around to have vCenter and a KMS on a host that runs a few VMs and is limited to 16GB RAM.

 

The part that I think may cause an issue is the fact the Gen8 Microserver doesn't have UEFI BIOS:

Quote

UEFI secure boot, which ensures that only signed software is loaded at boot time, is a requirement for successful attestation.

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-10F7022C-DBE1-47A2-BD86-3840C6955057.html

 

I will give it a shot when the modules arrived but wondered if anyone had given it a try already? The modules were cheap so no loss if it won't work and I will just stick with my licensed Eset Encryption.

 

Thanks

[E3000 5]

I had a TPM module but sold it as i received a very good offer at the time. I have not tried it but would be very interested in your findings. 

[ak88 3]

My modules arrived today, I installed them and enabled TPM in the BIOS of both hosts. As expected, Hyper-V shows the TPM module in device manager and I can enable Bitlocker but in ESXi 7.0.1 if I create a new VM, enable Virtualization Based Security and click Add Other Device then a TPM is not listed.

 

When I have more time will look into this further.