![trusted platform module 2.0 download trusted platform module 2.0 download](https://www.majorgeeks.com/files/file/13039_video+downloadhelper+for+firefox.jpg)
For more details, see the vSphere Security documentation. However, if you want to perform host attestation, an external entity, such as a TPM 2.0 physical chip, is required. Also, because the VM home files of a vTPM-enabled virtual machine are encrypted, ensure that the encryption keys are available at the time of a restore.Ī vTPM does not require a physical Trusted Platform Module (TPM) 2.0 chip to be present on the ESXi host. If your backup does not include the *.nvram file, you cannot restore a virtual machine with a vTPM. When you back up a virtual machine enabled with a vTPM, the backup must include all virtual machine data, including the *.nvram file. You can choose to add encryption explicitly for the virtual machine and its disks.
![trusted platform module 2.0 download trusted platform module 2.0 download](https://danielengberg.com/wp-content/uploads/2018/10/HP-TPM-2.0-Create-package-2.png)
When you configure a vTPM, the virtual machine files are encrypted but not the disks. A vTPM depends on virtual machine encryption to secure vital TPM data. You can add a vTPM to either a new or an existing virtual machine. With an attached vTPM, a third party can remotely attest to (validate) the identity of the firmware and the guest operating system. These keys can be used only by the guest operating system for encryption or signing. Usually, compromising the guest operating system compromises its secrets, but enabling a vTPM greatly reduces this risk. Therefore, the virtual machine attack surface is reduced. These keys are not exposed to the guest operating system itself. When added to a virtual machine, a vTPM enables the guest operating system to create and store keys that are private. VTPMs provide hardware-based, security-related functions such as random number generation, attestation, key generation, and more. A virtual Trusted Platform Module (vTPM) is a software-based representation of a physical Trusted Platform Module 2.0 chip.