ManualsPro Dell DELL VxRail TPM and Secure Boot Technical Instructions

DELL VxRail TPM and Secure Boot Technical Instructions

June 9, 2024
Dell

DELL logo VxRail TPM and Secure Boot Technical
InstructionsDELL VxRail TPM and Secure Boot Technical - figure 17 Dell VxRail TPM and Secure Boot
Technical note
May 2022

Abstract
This document describes how to resolve “Host Secure Boot was disabled” issues, by either enabling Secure Boot or disabling the TPM module.
Copyright
The information in this publication is provided as is. Dell Technologies believes the information in this document is accurate as of its publication date. The information is subject to change without notice.
Copyright © [2022] Dell Technologies or its subsidiaries. All Rights Reserved.

Procedure summary

By default, VxRail ships from the factory with TPM module enabled and Secure Boot disabled. After you receive the VxRail and complete VxRail Manager first run, the host
might not pass attestation. To resolve “Host Secure Boot was disabled” issues, either enable Secure Boot or disable the TPM module.
Note: VMware QuickBoot is not supported when Secure Boot is enabled.
To enable Secure Boot, see the ‘How to Enable Secure Boot” section of this document.
After enabling Secure Boot, if the TPM hierarchy is disabled by mistake, the host might not pass attestation. To resolve the “Unable to provision Endorsement Key on TPM 2.0 device: Endorsement Key creation failed on device.”/ “Internal failure” issue, see the ‘How to Enable Hierarchy’ section of this document.
To disable the TPM module, see the ‘How to Disable TPM” section of this document.
If after disabling the TPM, you want to enable Secure Boot, see the ‘How to Enable TPM and Secure Boot” section of this document. In this case, the host might show “N/A” message in attestation view until the TPM and Secure Boot are enabled.

How to Enable Secure Boot

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to vCenter Server by using the vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “Host Secure Boot was disabled”, you must enable Secure Boot to resolve the problem.DELL VxRail TPM and Secure Boot Technical - figure 1

  7. Verify whether Secure Boot can be enabled. If it cannot be enabled, contact Dell Tech Support.DELL VxRail TPM and Secure Boot Technical - figure 2

  8. Enable Secure Boot:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.DELL VxRail TPM and Secure Boot Technical - figure 3b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM Advanced Settings.
    c. Select Secure Boot enable and click Apply > OK > Apply and Reboot.DELL VxRail TPM and Secure Boot Technical - figure 4d. Click Job queue. Wait for all jobs to complete 100%.DELL VxRail TPM and Secure Boot Technical - figure 5e. Log in to the VMware vCenter vSphere Client and set the node to Exit Maintenance Mode. DELL VxRail TPM and Secure Boot Technical - figure 6

  9. Perform Step 8 on each node until all nodes have Secure Boot enabled from iDRAC.

  10. Log in to VMware vCenter vSphere Client and select the data center.

  11. Click the Monitor and Security tab to verify that the latest Attestation status shows “Passed”.

  12. If you see the alarm with a red icon, select it and click RESET TO GREEN.DELL VxRail TPM and Secure Boot Technical - figure 7

How to Enable TPM and Secure Boot

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to VMware vCenter Server using the VMware vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “N/A”, enable TPM and Secure Boot to resolve the issue.DELL VxRail TPM and Secure Boot Technical - figure 8

  7. Verify whether Secure Boot can be enabled. If it cannot be enabled, contact Dell Tech Support.DELL VxRail TPM and Secure Boot Technical - figure 9

  8. Enable TPM and Secure Boot:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.
    b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM Security “On” > TPM Advanced Settings.
    c. Select Secure Boot “enable” and click Apply > OK > Apply and Reboot.
    d. Click Job queue. Wait for all jobs to complete 100%.
    e. Go to Dashboard > Virtual Console to see if console shows “successfully completed”; if yes, continue.DELL VxRail TPM and Secure Boot Technical - figure 10f. Log in to VMware vCenter vSphere Client and disconnect the node.
    g. Reconnect the node, and then Exit Maintenance Mode.DELL VxRail TPM and Secure Boot Technical - figure 11DELL VxRail TPM and Secure Boot Technical - figure 12

  9. Perform Steps 7 and 8 on each node until all nodes have TPM and Secure Boot enabled from iDRAC.

  10. Log in to VMware vCenter vSphere Client and go to the data center.

  11. Click the Monitor and Security tab to verify that the latest Attestation status is “Passed”. If you see an alarm with a red icon, select the specific Triggered Alarm and click RESET TO GREEN.

How to Disable TPM

Note: Before you disable TPM, ensure that Secure Boot has been enabled on the host.

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to VMware vCenter Server by using the VMware vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “Host Secure Boot was disabled”, you must disable TPM to resolve the problem if you do not want to enable Secure Boot.DELL VxRail TPM and Secure Boot Technical - figure 13

  7. If you see an alarm with a red icon, select the specific Triggered Alarm and click RESET TO GREEN.

  8. Disable TPM:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.
    b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM Security “Off” > TPM Advanced Settings.
    c. Select Secure Boot “disable” and click Apply > OK > Apply and Reboot.
    d. Click Job queue. Wait for all jobs to complete 100%.
    e. Go to Dashboard > Virtual Console to see if console shows “successfully completed”; if yes, continue.
    f. Log in to the VMware vCenter vSphere Client and select Exit Maintenance Mode.

  9. Perform Steps 7 and 8 on each node until all nodes have TPM disable from iDRAC.

  10. Log in to VMware vCenter vSphere Client and select a data center.

  11. Select the Monitor and Security tab to verify that the latest Attestation message failed. The TPM version and TXT show “N/A” and Message shows “Host Secure Boot was disabled”.DELL VxRail TPM and Secure Boot Technical - figure 14

How to Enable Hierarchy

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to VMware vCenter Server by using the VMware vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “Unable to provision Endorsement Key on TPM 2.0 device: Endorsement Key creation failed on device”, you must enable TPM Hierarchy
    to resolve the issue.DELL VxRail TPM and Secure Boot Technical - figure 16

  7. If you see an alarm with a red icon, select the specific Triggered Alarm and click RESET TO GREEN.

  8. Enable TPM hierarchy:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.
    b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM >.
    c. Select TPM Hierarchy “Enable” and click Apply > OK > Apply and Reboot.
    d. Click Job queue. Wait for all jobs to complete 100%.
    e. Go to Dashboard > Virtual Console to see if console shows “successfully completed”; if yes, continue.
    f. Log in to the VMware vCenter vSphere Client and select Exit Maintenance Mode.

  9. Perform Steps 7 and 8 on each node until all nodes have TPM hierarchy enabled from iDRAC.

  10. Login VMware vCenter vSphere Client and select a data center.

  11. Click the Monitor tab > Security to verify latest Attestation message as “Passed”.

DELL VxRail TPM and Secure Boot Technical - figure 17 Dell VxRail TPM and Secure Boot

Documents / Resources

| DELL VxRail TPM and Secure Boot Technical [pdf] Instructions
VxRail TPM and Secure Boot, VxRail TPM, Secure Boot
---|---

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Dell User Manuals

DELL Latitude E7240-E7440 Series Backlit Laptop Keyboard Instruction Manual
Dell
Dell OptiPlex 5000 Tower Desktop Computer Owner’s Manual
Dell
DELL G15 5520 GPU Gaming Laptop User Guide
Dell
DELL 2200MP Micro Portable Projectors Instruction Manual
Dell
DELL WR110 Universal Pairing Receiver User Guide
Dell
DELL Inspiron 15 3520 Portable Laptop User Guide
Dell
Dell 163TJ 1610HD Projector User Guide
Dell
DELL Precision 7670 Portable Laptop User Guide
Dell
DELL XPS 9315 Portable Laptop User Guide
Dell
DELL WM514 Wireless Mouse Owner’s Manual
Dell
Dell OptiPlex 7400 All-in-One Desktop User Manual
Dell
DELL XPS 15 9530 HD Touchscreen Laptop User Guide
Dell
DELL Latitude 5521 Laptop User Guide
Dell
Dell EMC PowerEdge R650 Instruction Manual
DELL EMC
Dell E74S001 PowerEdge R450 User Guide
Dell
DELL EMC PowerEdge XR12 Rack Server Instruction Manual
DELL EMC
DELL OptiPlex 5090 Small Form Factor User Guide
Dell
DELL Latitude 7220 Rugged Extreme Tablet User Guide
Dell
DELL Inspiron 16 7630 2 In 1 Laptop User Guide
Dell
DELL OptiPlex Micro Plus 7010 Desktop PC User Guide
Dell

Related Manuals

Trust Trino HD 720P Webcam Installation Guide
Trust
Symetrix RCA-3.5 xIO Bluetooth Expanders User Guide
Symetrix
TPMS Tire Pressure Monitoring System Instructions
TPMS
beamZ 153.215 Mini Star Ball Sound RGBWA LED 6x3W Instruction Manual
beamZ
Good Earth RE1342-WHG-02LF3-F LED Disk Light with Power Bank Instruction Manual
Good Earth
AEG IKX32300CB Built In Hob User Manual
AEG
RHINO-RACK 43173 Pioneer LED Light Bracket Instruction Manual
RHINO RACK
amazon basics B0799BK2RK Biometric Fingerprint Safe User Manual
amazon basics
asustor AS5202T Nimbustor 2 Gaming Inspired Network Attached Storage Installation Guide
asustor
Timberland VX9J Dual Time Leather Strap Watch Instruction Manual
Timberland
SCANGRIP 03.6102 Nova 10 CAS LED Floodlight Instruction Manual
SCANGRIP
HUDSON VALLEY H823914 Sutter 14 Light Chandelier Installation Guide
HUDSON VALLEY
FEATHER 2990 Surgical Blade Remover Instruction Manual
Feather
SENA SMART HJC 50B Intercom Flat Black User Manual
Sena
CASIO 5607 Baby Watch User Guide
Casio
Sorvall RT600D Table Top Centrifuges Instruction Manual
Sorvall
Sinknap 12 Digit Standard Calculator User Manual
Sinknap
INNOKIN T18II E Cigarette Vape Pen Starter Kit User Guide
INNOKIN
LOREX W482CAD Series 2K WiFi Camera User Guide
Lorex
dji 4-Channel Intelligent Battery Chargeb User Guide
DJi
duux DXHU07 Beam Mini Smart Ultrasonic Humidifier User Manual
duux
VOX WMI1080T15A Washing Machine User Manual
VOX
TOMAHAWK TOS38 38-Inch Push Sweeper User Manual
TOMAHAWK
INSIGNIA NS-HMG1856 Metal and Glass TV Stand for TVs up to 65” or 110 lbs User Manual
Insignia
1706408 Tundra with Tracks Deuce Instruction Manual
DEUCE
PANORAXY A16 Wireless Home Indoor Security Camera User Guide
PANORAXY
benchcraft B784-31 Brewgan 7 Drawer Dresser User Manual
benchcraft
Grill D Cometa 180 Vega Short Wood Burning Sauna Heater User Manual
Grill D
solis Cool Type 7587 Air Cooler User Manual
solis
Menuett 802709 Smart Iron Steam Instruction Manual
Menuett
Contact Us   Privacy Policy   4.091ms