ManualsPro Dell DELL VxRail TPM and Secure Boot Technical Instructions

DELL VxRail TPM and Secure Boot Technical Instructions

June 9, 2024
Dell

DELL logo VxRail TPM and Secure Boot Technical
InstructionsDELL VxRail TPM and Secure Boot Technical - figure 17 Dell VxRail TPM and Secure Boot
Technical note
May 2022

Abstract
This document describes how to resolve “Host Secure Boot was disabled” issues, by either enabling Secure Boot or disabling the TPM module.
Copyright
The information in this publication is provided as is. Dell Technologies believes the information in this document is accurate as of its publication date. The information is subject to change without notice.
Copyright © [2022] Dell Technologies or its subsidiaries. All Rights Reserved.

Procedure summary

By default, VxRail ships from the factory with TPM module enabled and Secure Boot disabled. After you receive the VxRail and complete VxRail Manager first run, the host
might not pass attestation. To resolve “Host Secure Boot was disabled” issues, either enable Secure Boot or disable the TPM module.
Note: VMware QuickBoot is not supported when Secure Boot is enabled.
To enable Secure Boot, see the ‘How to Enable Secure Boot” section of this document.
After enabling Secure Boot, if the TPM hierarchy is disabled by mistake, the host might not pass attestation. To resolve the “Unable to provision Endorsement Key on TPM 2.0 device: Endorsement Key creation failed on device.”/ “Internal failure” issue, see the ‘How to Enable Hierarchy’ section of this document.
To disable the TPM module, see the ‘How to Disable TPM” section of this document.
If after disabling the TPM, you want to enable Secure Boot, see the ‘How to Enable TPM and Secure Boot” section of this document. In this case, the host might show “N/A” message in attestation view until the TPM and Secure Boot are enabled.

How to Enable Secure Boot

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to vCenter Server by using the vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “Host Secure Boot was disabled”, you must enable Secure Boot to resolve the problem.DELL VxRail TPM and Secure Boot Technical - figure 1

  7. Verify whether Secure Boot can be enabled. If it cannot be enabled, contact Dell Tech Support.DELL VxRail TPM and Secure Boot Technical - figure 2

  8. Enable Secure Boot:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.DELL VxRail TPM and Secure Boot Technical - figure 3b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM Advanced Settings.
    c. Select Secure Boot enable and click Apply > OK > Apply and Reboot.DELL VxRail TPM and Secure Boot Technical - figure 4d. Click Job queue. Wait for all jobs to complete 100%.DELL VxRail TPM and Secure Boot Technical - figure 5e. Log in to the VMware vCenter vSphere Client and set the node to Exit Maintenance Mode. DELL VxRail TPM and Secure Boot Technical - figure 6

  9. Perform Step 8 on each node until all nodes have Secure Boot enabled from iDRAC.

  10. Log in to VMware vCenter vSphere Client and select the data center.

  11. Click the Monitor and Security tab to verify that the latest Attestation status shows “Passed”.

  12. If you see the alarm with a red icon, select it and click RESET TO GREEN.DELL VxRail TPM and Secure Boot Technical - figure 7

How to Enable TPM and Secure Boot

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to VMware vCenter Server using the VMware vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “N/A”, enable TPM and Secure Boot to resolve the issue.DELL VxRail TPM and Secure Boot Technical - figure 8

  7. Verify whether Secure Boot can be enabled. If it cannot be enabled, contact Dell Tech Support.DELL VxRail TPM and Secure Boot Technical - figure 9

  8. Enable TPM and Secure Boot:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.
    b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM Security “On” > TPM Advanced Settings.
    c. Select Secure Boot “enable” and click Apply > OK > Apply and Reboot.
    d. Click Job queue. Wait for all jobs to complete 100%.
    e. Go to Dashboard > Virtual Console to see if console shows “successfully completed”; if yes, continue.DELL VxRail TPM and Secure Boot Technical - figure 10f. Log in to VMware vCenter vSphere Client and disconnect the node.
    g. Reconnect the node, and then Exit Maintenance Mode.DELL VxRail TPM and Secure Boot Technical - figure 11DELL VxRail TPM and Secure Boot Technical - figure 12

  9. Perform Steps 7 and 8 on each node until all nodes have TPM and Secure Boot enabled from iDRAC.

  10. Log in to VMware vCenter vSphere Client and go to the data center.

  11. Click the Monitor and Security tab to verify that the latest Attestation status is “Passed”. If you see an alarm with a red icon, select the specific Triggered Alarm and click RESET TO GREEN.

How to Disable TPM

Note: Before you disable TPM, ensure that Secure Boot has been enabled on the host.

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to VMware vCenter Server by using the VMware vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “Host Secure Boot was disabled”, you must disable TPM to resolve the problem if you do not want to enable Secure Boot.DELL VxRail TPM and Secure Boot Technical - figure 13

  7. If you see an alarm with a red icon, select the specific Triggered Alarm and click RESET TO GREEN.

  8. Disable TPM:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.
    b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM Security “Off” > TPM Advanced Settings.
    c. Select Secure Boot “disable” and click Apply > OK > Apply and Reboot.
    d. Click Job queue. Wait for all jobs to complete 100%.
    e. Go to Dashboard > Virtual Console to see if console shows “successfully completed”; if yes, continue.
    f. Log in to the VMware vCenter vSphere Client and select Exit Maintenance Mode.

  9. Perform Steps 7 and 8 on each node until all nodes have TPM disable from iDRAC.

  10. Log in to VMware vCenter vSphere Client and select a data center.

  11. Select the Monitor and Security tab to verify that the latest Attestation message failed. The TPM version and TXT show “N/A” and Message shows “Host Secure Boot was disabled”.DELL VxRail TPM and Secure Boot Technical - figure 14

How to Enable Hierarchy

  1. View the ESXi host alarm status and accompanying error message.

  2. Connect to VMware vCenter Server by using the VMware vSphere Client.

  3. Select a data center and click the Monitor tab.

  4. Click Security.

  5. Review the host status in the Attestation column and read the accompanying message in the Message column.

  6. If the error message is “Unable to provision Endorsement Key on TPM 2.0 device: Endorsement Key creation failed on device”, you must enable TPM Hierarchy
    to resolve the issue.DELL VxRail TPM and Secure Boot Technical - figure 16

  7. If you see an alarm with a red icon, select the specific Triggered Alarm and click RESET TO GREEN.

  8. Enable TPM hierarchy:
    a. From the VMware vCenter vSphere Client, move one node to Enter Maintenance Mode.
    b. Log in to iDRAC to configure Secure Boot, and select the Configure tab > BIOS Settings > System Security > TPM >.
    c. Select TPM Hierarchy “Enable” and click Apply > OK > Apply and Reboot.
    d. Click Job queue. Wait for all jobs to complete 100%.
    e. Go to Dashboard > Virtual Console to see if console shows “successfully completed”; if yes, continue.
    f. Log in to the VMware vCenter vSphere Client and select Exit Maintenance Mode.

  9. Perform Steps 7 and 8 on each node until all nodes have TPM hierarchy enabled from iDRAC.

  10. Login VMware vCenter vSphere Client and select a data center.

  11. Click the Monitor tab > Security to verify latest Attestation message as “Passed”.

DELL VxRail TPM and Secure Boot Technical - figure 17 Dell VxRail TPM and Secure Boot

Documents / Resources

| DELL VxRail TPM and Secure Boot Technical [pdf] Instructions
VxRail TPM and Secure Boot, VxRail TPM, Secure Boot
---|---

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

Dell User Manuals

DELL Latitude E7240-E7440 Series Backlit Laptop Keyboard Instruction Manual
Dell
Dell OptiPlex 5000 Tower Desktop Computer Owner’s Manual
Dell
DELL G15 5520 GPU Gaming Laptop User Guide
Dell
DELL 2200MP Micro Portable Projectors Instruction Manual
Dell
DELL WR110 Universal Pairing Receiver User Guide
Dell
DELL Inspiron 15 3520 Portable Laptop User Guide
Dell
Dell 163TJ 1610HD Projector User Guide
Dell
DELL Precision 7670 Portable Laptop User Guide
Dell
DELL XPS 9315 Portable Laptop User Guide
Dell
DELL WM514 Wireless Mouse Owner’s Manual
Dell
Dell OptiPlex 7400 All-in-One Desktop User Manual
Dell
DELL XPS 15 9530 HD Touchscreen Laptop User Guide
Dell
DELL Latitude 5521 Laptop User Guide
Dell
Dell EMC PowerEdge R650 Instruction Manual
DELL EMC
Dell E74S001 PowerEdge R450 User Guide
Dell
DELL EMC PowerEdge XR12 Rack Server Instruction Manual
DELL EMC
DELL OptiPlex 5090 Small Form Factor User Guide
Dell
DELL Latitude 7220 Rugged Extreme Tablet User Guide
Dell
DELL Inspiron 16 7630 2 In 1 Laptop User Guide
Dell
DELL OptiPlex Micro Plus 7010 Desktop PC User Guide
Dell

Related Manuals

TECHKO SG-805 Solar Spotlight User Manual
TECHKO
ROIDMI X30 Pro Cordless Vacuum Cleaner Instruction Manual
ROIDMI
NightSearcher NSPRO250 Pro 250 Rechargeable SMD LED USB Inspection Lamp User Manual
NightSearcher
ROTAI ROTFM001-O Vibration Foot Massager User Manual
ROTAI
TEAM ASSOCIATED 90030 Electric Off-Road Buggy Team Kit User Manual
TEAM ASSOCIATED
Shenzhen I Link Technology WP35 Smart Wireless Charging Car Holder User Manual
Shenzhen I Link Technology
NUU GARDEN DAC208 Cast Aluminum Bistro ArmChair Installation Guide
NUU GARDEN
RockerTech 197004611 Sensation 4D Massage Chair User Guide
RockerTech
ROLL-N-LOCK M Series Retractable Truck Bed Tonneau Cover Installation Guide
ROLL-N-LOCK
KOHLER K-97500 Avid Double Robe Hook Instructions
Kohler
DENON RCD-N12DABE2 Network CD Receiver User Guide
Denon
inhand Networks CR202 Portable 4G Router Installation Guide
Inhand
Solartronic Focustronic Lightning Fixture User Guide
Solartronic
dji MAVIC 3 Enterprise Series Owner’s Manual
DJi
NZXT Function Mini TKL Wireless Keyboard User Guide
Nzxt
Kenmore 63299 Toaster And Microwave Installation Guide
Kenmore
Hisense AHD2524K1W Dehumidifier White Instructions
Hisense
MSA Respiratory Protective Filters Instructions
MSA
MASIGO X5003 Front and Rear Dual Channel Dash Camera User Manual
MASIGO
CREATIVE OUTLIER AIR/ AIR SPORTS EF0830 User Guide
Creative
JBL Studio 2 6IC Manual
JBL
Kitchenaid KSIS730PSS 30 Inch 4 Element Induction Slide In Convection Range with Air Fry User Guide
KitchenAid
Vision Security Power Monitor ZL7261DE-5 Manual
Vision Security
Kydera DR-100 Series DR-8500UV VHF UHF DMR Digital Walkie-Talkie Radio User Manual
Kydera
CLAS OM 2512 Top Hub Extraction Rings User Manual
CLAS
MESA BOOGIE 2023_MESA_EU Universal Guitar Amp User Guide
MESA BOOGIE
EVERBILT UTA02510 2-In-1 Utility Pump User Manual
Everbilt
FALCON RIDGE John Deere Gator XUV 620i Cab Instruction Manual
FALCON RIDGE
amazon basics B08989MX5T 4 in 1 USB C Adapter Instruction Manual
amazon basics
Johan Lewis Meadow Shaded pendant User Manual
JOHAN LEWIS
Contact Us   Privacy Policy   5.868ms