It’s important to make sure that you have a backup of the TPM recovery key from your ESXi hosts. So, in this guide I’ll show to do that.
Introduction
Validated on
This how-to have been tested and known to work, but not limited to the following versions
- ESXi 8
Prerequisite
- Root access to ESXi
- SSH software
- macOS, you can use Terminal
- Linux, you can use Terminal
- Windows, I do recommend you to use PuTTY
Start
If you see a banner like this in vSphere then it’s time to take a backup, you should have a backup even without that banner showing.
Enable and connect trough SSH
First, we need to connect to the ESXi host with SSH so we need to enable it.
Login to your ESXi host trough the WebGUI
Click on Action then in the dropdown menu click Services -> Enable Secure Shell (SSH)
Now open SSH console, you can do that either trough ESXi WebGUI or just use any SSH prompt.
Collect Recovery ID and key
It’s time to collect the recovery ID and key, remember to save it in a safe place.
Write the following in the SSH prompt to verify that TPM and secure boot are enabled
esxcli system settings encryption get
It’s time to collect the recovery key so write the following and press enter
esxcli system settings encryption recovery list
Disable SSH
- Now when you have saved the recovery ID and key remember to disable SSH, you can do that by clicking first on Action then in the dropdown menu click Services -> Disable Secure Shell (SSH)
Conclusion
Now we are done and can sleep during the nights when we have saved the TPM recovery information