The VMware Workstation Pro supports TPM version 2.0, you can enable trusted platform module on your virtual machine. In this post I will show you how to encrypt a virtual machine and enable TPM on it.
According to VMware you can add a virtual cryptoprocessor that uses Trusted Platform Module (TPM) technology to an encrypted virtual machine. Later you can also remove the cryptoprocessor from the virtual machine.
TPM technology provides hardware-based, security-related functions. A TPM cryptoprocessor carries out cryptographic operations.
In Windows 10, BitLocker is an encryption feature available in both Professional and Enterprise editions. However it requires a Trusted Platform Module (TPM) on the system.
If you don’t have TPM, you can still enable BitLocker encryption. To enable BitLocker encryption on Windows 10 without TPM, read this post.
Note – You can add TPM device on an encrypted virtual machine with a minimum hardware version of 14 that uses the UEFI firmware type.
On a Virtual Machine, when you attempt to add a trusted platform module, it won’t allow you to do that. This is because the VM must be encrypted before you enable TPM.
Hence lets look at the steps to encrypt the VM and then enable TPM on it.
Step 1 – Encrypt the Virtual Machine
To encrypt a virtual machine:-
- First of all Power Off the VM. You cannot encrypt a VM while it is in Power On state.
- Edit the VM settings and click Options tab.
- Under Settings, click Access Control. To encrypt the VM, click Encrypt.
To encrypt a VM, you must set a password for the virtual machine. Enter a strong password and click Encrypt.
Depending on the size of the virtual machine, the encryption process could take some time.
After the VM encryption is complete, edit the VM settings and click Access Control. Now it shows This virtual machine is encrypted.
If you wish to change the secure password, you can do that by clicking Change Password button. Click OK.
Step 2 – Enable Trusted Platform Module on Virtual Machine
After you encrypt the virtual machine, use the below steps to enable Trusted Platform Module(TPM) on virtual machine.
- Power off the VM (In case if its turned on).
- Go the virtual machine settings and under Hardware tab, click Add button.
- On the Add hardware wizard box, select Trusted Platform Module and click Finish.
- Clicking Finish button enables the TPM on virtual machine.
Once the TPM is enabled, you can verify it under the VM settings. The Trusted Platform Module shows as Present.
To verify if the TPM has been enabled on the VM, restart the VM and go to BIOS. Check the TPM configuration and it should show the TPM version as 2.0.
In addition to the above method, you can also login to the OS and check the TPM details. Type TPM.msc in the run command and press enter. This opens the TPM management on local computer. Under Status it shows TPM is ready for use. For TPM version, look for the details under TPM Manufacturer Information.
To check the TPM details using command line, read this post.
For our work it’s required to have turned on Bitlocker as well which requires a TPM in our case. Due to TPM the VM is already encrypted bu Fusion or VMware Workstation which does mean we are doubling encryption if I’m correct. Is there a way around the requirement to encrypt the VM from fusion or VMware Workstation so we will benefit from disk performance. Bitlocker seems to have much less impact compared to the VMware encryption of the VM.
Nice
Amazing article. Bundle of thanks and keep up the good work.