BugZero | Hewlett Packard Enterprise BugID a00136546en_us - HPE ProLiant/Synergy Gen10 Servers

BugZero | Hewlett Packard Enterprise BugID a00136546en_us - HPE ProLiant/Synergy Gen10 Servers - TPM Configure...

Hewlett Packard Enterprise - Defect ID: a00136546en_us

HPE ProLiant/Synergy Gen10 Servers - TPM Configured as a TPM 2.0 Device Containing Endorsement Key Certificate with Public Key (rsaesOaep) Is Not Supported by OpenSSL Used by VMware ESXi 7.x, 8.x Or Earlier

Hewlett Packard Enterprise - Defect ID: a00136546en_us

HPE ProLiant/Synergy Gen10 Servers - TPM Configured as a TPM 2.0 Device Containing Endorsement Key Certificate with Public Key (rsaesOaep) Is Not Supported by OpenSSL Used by VMware ESXi 7.x, 8.x Or Earlier

Last updated on January 31st, 2025

BugZero Risk Score
6.0 Medium

Overall: 6.0

Severity: 6.4

Community: 6.4

What is the BugZero Risk Score?

Hewlett Packard Enterprise Integration

Learn more about where this data comes from

Hewlett Packard Enterprise Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Medium
Views: 60

Description

Summary

Any ProLiant Gen10 server or Synergy Gen10 Compute Module with a TPM that has been configured as a 2.0 device in System Configuration (RBSU) containing an endorsement key certificate with public key (rsaesOaep) is not supported by OpenSSL used by VMware ESXi 7.x, 8.x or earlier.In the host log, the following error will occur:hostd.7:2023-05-25T15:19:15.419Z info hostd[2099610] [Originator@6876 sub=Hostsvc.TpmEventLogProvider] TpmEventLogProvider created hostd.7:2023-05-25T15:19:15.430Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: DictionaryAttackLockReset: (0x921) TPM_RC_LOCKOUT hostd.7:2023-05-25T15:19:15.430Z info hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: Unable to reset the dictionary attack counter hostd.7:2023-05-25T15:19:15.469Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: EK does not match EK certificate by public key content hostd.7:2023-05-25T15:19:15.479Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown hostd.7:2023-05-25T15:19:15.479Z info hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: Vendor provided RSA endorsement key template is not present in NV memory. Using default template per TGC spec hostd.7:2023-05-25T15:19:15.490Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: NV_ReadPublic: (0x18b) Unknown hostd.7:2023-05-25T15:19:15.569Z error hostd[2099610] [Originator@6876 sub=Libs] Tpm2Cmd: EK does not match EK certificate by public key content hostd.7:2023-05-25T15:19:15.569Z error hostd[2099610] [Originator@6876 sub=Hostsvc.Tpm20Provider] Unable to provision default rsa endorsement key. hostd.7:2023-05-25T15:19:15.569Z info hostd[2099610] [Originator@6876 sub=Hostsvc.Tpm20Provider] Raised TPM Config Issue: (vim.event.EventEx) {The vCenter Server reports the following message after adding a host with the TPM2.0 feature enabled:"Host attestation is failing."

Scope

Any ProLiant/Synergy Gen10 with TPM configured for 2.0 running VMware ESXi 7.x/8.x or earlier.

Resolution

The following workarounds are available:Disable the TPM in the BIOS using RBSU.ORChange the TPM setting in the BIOS from 2.0 to 1.2.Revision HistoryDocument VersionRelease DateDetails2January 31, 2025Updated to add VMware ESXi 8.0.1December 13, 2023Original Document Release.

Affected OS

Operating Systems Affected:VMware ESXi 6.0, VMware ESXi 6.5, VMware ESXi 6.7, VMware ESXi 7.0, VMware ESXi 8.0

Change history

2025-01-31 Added: HPE ProLiant DL325 Gen10 server, HPE ProLiant DL360 Gen10 server, HPE ProLiant DL380 Gen10 server, HPE ProLiant DL560 Gen10 server, HPE ProLiant DL580 Gen10 server, HPE ProLiant ML350 Gen10 server, HPE ProLiant XL190r Gen10 Server, HPE Synergy 480 Gen10 Compute Module, HPE Synergy 660 Gen10 Compute Module

Relevant Products

Click on a version to see all relevant bugs

Affected versions:Not Applicable

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Affected versions:Not Applicable

Fixed versions: No known fixed versions

Top Hewlett Packard Enterprise Defects

8.0Defect ID: a00154389en_us
HPE Alletra Storage MP B10000 - Active Peer Persistence RemoteCopy Configuration May Incur a Service Disruption When Removing the Last Host from a Hostset
8.0Defect ID: a00155705en_us
HPE B-Series Fibre Channel Switches - A Physical Link Issue From Faulty Infrastructure Affects SN6600B, SN6650B, SN8600B, and SN8700B Switches, Causing An Unrecoverable Switch Failure With FOS 9.2.x, 9.2.1x, 9.2.2x, or 10.0.0x
8.0Defect ID: a00151908en_us
RESTful Interface Tool (iLORest) - "OSError: [Errno 28] No Space Left on Device" Displayed with iLORest Version 6.0 (or later) on an HPE System Running VMware Due to no Space in "/opt," Preventing iLORest Commands from Running
7.5Defect ID: a00156090en_us
HOTSTUFF HS03572: OPN Remote File Access Request Hangs
7.5Defect ID: a00156013en_us
HPE OneView for Synergy - Upgrades to HPE OneView Version 11.0 May Succeed but Leave OneView Inaccessible for Some Synergy Cluster Environments

Ready to prevent the next vendor outage?

Get a demo

Hewlett Packard Enterprise - Defect ID: a00136546en_us

HPE ProLiant/Synergy Gen10 Servers - TPM Configured as a TPM 2.0 Device Containing Endorsement Key Certificate with Public Key (rsaesOaep) Is Not Supported by OpenSSL Used by VMware ESXi 7.x, 8.x Or Earlier

Hewlett Packard Enterprise - Defect ID: a00136546en_us

HPE ProLiant/Synergy Gen10 Servers - TPM Configured as a TPM 2.0 Device Containing Endorsement Key Certificate with Public Key (rsaesOaep) Is Not Supported by OpenSSL Used by VMware ESXi 7.x, 8.x Or Earlier

Last updated on January 31st, 2025

BugZero Risk Score6.0 Medium

Bug Details

Summary

Scope

Resolution

Affected OS

Top Hewlett Packard Enterprise Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
6.0 Medium