About Trust Attestation

Trust Attestation utilizes Intel® Trusted Execution Technology (Intel® TXT) and ISecL (Intel® Security Libraries) to establish comprehensive hardware-based trust on managed ESXi hosts that use Trusted Platform Modules (TPM) chips. TXT and TPM are used to verify the integrity of the platform.

A fingerprint is a set of host measurements. Fingerprints from a particular host are captured in CloudControl and used to determine the trust status of hosts by adding them to a trust manifest. If the fingerprint of a host matches the fingerprint in an associated trust manifest, then the host is labeled Trusted. Otherwise, the host is labeled Not Trusted. For more information, see About Trust Attestation Policies.

Trust Attestation is automatically enabled in CloudControl. Trusted hosts can be viewed on the vSphere inventory page. See Viewing Trust Attestation Details and Reports.

Important: Only TPM 2.0 is supported.