This blog post is written by Shiva Katta & Krishnaprasad K
Intel TXT (Trusted Execution Technology) is a hardware security solution that protects IT infrastructures against software based attacks by validating the behavior of key components with in a server during startup. For VMware ESXi, each time it boots, it measures the vmkernel and subset of modules (VIBs) and stores the measurements into the Platform Configuration Register (PCR) 20 of the TPM (Trusted Platform Module). In a net-shell, if Intel TXT is enabled, VMware ESXi is booted in secure mode and ensures integrity of vmkernel & other components. Intel TXT support for VMware ESXi starts from VMware ESXi 4.1 Update1 onwards. This feature is not supported for VMware ESX classic edition.
Pre-requisites for trusted boot enablement in VMware ESXi
Behavioral difference of trusted boot between VMware ESXi 4.x & 5.x
Enabling trusted boot in VMware ESXi
Generally, enabling TXT is a two-step process. Enable TXT under Security Settings of Dell PowerEdge Servers bios (mandatory) & enable TXT in VMware ESXi (mandatory for VMware ESXi 4.x)
Verifying trusted boot
Refer VMware KB for Support of Trusted Execution Technology (TXT) on ESXi 4.1 and ESXi 5.0.
To post a comment
login or create an account