Dell VxRail：如何收集启用 TPM 安全的 VxRail 节点的恢复密钥

[root@host1] esxcli system settings encryption recovery list
Recovery ID                             Key
--------------------------------------  ---
{2DDD5424-7F3F-406A-8DA8-D62630F6C8BC}  478269-039194-473926-430939-686855-231401-642208-184477-602511
-225586-551660-586542-338394-092578-687140-267425

• -vcenter 参数需要作为 vCenter 的 IP 或 FQDN 提供
• 需要提供 vcuser 参数，该参数应为管理员级别的用户
• -vcpassword 参数是可选的，如果未提供，则脚本将提示/询问它（它更安全，但在我的实验室中更易于测试以添加密码）

PS C:\powercli> .\GetTPMRecoveryKeys.ps1 -vcenter *.*.*.* -vcuser administrator@vsphere.local -vcpassword *****

∞ Connecting to provided vCenter x.x.x.x
∞
√ Connected to:
√
√    VCName        VCVersion
√    ------        ---------
√    x.x.x.x 7.0.2
√
√
∞       - RDC
∞
∞          - cl01
∞             - esx01.rdc
∞               -  Recovery ID:{xxxxxxx-9E3B-42A7-xxxxxxx-E4C180E8BACA}
∞               -  Recovery Key:193974-212191-679120-487809-200490-163047-653307-xxxxxxx-044591-621531-432739-xxxxxxx-174648-394385-669925-174640
∞                -  Mode: TPM
∞                -  Require Executables Only From Installed VIBs: true
∞                -  Require Secure Boot: true
∞             - esx02.rdc
∞               -  Recovery ID:{xxxxxxx-3DB9-4F8C-xxxxxxx-EC91E9782290}
∞               -  Recovery Key:293832-328901-118681-432237-492188-375446-689739-076446-xxxxxxx-330911-097690-348733-350329-xxxxxxx-619754-501857
∞                -  Mode: TPM
∞                -  Require Executables Only From Installed VIBs: true
∞                -  Require Secure Boot: true
∞             - esx03.rdc
∞               -  Recovery ID:{xxxxxxx-B4E4-4B1A-xxxxxxx-F71DBB81B6E7}
∞               -  Recovery Key:430023-424502-371384-341740-xxxxxxx-709307-578925-153259-682162-231900-583516-122672-xxxxxxx-304009-275146-701353
∞                -  Mode: TPM
∞                -  Require Executables Only From Installed VIBs: true
∞                -  Require Secure Boot: true
∞             - esx04.rdc
∞               -  Recovery ID:{xxxxxxx-5420-4CCE-xxxxxxx-F5DDBDB06889}
∞               -  Recovery Key:167431-630730-230210-359626-580397-199776-xxxxxxx-577309-191925-221351-191861-xxxxxxx-622205-047984-206484-018858
∞                -  Mode: TPM
∞                -  Require Executables Only From Installed VIBs: true
∞                -  Require Secure Boot: true
∞             - esx05.rdc
∞               - No Key retrieved, Validate TPM settings/config if its expected:
∞                 - Mode: NONE
∞                 - Require Executables Only From Installed VIBs: false
∞                 - Require Secure Boot: false
∞             - esx06.rdc
∞               - No Key retrieved, Validate TPM settings/config if its expected:
∞                 - Mode: NONE
∞                 - Require Executables Only From Installed VIBs: false
∞                 - Require Secure Boot: false
∞             - esx07.rdc
∞               -  Recovery ID:{xxxxxxx-E916-41DE-xxxxxxx-0EFA439CAAA6}
∞               -  Recovery Key:347578-144805-170128-170921-xxxxxxx-184321-229917-051564-128587-493711-367190-xxxxxxx-682683-335612-344600-352356
∞                -  Mode: TPM
∞                -  Require Executables Only From Installed VIBs: true
∞                -  Require Secure Boot: true
∞             - esx08.rdc
∞               - No Key retrieved, Validate TPM settings/config if its expected:
∞                 - Mode: NONE
∞                 - Require Executables Only From Installed VIBs: false
∞                 - Require Secure Boot: false
∞
∞ Do u wish to export the results as csv (TPMKeysExport.csv)? write y and enter to export.: y
∞ Exporting TPMKeysExport.csv in the script directory.
√ All done.

完全配置群集的示例：

图 1：完全配置群集的示例：