PowerEdge: CTPM - Cannot Support ESXi TPM Encryption Function

Summary: China-specific Trusted Platform Module (CTPM) Part Number (PN) WFD8R cannot support ESXi 7.0 and 8.0 Trusted Platform Module (TPM) encryption function.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

A NationZ CTPM in a 14G server, R6515 or R7515 with an ESXi 7.0 and ESXi 8.0 that has the TPM function enabled displays the following error message:

  • esxcli system settings encryption set --mode=TPM
    Unable to change the encryption mode and policy. Verify that the current host configuration can satisfy the new requirement.
  • esxcli system settings encryption set --require-secure-boot=TRUE
    Unable to change the encryption mode and policy. Verify that the current host configuration can satisfy the new requirement.

 

example of the same encryption error

 

Cause

NationZ CTPM (PN: WFD8R) do not include Endorsement Key (EK) certificates. If you want to trust individual ESXi hosts, the TPM must include an EK certificate.
ESXi document: https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-B648273C-B7A9-42D5-BE35-A5577814392D.htmlThis hyperlink is taking you to a website outside of Dell Technologies.

 

Resolution

If allowed by Chinese law, TPM (PN: FXJVY) can be used. This is because the TPM can support the ESXi TPM encryption function.

More:
Not all CTPMs do not support ESXi TPM encryption features. 15G CTPM PN: 2VJ50 and HDNTW can support the ESXi TPM encryption function. But 15G TPM PN 2VJ50 and HDNTW cannot (used in R6515 and R7515).

 

Affected Products

PowerEdge XR2, OEMR R6515, Poweredge C4140, PowerEdge C6420, PowerEdge C6520, PowerEdge C6525, PowerEdge FC640, PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge MX740C, PowerEdge MX750c, PowerEdge MX840C, PowerEdge R240, PowerEdge R250 , PowerEdge R340, PowerEdge R350, PowerEdge R440, PowerEdge R450, PowerEdge R540, PowerEdge R550, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R7515, PowerEdge R7525, PowerEdge R840, PowerEdge R940, PowerEdge R940xa, PowerEdge T140, PowerEdge T150, PowerEdge T160, PowerEdge T340, PowerEdge T350, PowerEdge T360, PowerEdge T440, PowerEdge T550, PowerEdge T560, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7100, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545, PowerEdge XR11, PowerEdge XR12, PowerEdge XR4000r, PowerEdge XR4000w, PowerEdge XR4510c, PowerEdge XR4520c, Dell EMC vSAN R6515 Ready Node ...
Article Properties
Article Number: 000221256
Article Type: Solution
Last Modified: 19 Aug 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.