New-TrustAuthorityTpm2EndorsementKey Command | Vmware PowerCLI Reference

New-TrustAuthorityTpm2EndorsementKey

This cmdlet creates a new Trust Authority TPM 2.0 endorsement key in the specified Trust Authority cluster in the Trust Authority vCenter Server system.

Syntax

New-TrustAuthorityTpm2EndorsementKey
-Tpm2EndorsementKey < Tpm2EndorsementKey[] >
-TrustAuthorityCluster < TrustAuthorityCluster >
[-ProgressAction < ActionPreference > ]
[-Server < VIServer[] > ]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
Tpm2EndorsementKey Tpm2EndorsementKey[] named
  • pipeline
Specifies the TPM 2.0 endorsement key of the TPM 2.0 device from a workload virtual machine host server that you can use to create Trust Authority TPM 2.0 endorsement key object in the Trust Autority vCenter Server system.
required
TrustAuthorityCluster TrustAuthorityCluster named
  • pipeline
Specifies the Trust Authority cluster in which you want to create a new Trust Authority TPM 2.0 endorsementKey object.
optional ProgressAction ActionPreference named
optional Server VIServer[] named
Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.
New-TrustAuthorityTpm2EndorsementKey
-Name < String >
-TrustAuthorityCluster < TrustAuthorityCluster >
[-Certificate < X509Certificate2 > ]
[-CertificateFile < String > ]
[-ProgressAction < ActionPreference > ]
[-PublicKey < SecureString > ]
[-PublicKeyFile < String > ]
[-Server < VIServer[] > ]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
Name String named
Specifies the name of the new Trust Authority TPM 2.0 endorsement key that you want to create.
required
TrustAuthorityCluster TrustAuthorityCluster named
  • pipeline
Specifies the Trust Authority cluster in which you want to create a new Trust Authority TPM 2.0 endorsementKey object.
optional Certificate X509Certificate2 named
Specifies the certificate of the TPM 2.0 device from a workload virtual machine host server that you want to use to create a Trust Authority TPM 2.0 endorsement key object in Trust Autority vCenter Server system. If both the Certificate and PublicKey parameters are specified, the Certificate parameter is first validated with the preconfigured CA certificates. Then the PublicKey parameter is validated with the Certificate.
optional CertificateFile String named
Specifies the certificate file where you can find the TPM 2.0 device's certificate.
optional ProgressAction ActionPreference named
optional PublicKey SecureString named
Specifies the TPM 2.0 device's public key in PEM format.
optional PublicKeyFile String named
Specifies the file where you can find the TPM 2.0 device's public key.
optional Server VIServer[] named
Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.
New-TrustAuthorityTpm2EndorsementKey
-FilePath < String >
-TrustAuthorityCluster < TrustAuthorityCluster >
[-ProgressAction < ActionPreference > ]
[-Server < VIServer[] > ]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
FilePath String named
Specifies the file where you can find the TPM 2.0 endorsement key.
required
TrustAuthorityCluster TrustAuthorityCluster named
  • pipeline
Specifies the Trust Authority cluster in which you want to create a new Trust Authority TPM 2.0 endorsementKey object.
optional ProgressAction ActionPreference named
optional Server VIServer[] named
Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.

Output

VMware.VimAutomation.Security.Types.V1.TrustedInfrastructure.TrustAuthorityTpm2EndorsementKey

Examples

Example 1

Connect-VIServer -Server 1.1.1.1 -User root -Password mypasswd
$tpm2Ek = Get-Tpm2EndorsementKey -Server 1.1.1.1 -VMHost 1.1.1.1
New-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster mycluster -Tpm2EndorsementKey $tpm2Ek -Server trustAuthoritySystem

Creates a Trust Authority TPM 2.0 endorsement key in the Trust Authority cluster mycluster from the TPM 2.0 endorsement key object $tpm2Ek. You can retrieve the TPM 2.0 endorsement key object from the connected workload virtual machine host server 1.1.1.1.

Example 2

Connect-VIServer -Server 1.1.1.1 -User root -Password mypasswd
Export-Tpm2EndorsementKey -Server 1.1.1.1 -FilePath c:\mypath -VMHost 1.1.1.1
New-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster mycluster -FilePath c:\mypath -Server trustAuthoritySystem

Creates a Trust Authority TPM 2.0 endorsement key in the Trust Authority cluster mycluster from the c:\mypath file. You can export the TPM 2.0 endorsement key object from the connected workload virtual machine host server 1.1.1.1.

Example 3

Connect-VIServer -Server 1.1.1.1 -User root -Password mypasswd
$tpm2Ek = Get-Tpm2EndorsementKey -Server 1.1.1.1 -VMHost 1.1.1.1
New-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster mycluster -Name mytpm2Ek
 -Certificate $tpm2Ek.Certificate -PublicKey $tpm2Ek.PublicKey -Server trustAuthoritySystem

Creates a Trust Authority TPM 2.0 endorsement key with the mytpm2Ek name in the Trust Authority cluster mycluster from each property of the Tpm2EndorsementKey object. You can retrieve the TPM 2.0 endorsement key object from the connected workload virtual machine host server 1.1.1.1.

Related Commands

TrustAuthorityAttestationService

This cmdlet retrieves the Trust Authority attestation services from the specified enabled Trust Authority cluster in the Trust Authority vCenter Server system.

TrustAuthorityCluster

This cmdlet retrieves the Trust Authority clusters from the Trust Authority vCenter Server system.

This cmdlet modifies the configuration of the specified Trust Authority clusters in the Trust Authority vCenter Server system.

TrustAuthorityKeyProvider

This cmdlet retrieves the Trust Authority key providers from the specified Trust Authority cluster in the Trust Authority vCenter Server system.

This cmdlet creates a new Trust Authority key provider in the Trust Authority vCenter Server system.

This cmdlet removes the specified Trust Authority key providers from the Trust Authority vCenter Server system.

This cmdlet modifies the Trust Authority key providers with the specified properties in the Trust Authority vCenter Server system.

TrustAuthorityKeyProviderClientCertificate

This cmdlet exports the client certificate from the specified Trust Authority key provider to the specified file.

This cmdlet retrieves the client certificate from the specified Trust Authority key provider in the connected Trust Authority vCenter Server system.

This cmdlet creates a client certificate for the specified Trust Authority key provider in the Trust Authority vCenter Server system.

This cmdlet updates the client certificate of the specified Trust Authority key providers in the Trust Authority vCenter Server system.

TrustAuthorityKeyProviderClientCertificateCSR

This cmdlet retrieves the client certificate Certificate Signing Request (CSR) from the specified Trust Authority key provider in the connected Trust Authority vCenter Server system.

This cmdlet creates the client certificate Certificate Signing Request (CSR) for the specified Trust Authority key providers in the Trust Authority vCenter Server system.

TrustAuthorityKeyProviderServer

This cmdlet adds a new Trust Authority key provider server to an existing Trust Authority key provider in the Trust Authority system.

This cmdlet retrieves the Trust Authority key provider servers from the specified Trust Authority key providers in the connected Trust Authority vCenter Server system.

This cmdlet removes the specified Trust Authority key provider servers from their location in the Trust Authority vCenter Server system.

TrustAuthorityKeyProviderServerCertificate

This cmdlet adds the certificate from the Trust Authority key provider server to be trusted by the Trust Authority key provider.

This cmdlet retrieves the certificate from the Trust Authority key provider server or the certificate trusted by the specified Trust Authority key provider in the Trust Authority vCenter Server system.

This cmdlet removes the specified Trust Authority key provider server certificates from their location. The certificate is no longer trusted by the Trust Authority key provider in the Trust Authority vCenter Server system.

This cmdlet updates the trusted server certificates of the specified Trust Authority key providers in the Trust Authority vCenter Server system.

TrustAuthorityKeyProviderService

This cmdlet retrieves the Trust Authority key provider services from the specified enabled Trust Authority cluster in the Trust Authority vCenter Server system.

TrustAuthorityPrincipal

This cmdlet retrieves the Trust Authority principals from the specified Trust Authority clusters in the Trust Authority vCenter Server system.

This cmdlet creates a new Trust Authority principal in the specified Trust Authority cluster in the Trust Authority vCenter Server system.

This cmdlet removes the Trust Authority principals from their location in the Trust Authority vCenter Server system.

TrustAuthorityServicesInfo

This cmdlet exports the Trust Authority services information (the Trust Authority attestation service and Trust Authority key provider service) from the specified Trust Authority cluster to the specified file.

This cmdlet imports the Trust Authority services information (Trust Authority attestation service and Trust Authority key provider service) from the specified file to the workload vCenter Server system.

TrustAuthorityServicesStatus

This cmdlet retrieves the Trust Authority services status from the specified Trust Authority clusters in the connected Trust Authority vCenter Server system.

TrustAuthorityTpm2AttestationSettings

This cmdlet retrieves the Trust Authority TPM 2.0 attestation settings from the specified Trust Authority clusters in the connected Trust Auhtority vCenter Server system.

This cmdlet modifies the Trust Authority TPM 2.0 attestation settings of the Trust Authority cluster in the Trust Authority vCenter Server system.

TrustAuthorityTpm2CACertificate

This cmdlet retrieves the Trust Authority TPM 2.0 Certificate Authority (CA) certificates from the specified Trust Authority clusters in the Trust Authority vCenter Server system.

This cmdlet creates a new Trust Authority TPM 2.0 Certificate Authority (CA) certificate in the specified Trust Authority Cluster in the Trust Authority vCenter Server system.

This cmdlet removes the Trust Authority TPM 2.0 certificate authority (CA) certificates from the Trust Authority cluster in the Trust Authority vCenter Server system.

TrustAuthorityTpm2EndorsementKey

This cmdlet retrieves the Trust Authority TPM 2.0 endorsement keys from the specified Trust Authority clusters in the Trust Authority vCenter Server system.

This cmdlet creates a new Trust Authority TPM 2.0 endorsement key in the specified Trust Authority cluster in the Trust Authority vCenter Server system.

This cmdlet removes the Trust Authority TPM 2.0 endorsement keys from the Trust Authority cluster in the Trust Authority vCenter Server system.

TrustAuthorityVMHostBaseImage

This cmdlet retrieves the Trust Authority virtual machine host base image from the specified Trust Authority clusters in the Trust Authority vCenter Server system.

This cmdlet creates a Trust Authority virtual machine host base image in the Trust Authority vCenter Server system.

This cmdlet removes the Trust Authority virtual machine host base images from the Trust Authority cluster in the Trust Authority vCenter Server system.