Get Hosts Hardware TPM Endorsement Keys
Get the TPM endorsement key details on a host. The information returned is derived from executing the TPM2_ReadPublic command on the endorsement key object handle.
Trusted Platform Module Library Part 3: Commands, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 12.4 TPM2_ReadPublic
if you do not have all of the privileges described as follows: - The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.
Request
URLURL
https://{api_host}/api/vcenter/trusted-infrastructure/hosts/{host}/hardware/tpm/{tpm}/endorsement-keys/{key}
Path Parameters
Path Parameters
string
host
Required
Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.
string
tpm
Required
the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.
string
key
Required
the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, acquired from Create Session API under CIS product
vmware-api-session-id example
"b00db39f948d13ea1e59b4d6fce56389"
Authentication
This operation uses the following authentication methods.
Response
Response
Response BodyResponse Body
200 OK returns
TrustedInfrastructureHostsHardwareTpmEndorsementKeysInfo
of type application/json
The endorsement key info.
{
"certificate": "string",
"manufacturer_certificate_uri": "string",
"manufacturer_certificates": {
"cert_chain": [
"string"
]
},
"name": "string",
"public_area": "string",
"public_key": "string",
"qualified_name": "string",
"type": "RSA_2048"
}
string
qualified_name
Required
The TPM endorsement key qualified name. The qualified name is a TPM2B_NAME structure.
Trusted Platform Module Library Part 2: Structures, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 10.5.3 TPM2B_NAME
type
Required
The EndorsementKeys.Type enumerated type defines the endorsement key type based on key algorithms.
RSA_2048 : The RSA 2048 bit key.
ECC_NIST_P_256 : The ECC NISTP-256 bit key.
Possible values are: RSA_2048 , ECC_NIST_P_256
string
name
Required
The TPM endorsement key name. The name is a TPM2B_NAME structure.
Trusted Platform Module Library Part 2: Structures, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 10.5.3 TPM2B_NAME
string
public_area
Required
The TPM endorsement key public area. The public area is a TPM2B_PUBLIC structure.
Trusted Platform Module Library Part 2: Structures, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 12.2.5 TPM2B_PUBLIC
manufacturer_certificates
Optional
The TPM manufacturer’s endorsement key certificate chain. Endorsement key certificates are signed by the TPM manufacturer. When available, the EndorsementKeys.Info.manufacturer-certificates field will contain the TPM manufacturer’s endorsement key certificate chain.
if unset, the certificate chain is not available.
string
public_key
Optional
The TPM public endorsement key in PEM format. if unset, the PEM format public key could not be determined.
string
certificate
Optional
The TPM endorsement key certificate in PEM format. if unset, the certificate cannot be retrieved from the TPM.
string
manufacturer_certificate_uri
Optional
The TPM endorsement key issuer URL extracted from the TPM endorsement key certificate. if unset, the URI cannot be retrieved from the endorsement key certificate.
Errors
404
com.vmware.vapi.std.errors.not_found : if the endorsement key, or the TPM device, or the host is not found.
default
‘Default’ means this response is used for all HTTP codes that are not covered individually for this operation.
Code Samples
PowerCLI Client SDK Example
Invoke-GetHostTpmKeyHardwareEndorsementKeys -Host "MyHost" -Tpm "MyTpm" -Key "MyKey"
cURL Command
curl -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" https://{api_host}/api/vcenter/trusted-infrastructure/hosts/{host}/hardware/tpm/{tpm}/endorsement-keys/{key}
Vendor Extensions
This operation contains the following vendor extensions defined in the spec:
x-vmw-doc-operation: get
Availability
Added in 8.0.0.1
