Blog post

1.10 – Describe the vSphere Trust Authority architecture 

vSphere Trust Authority enhances workload security. It associates an ESXi host’s hardware root of trust to the workload itself. It’s a set of services to satisfy high security requirements and you can ensure that sensitive workloads run only on ESXi hosts proven to have booted authentic software.

You’ll have to “attest” your ESXi hosts, which then become capable of performing trusted cryptographic operations. Attestation verifies that the ESXi hosts are running authentic VMware software or VMware signed partner software. It relies on measurements that are rooted in a TPM 2.0 chip installed in the ESXi host. An ESXi host can access encryption keys and perform cryptographic operations only after it has been attested.