Users Guide
VMware ESXi Secure boot support for Dell EMC
PowerEdge Servers
VMware supports UEFI Secure boot on versions ESXi 6.5 or later. UEFI Secure boot in general verifies the integrity of every package
loaded as part of the operating system (OS) bootup. Secure boot verifies the integrity of the vSphere Installation Bundle (VIB) packages
loaded from the boot device.
ESXi Secure boot workflow
The mboot boot loader in ESXi contains a VMware public key and is validated against the Certificate Authority (CA) present in the
platform BIOS UEFI Secure boot authorized Database (DB) during ESXi boot. The boot loader uses this key to verify the signature of the
kernel and a small subset of systems that includes a Secure boot VIB verifier—a VIB package that is used for validating the signature of
the drivers and other VIB packages loaded from the boot device. If any of the VIB installed on ESXi does not match with the signature of
the public key contained in the bootloader, then ESXi boot ends up with the Purple Screen Of Death (PSOD) mentioning a signature
mismatch for the specific failing VIBs.
Figure 3. ESXi Secure boot
14
Installing vSphere 6.5.x