- Data Center Virtualization Certification:VCP6.5-DCV Exam Guide
- Andrea Mauro Paolo Valsecchi
- 152字
- 2025-03-01 05:40:55
Describe ESXi Secure Boot
Unified Extensible Firmware Interface (UEFI) is a replacement for the traditional BIOS firmware, and is supported for VM from virtual hardware 7.
Secure boot is part of the UEFI firmware standard, where the UEFI firmware validates the digital signature of the operating system and its bootloader, to ensure that the bootstrap sequence starts only a properly signed system, including drivers and applications.
Starting with vSphere ESXi 6.5, it's possible to have secure boot for both ESXi and VMs.
For ESXi, the secure boot can verify each VIB by using its digital sign. At boot time, the already validated ESXi VMkernel will validate each VIB against the firmware-based certificate:
Figure 1.11: ESXi secure boot
For more information on how to enable this feature, and also some possible issues (during the upgrade process, for example), see https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html.
For the secure boot options for VMs, see Objective 1.4.