In this video, we'll show how to enable UEFI Secure Boot on VMware ESXi 6.5.x on Dell 13th generation PowerEdge servers.
Before you begin, ensure that you have downloaded the latest BIOS available at dell.com/support. UEFI Secure Boot is a technology where the system firmware checks that the system bootloader is signed with a cryptographic key, authorized by a database contained in the system firmware.
This feature ensures that the proper signature verification happens in the next stage, which includes bootloader, Kernel and user space, and prevents any execution of unsigned code. To begin the process, turn on the system. Press "F2" to go to the "System Setup" page.
Click "System BIOS," "Boot Settings," and then select "UEFI" as the boot mode. Click "Back," click "Finish," and then click "Yes" in the "Saving Changes" dialog box. Then, click "OK" on the "Success" message. To exit from "System Setup," click "Finish" and then click "Yes" on the "Confirm Exit" message. The system restarts automatically.
Now, press "F2" to go to the "System Setup" page. Click "System BIOS," "Boot Settings," "UEFI Boot Settings," and then click "UEFI Boot Sequence". You must ensure that the "Internal SD: EFI Fixed Disk Boot Device 1" appears first in the list. Then click "OK". Click "Back" until you can view the "System BIOS Settings" page.
Click "System Security". The "Secure Boot Policy" option is set as "Standard" by default. Enable the "Secure Boot" option. In the "Saving Changes" dialog box, click "OK" to set the password for "System Password" and "Setup Password" respectively. Click "Back". Click "Back" again.
Click "Finish," and then click "Yes" in the "Saving Changes" dialog box. Then, click "OK" on the "Success" message. To exit the "System Setup," click "Finish," and then click "Yes" on the "Confirm Exit" message. The system restarts automatically. Enter the system password.
The system displays the loading with the ESXi installer screen, loads the VMware hypervisor, and displays the "UEFI Secure Boot in progress" message. Note that this operation might take a while.
After successfully booting into ESXi, you can view the VMware ESXi version and Dell PowerEdge model number on the Direct Console User Interface screen.
You can now log in to ESXi. Press "F2" to view the "Authentication Required" window. Type the login and password details and press "Enter" to continue. Then press "F2" to view the "System Customization" window. To view the various troubleshooting modes, select "Troubleshooting Options".
By default, the "ESXi Shell" option is disabled. Press "Enter" to enable this option. Press "Alt" + "F1" to go to the ESXi command line's shell. Enter the login and password details, and press "Enter".
Enter "/usr/lib/vmware/secureboot/bin/secureBoot.py -h", and then press "Enter" to view the "Help" message. Using the same command, but this time "-c", and then press "Enter" to check if the host is ready to enable secure boot. Again, with the same command, but this time "-s", and press "Enter" to check if "UEFI Secure Boot" is enabled.
After these commands are executed, if the output displays that "Secure Boot" is enabled, then your system is protected with UEFI Secure Boot. For more information, go to DellTechCenter.com.