Data Center Virtualization Certification：VCP6.5-DCV Exam Guide

上QQ阅读APP看书，第一时间看更新

Describe VM Secure Boot

As described in Objectve 1.2, Unified Extensible Firmware Interface (UEFI) is a replacement for the traditional BIOS firmware, and secure boot uses the UEFI firmware to validate the digital signature of the operating system and its bootloader.

With vSphere ESXi 6.5, you can use secure boot with both ESXi and VM. For ESXi secure boot description, see Objective 1.2.

VM secure boot has some important requirements, as follows:

Virtual hardware version 13 or later
EFI firmware in the VM boot options
VMware Tools version 10.1 or later
A guest operating system that supports UEFI secure boot:
- Some examples of supported operating systems are Windows 8 and Windows Server 2012 or newer, VMware ESXi 6.5 and Photon OS, RHEL/Centos 7.0, and Ubuntu 14.04

You can enable secure boot on a VM by using the vSphere Web Client, in the VM options of the desired VM, as follows:

Figure 1.30: VM secure boot

You cannot upgrade a VM that uses BIOS boot to a VM that uses UEFI boot. If a VM already uses UEFI boot and the operating system supports UEFI secure boot, you can simply enable secure boot.

You will need VirtualMachine.Config.Settings privileges to enable or disable UEFI secure boot for the VM.

For more information, see the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-898217D4-689D-4EB5-866C-888353FE241C.html).