Cannot enable secure boot on ESXi 6.5 or 6.7 host that was upgraded
Article ID: 334901
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
If you upgrade an ESXi host from ESXi 5.5 or ESXi 6.0 to ESXi 6.5 or ESXi 6.7, and you attempt to enable secure boot on that host, an error results.
If the error indicates that this problem is caused by the lsu-lsi-mptsas-plugin VIB, you can remove that VIB without complications.
CAVEATS:
If the error indicates that this problem is caused by the lsu-lsi-mptsas-plugin VIB, you can remove that VIB without complications.
CAVEATS:
- If you performed the upgrade by using ESXCLI instead of using the ISO, you cannot resolve the problem by removing the VIB.
- If the error indicates that other VIBs prevent enabling secure boot, you are responsible for determining whether it is possible to remove the VIB that causes the problem without complications. In most cases, removing the VIB removes needed functionality from your host.
Environment
VMware vSphere ESXi 6.5
Resolution
You can manually remove the VIB.
- Upgrade to ESXi 6.5 or ESXi 6.7 with an ISO. Secure boot is not supported if you used ESXCLI for the upgrade.
- After the upgrade, run the secure boot verification script to identify any problems. A warning about the lsu-lsi-mptsas-plugin results.
[root@localhost:~] /usr/lib/vmware/secureboot/bin/secureBoot.py -c
Secure boot CANNOT be enabled: Failed to verify signatures of the following vib(s): [lsu-lsi-mptsas-plugin]. All tardisks validated. All acceptance levels validated - Remove the lsu-lsi-mptsas-plugin VIB.
[root@localhost:~] esxcli software vib remove -n lsu-lsi-mptsas-plugin
Removal Result
Message: Operation finished successfully.
Reboot Required: false
VIBs Installed:
VIBs Removed: VMware_bootbank_lsu-lsi-mptsas-plugin_1.0.0-1vmw.600.2.34.3620759
VIBs Skipped: - Check compatibility again.
[root@localhost:~] /usr/lib/vmware/secureboot/bin/secureBoot.py -c
Secure boot can be enabled: All vib signatures verified. All tardisks validated. All acceptance levels validated - Reboot and enable secure boot from the UEFI firmware interface.
Feedback
Yes
No
Powered by
