1. Upgrade to ESXi 6.7 with an ISO. Secure boot is not supported if you used ESXCLI for the upgrade.
2. After the upgrade, run the secure boot verification script to identify any problems. A warning about ipmi-ipmi-devintf, ipmi-ipmi-si-drv and/or ipmi-ipmi-msghandler results.
[root@localhost:~] /usr/lib/vmware/secureboot/bin/secureBoot.py -c
Secure boot CANNOT be enabled: Failed to verify signatures of the following vib(s): [ipmi-ipmi-devintf, ipmi-ipmi-si-drv and ipmi-ipmi-msghandler]. All tardisks validated. All acceptance levels validated
3. Remove ipmi-ipmi-devintf, ipmi-ipmi-si-drv and ipmi-ipmi-msghandler VIBs.
a. To remove all the VIBs together, run:
esxcli software vib remove -n ipmi-ipmi-devintf -n ipmi-ipmi-si-drv -n ipmi-ipmi-msghandler
b. To remove the VIBs individually, run:
[root@ localhost:~] esxcli software vib remove -n ipmi-ipmi-devintf
Removal Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true
VIBs Installed:
VIBs Removed: VMW_bootbank_ipmi-ipmi-devintf_39.1-4vmw.670.0.0.8169922
VIBs Skipped:
[root@ localhost:~] esxcli software vib remove -n ipmi-ipmi-si-drv
Removal Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true
VIBs Installed:
VIBs Removed: VMW_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.670.0.0.8169922
VIBs Skipped:
[root@ localhost:~] esxcli software vib remove -n ipmi-ipmi-msghandler
Removal Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true
VIBs Installed:
VIBs Removed: VMW_bootbank_ipmi-ipmi-msghandler_39.1-4vmw.670.0.0.8169922
VIBs Skipped:
4. Check compatibility again.
[root@localhost:~] /usr/lib/vmware/secureboot/bin/secureBoot.py -c
Secure boot can be enabled: All vib signatures verified. All tardisks validated. All acceptance levels validated
5. Reboot and enable secure boot from the UEFI firmware interface.