The UEFI revocation list file, available at UEFI Revocation List File, contains the now-revoked signatures of previously approved and signed firmware and software used in booting systems with UEFI Secure Boot enabled. VMware has provided tools that customers can use to update the Secure Boot Forbidden Signature Database, dbx, on an ESXi Host with the contents of the latest revocation list.

VMware vSphere ESXi 7.0.x

To update dbx, use /usr/lib/vmware/uefi/bin/updateDBX; to view the current contents of dbx or another signature database in human readable format, use /usr/lib/vmware/uefi/bin/parseDB. Running either tool without command line arguments prints usage instructions.

If your ESXi version does not include these tools in /usr/lib/vmware/uefi/bin, you can download them from UEFI Secure Boot DBX Tools . They work only on ESXi 7.0 and later.