ESXi PSOD when UEFI secure boot is enabled: Failed to verify signatures of the following vib(s)
Article ID: 408122
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
ESXi host fails to boot after enabling secure boot, reporting the below error:
EFI Secure Boot failed at time <timestamp> . Failed to verify signatures of the following vib(s): [HPE-Storage-Connection-Service HPE-Storage-psp]. All tardisks validated.Environment
vSphere ESXi 8.x
Cause
ESXi was installed using a custom image containing unverified VIBs.
- The ESXi bootloader contains a VMware public key. The bootloader uses this key to verify the signature of the kernel and a small subset of the system that includes a secure boot VIB verifier.
- The VIB verifier verifies every VIB package that is installed on the system.
Resolution
To resolve the issue, install updated VIBs from the vendor.
To work around the issue,
- Validate what the unverified VIBs enable.
- Place the host in maintenance mode
- Run the below command to remove the vib.
List all vibs by using the command: esxcli software vib list Remove vib using the command: esxcli software vib remove -n <VIBNAME> For eg. esxcli software vib remove -n HPE-Storage-psp - Reboot the ESXi host.
Additional Information
Feedback
Yes
No
Powered by
