Can not install the lpfc partner driver after enable the secure boot as 'Could not find a trusted signer: self-signed certificate'
search cancel

Can not install the lpfc partner driver after enable the secure boot as 'Could not find a trusted signer: self-signed certificate'

book

Article ID: 429307

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Can not install the lpfc partner driver after enable the secure boot as 'Could not find a trusted signer: self-signed certificate' , esxupdate logged below messages:

YYYY-MM-DDTHH:MM:36Z In(14) esxupdate[2368846] runcommand called with: args = ['/usr/lib/vmware/vob/bin/addvob', 'vob.user.esximage.install.stage.error', '(Updated) ESXi-8.0U3f-24784735-standard', "EMU_bootbank_lpfc_14.4.576.11-1OEM.800.1.0.20613240: ('EMU_bootbank_lpfc_14.4.576.11-1OEM.800.1.0.20613240', 'Could not find a trusted signer: self-signed certificate')"], outfile = None, returnoutput = True, timeout = 0.0. 
YYYY-MM-DDTHH:MM:36Z In(14) esxupdate[2368846] runcommand called with: args = '/bin/localcli system visorfs ramdisk remove -t /usr/lib/vmware/lifecycle/stagebootbank', outfile = None, returnoutput = True, timeout = 0.0. 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] Traceback (most recent call last): 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] File "/lib64/python3.11/site-packages/vmware/esximage/HostImage.py", line 984, in _download_and_stage 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] arvib.VerifyAcceptanceLevel() 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] File "/lib64/python3.11/site-packages/vmware/esximage/Vib.py", line 2349, in VerifyAcceptanceLevel 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] policyobj.Verify(self) 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] File "/lib64/python3.11/site-packages/vmware/esximage/AcceptanceLevels.py", line 144, in Verify 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] self.VerifySignature(vib, checkCertDates) 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] File "/lib64/python3.11/site-packages/vmware/esximage/AcceptanceLevels.py", line 102, in VerifySignature 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] vib.VerifySignature(self.verifyobj, checkCertDates=checkCertDates) 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] File "/lib64/python3.11/site-packages/vmware/esximage/Vib.py", line 2416, in VerifySignature 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] raise err 
YYYY-MM-DDTHH:MM:36Z Er(11) esxupdate[2368846] vmware.esximage.Errors.VibSigInvalidError: ('EMU_bootbank_lpfc_14.4.576.11-1OEM.800.1.0.20613240', 'Could not find a trusted signer: self-signed certificate') 

Environment

ESXi 8.x

Cause

As TPM and Secure Boot are enabled:

#esxcli system settings encryption get
   EncryptionGet:
   Mode: TPM
   Require Executables Only From Installed VIBs: false
   Require Secure Boot: true

Secure Boot will check the vib certificate , this partner async driver vib without VMware-approved certificate , the secure boot do not trust it and deney the installation . 

Resolution

1 Follow up article "VIB Installation Fails on ESXi Hosts with TPM and Secure Boot Enabled" to assign the VMware-approved certificate for partner vib.

Or 

2 Replace the partner async driver by VMware inbox driver , VMware inbox driver has VMware-allowed certificate naturally . 

Powered by Wolken Software