VxRail: How to enable and disable UEFI Secure Boot

Summary: How to enable and disable UEFI Secure Boot on VxRail.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

How to enable UEFI Secure Boot.

1. Check the current ESXi status:

  • Before enabling Secure boot, VIBs installed on the ESXi should pass the esxcli software vib signature verify. 
  • Run the command:
    esxcli software vib signature verify
You must remove or replace any unsigned VIBs before enabling.


Screenshot showing VIB list 


2. Enablement

a. From vCenter HTML5 Client, move the node to maintenance mode:

Screenshot showing the maintenance mode option


b. Check the VGA output of the node. Do this by either by connecting the VGA console physically or redirecting VGA output from IDRAC virtual console.

 

Screenshot showing how to open launch the console from the iDrac

c. Select Next Boot and "BIOS Setup"
 

Screenshot showing setting the next boot option 
 

Saving the next boot option

d. Reboot the node. The node reboots into BIOS setup.
 

Screenshot showing the reboot of the host


e. Set Secure Boot to Enabled from the BIOS Setup.


Screenshot of the secure boot option in the bios 


f. A warning message is shown. Select OK.

 

Saving changes after enabling secure boot

g. Save and Finish.

 

Saving the changes in the bios
h. Node reboots. And you see the following screen that indicates Secure Boot is enabled.


Boot notification screen indicating the secure boot settings were changed 
 

i. Exit Maintenance Mode


Removing host from maintenance mode 


j. Apply step #a - #i on the other nodes in the cluster.

 


How to disable UEFI Secure Boot

a. From vCenter HTML5 Client, move the node to maintenance mode.
 

Place the host in maintenance mode


b. Check the VGA output of the node. Do this by either by connecting the VGA console physically or redirecting VGA output from IDRAC virtual console.



launch the console from the idrac 
 

c. Select Next Boot and "BIOS Setup". 
 

set next boot as bios setup 
 

save next boot settings

d. Reboot the node. The node reboots into BIOS setup.


reboot the host from vSphere 


e. Set Secure Boot to Disabled from BIOS Setup.


disable secure boot 


f. Save and Finish.

 

save and finish the changes

g. The system reboots, there will be a console message indicating UEFI Secure Boot policy that is changed:


Bios boot message indicating secure boot settings were changed 
 

h. After host boots up, exit Maintenance Mode.


exit host from Maintenace mode 
 

i. Apply steps #a - #h for all the other nodes.
 
 

Products

VxRail, VxRail Appliance Series, VxRail Software
Article Properties
Article Number: 000158364
Article Type: How To
Last Modified: 10 Apr 2025
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.