Installing the HMC virtual appliance enabled with secure boot by using VMware ESXi

Learn how to install the Hardware Management Console (HMC) virtual appliance that is enabled with secure boot by using VMware ESXi.

About this task

You can install the HMC virtual appliance on the VMware ESXi web client by using the graphical user interface (GUI) to deploy the Open Virtualization Format (OVF) template.
Note:
  • You can install the HMC virtual appliance on VMware ESXi version 7.0 or 7.0.2.
  • The command syntax might vary depending on the operating system.

To install the HMC virtual appliance on VMware ESXi, complete the following steps:

Initial setup

Procedure

  1. Obtain the Tar archive file, <VMware vHMC installation file name>_UEFI.ESX7_0.tgz.
  2. To extract virtual disk images, run the following command:
    tar -zxvf <KVM vHMC installation filename>.tgz
    The following files and folders are displayed:
    • data
    • Readme.html
    • user_data
    • disk1.img
    • vHMC_nvram
    • vHMC_vmx
    • vHMC_ova
    • db.der
    • pk.der
  3. Start the VMware ESXi web client and log in to the ESXi host.

Deploying virtual HMC

Procedure

  1. Click File and select Deploy a virtual machine from an OVF or OVA file as the creation type. Then, click Next.
  2. Select the vHMC.ova file.
  3. Enter a name for the virtual machine and click Next.
    Note: The names of virtual machine can contain up to 80 characters and must be unique within each ESXi instance.
  4. In the Standard tab, select a datastore for configuration files and virtual disks of the virtual machine.
  5. Click Next.
  6. Select VM Network from the network mapping list.
  7. Choose Thin or Thick as the disk provisioning type.
  8. Disable the Power on automatically checkbox and click Next.
  9. Review and verify your deployment settings and click Finish.
  10. Select the deployed virtual machine from the displayed list.
  11. Click Edit from the menu to edit the following settings:
    • CPU settings
    • Memory settings
    • Configure network adapters
    • Configure floppy/ CD interfaces
    • I/O settings
    Note: Click VM Options > Boot Options tab > and select EFI as the firmware to be used to boot the virtual machine in secure mode.

Enabling secure boot on HMC by using VMware ESXi

Procedure

  1. Navigate to the datastore location of the virtual machine (/vmfs/volumes/datastore1/{VM_NAME}/) and upload db.der and vHMC.nvram files.
    Note: Change the name of the .nvram file according to the name of the virtual machine by using the Move operation.
  2. Check and add the following entries at the end of the vmx (/vmfs/volumes/datastore1/{VM_NAME}/{VM_NAME}.vmx) file of the virtual machine through the command line interface (CLI):
    • uefi.secureBoot.enabled = "TRUE"
    • uefi.allowAuthBypass = "TRUE"
    • uefi.secureBoot.dbDefault.file0 = "db.der"
  3. Refresh the settings and boot the virtual machine (VM).
    After this action, the VM reboots and launches the virtual HMC by enabling secure boot.
    Note: The status of the secure boot capability on the HMC can be verified through CLI (lshmc --boot) and the graphical user interface (GUI).