VMware Provider: How to enable Secure Boot

Hello *,

We are currently using the VMware Provider to create UEFI VMs on VSphere. For added security we would like to enable secure boot as well, however the VMware provider plugin seems not to support this currently.

Are there any plans to implement this feature (we would volunteer for testing it) or are there workarounds we could use to activate secure boot on the VSphere side when creating a VM?

Foreman and Proxy versions:

  • 3.1.0

Foreman and Proxy plugin versions:

  • foreman-vmware-3.1.0-1.el8.noarch
  • rubygem-fog-vsphere-3.5.0-2.el8.noarch

Distribution and version:

  • CentOS 8

Cheers,
Martin

Hi,

You can add “options[:efiSecureBootEnabled] = true” to create_vm.rb

          def boot_options(attributes, vm_cfg)
            # NOTE: you must be using vsphere_rev 5.0 or greater to set boot_order
            # e.g. Fog::Compute.new(provider: "vsphere", vsphere_rev: "5.5", etc)
            options = {}
            if (@vsphere_rev.to_f >= 5) && attributes[:boot_order]
              options[:bootOrder] = boot_order(attributes, vm_cfg)
            end

            # Set attributes[:boot_retry] to a delay in miliseconds to enable boot retries
            if attributes[:boot_retry]
              options[:bootRetryEnabled] = true
              options[:bootRetryDelay]   = attributes[:boot_retry]
            end
+           options[:efiSecureBootEnabled] = true
            options.empty? ? nil : RbVmomi::VIM::VirtualMachineBootOptions.new(options)
          end


1 Like

Thank you @larrythecow. Your proposed change would apply the secure boot flag to every newly created VM (hardcoded). I’ve to admit that’s good enough for me as a workaround :wink:

Greetings,
Martin