Chris_CCT
Contributor
Contributor

ESXi 6.7 - Secure Boot and startup script

Hi,

Hope someone may have run in to this problem before and maybe able to help.

We have a customer that needs to boot with Secure Boot enabled. All works fine apart from the ability to run a simple script at startup.

All the script does is load the ipmi_si_drv and ipmi_devintf drivers as for some reason these don't get loaded normally at start up.

So we added the 2 lines to /etc/rc.local.d/local.sh, which works fine in legacy mode, but doesn't get run if Secure Boot is enabled. This is a design feature as you don't want to be running

unverified software/commands.

So my questions are:-

1) Does anyone know how I could get around this without creating our own .vib that would would need signing by VMware, as this is changing system file (/etc/rc.local) that at Community Supported Level, is not covered? From what I understand VIB author is deprecated.

or ideally

2) Know why ipmi_si_drv and ipmi_devintf aren't loaded at boot time even though ipmiEnabled is set to TRUE?

Many thanks in advance.

BR,

Chris

0 Kudos
3 Replies
continuum
Immortal
Immortal

Did you check your boot.cfg file yet ?

Do you see any messages in the vmkernel.log about those modules ?


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
Chris_CCT
Contributor
Contributor

Thanks for getting back to me.

boot.cfg is as installed. I can see the following in the 'modules=' line:-

--- ipmi_ipm.v00 --- ipmi_ipm.v01 --- ipmi_ipm.v02

Below are entries from vmkernel.log with regard ipmi. As you can see the module ipmi fails to load due to SMIC BMC SI not supported:-

2019-08-07T08:36:45.181Z cpu0:2097152)VisorFSTar: 1856: ipmi_ipm.v00 for 0xa368 bytes

2019-08-07T08:36:45.181Z cpu0:2097152)VisorFSTar: 1856: ipmi_ipm.v01 for 0x14b68 bytes

2019-08-07T08:36:45.182Z cpu0:2097152)VisorFSTar: 1856: ipmi_ipm.v02 for 0x198b0 bytes

2019-08-07T08:37:05.968Z cpu0:2097648)Activating Jumpstart plugin ipmi.

2019-08-07T08:37:06.012Z cpu7:2098370)Loading module ipmi ...

2019-08-07T08:37:06.013Z cpu7:2098370)Elf: 2101: module ipmi has license VMware

2019-08-07T08:37:06.019Z cpu7:2098370)ipmi: SMBIOS IPMI Entry: Address: 0xca8, System Interface: 3, Alignment: 1, Map Type: 0

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: IpmiSysInt_Init:61: ipmi: The SMIC BMC System Interface is not supported. Error: Not supported

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: IpmiDriver_Init:205: ipmi: Failed to initialize IPMI system interface. Error: Not supported

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: CreateIpmiDrivers:1246: ipmi: Failed to initialize IPMI driver. Error: Not supported

2019-08-07T08:37:06.019Z cpu7:2098370)ipmi: No valid IPMI devices were discovered based upon PCI, ACPI or SMBIOS entries, attempting to discover IPMI devices at default locations

2019-08-07T08:37:06.019Z cpu7:2098370)IOResource: 331: Registered resource 0x430587a6bfc0 from module 0 type 3 @ ca2 len=2

2019-08-07T08:37:06.019Z cpu7:2098370)ipmi: KCS Port Map: Command Port: 0xca3 Data Port: 0xca2

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: SanityCheckStatusReg:101: ipmi: Reading the KCS Status Register produced an invalid value: 0xFF

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: IpmiSysIntKcs_Init:769: ipmi: Failure to inialize KCS registers. Error: Failure

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: IpmiDriver_Init:205: ipmi: Failed to initialize IPMI system interface. Error: Failure

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: CreateIpmiDrivers:1246: ipmi: Failed to initialize IPMI driver. Error: Failure

2019-08-07T08:37:06.019Z cpu7:2098370)IOResource: 331: Registered resource 0x430587a6bfc0 from module 0 type 3 @ e4 len=3

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: SanityCheckRegs:111: ipmi: Reading the BT Control Register produced an invalid value: 0xFF

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: IpmiSysIntBt_Init:107: ipmi: Failed to initialize BT registers. Error: Failure

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: IpmiDriver_Init:205: ipmi: Failed to initialize IPMI system interface. Error: Failure

2019-08-07T08:37:06.019Z cpu7:2098370)WARNING: ipmi: CreateIpmiDrivers:1246: ipmi: Failed to initialize IPMI driver. Error: Failure

2019-08-07T08:37:06.019Z cpu7:2098370)ipmi: Failed to create any IPMI drivers

2019-08-07T08:37:06.019Z cpu7:2098370)ipmi failed to load.

2019-08-07T08:37:06.020Z cpu7:2098370)WARNING: Elf: 3144: Kernel based module load of ipmi failed: Failure <Mod_LoadDone failed>

2019-08-07T08:37:06.640Z cpu2:2097648)Jumpstart plugin ipmi activation failed: ipmi->start() failed: exited with code 1

But if I then load the ipmi_si_drv and impi_devintf manually this driver seems to initialize with the SMC interface correctly:-

[root@TRE5x:/var/log] vmkload_mod ipmi_si_drv

Module ipmi_si_drv loaded successfully

[root@TRG4x:/var/log] vmkload_mod ipmi_devintf

Module ipmi_devintf loaded successfully

[root@TRG4x:/var/log]

2019-08-07T08:42:08.399Z cpu9:2099901)Loading module ipmi_msghandler ...

2019-08-07T08:42:08.399Z cpu9:2099901)Elf: 2101: module ipmi_msghandler has license GPL

2019-08-07T08:42:08.400Z cpu9:2099901)module heap vmklnx_ipmi_msghandler: Initial heap size = 16384, max heap size = 9666560

2019-08-07T08:42:08.400Z cpu9:2099901)vmklnx_module_mempool_init: Mempool max 9666560 being used for module: 4196

2019-08-07T08:42:08.400Z cpu9:2099901)vmk_MemPoolCreate passed for 4 pages

2019-08-07T08:42:08.400Z cpu9:2099901)module heap vmklnx_ipmi_msghandler: using memType 0

2019-08-07T08:42:08.400Z cpu9:2099901)module heap vmklnx_ipmi_msghandler: creation succeeded. id = 0x4308529a3000

2019-08-07T08:42:08.400Z cpu9:2099901)<6>ipmi message handler version 39.2-6vmw

2019-08-07T08:42:08.400Z cpu9:2099901)Mod: 4962: Initialization of ipmi_msghandler succeeded with module ID 4196.

2019-08-07T08:42:08.400Z cpu9:2099901)ipmi_msghandler loaded successfully.

2019-08-07T08:42:08.400Z cpu9:2099901)Loading module ipmi_si_drv ...

2019-08-07T08:42:08.400Z cpu9:2099901)Elf: 2101: module ipmi_si_drv has license GPL

2019-08-07T08:42:08.401Z cpu9:2099901)module heap vmklnx_ipmi_si_drv: Initial heap size = 16384, max heap size = 9666560

2019-08-07T08:42:08.401Z cpu9:2099901)vmklnx_module_mempool_init: Mempool max 9666560 being used for module: 4197

2019-08-07T08:42:08.401Z cpu9:2099901)vmk_MemPoolCreate passed for 4 pages

2019-08-07T08:42:08.401Z cpu9:2099901)module heap vmklnx_ipmi_si_drv: using memType 0

2019-08-07T08:42:08.401Z cpu9:2099901)module heap vmklnx_ipmi_si_drv: creation succeeded. id = 0x4308532de000

2019-08-07T08:42:08.401Z cpu9:2099901)<6>IPMI System Interface driver.

2019-08-07T08:42:08.401Z cpu9:2099901)PCI: driver ipmi_si is looking for devices

2019-08-07T08:42:08.401Z cpu9:2099901)PCI: driver ipmi_si claimed 0 device

2019-08-07T08:42:08.401Z cpu9:2099901)<6>ipmi_si: No BMC IRQ configured in SMBIOS. Operating in polling mode

2019-08-07T08:42:08.401Z cpu9:2099901)<6>ipmi_si: probing via SMBIOS

2019-08-07T08:42:08.401Z cpu9:2099901)<6>ipmi_si: SMBIOS: io 0xca9 regsize 1 spacing 1 irq 0

2019-08-07T08:42:08.401Z cpu9:2099901)<6>ipmi_si: Adding SMBIOS-specified smic state machine

2019-08-07T08:42:08.401Z cpu9:2099901)<6>ipmi_si: Trying SMBIOS-specified smic state machine at i/o address 0xca9, slave address 0x20, irq 0

2019-08-07T08:42:08.875Z cpu9:2099901)<6>ipmi_si ipmi_si.0: Found new BMC (man_id: 0x  005f4a,  prod_id: 0xa011, dev_id: 0x 00)

2019-08-07T08:42:08.875Z cpu9:2099901)<6>ipmi_si ipmi_si.0: IPMI smic interface initialized

2019-08-07T08:42:08.875Z cpu9:2099901)Mod: 4962: Initialization of ipmi_si_drv succeeded with module ID 4197.

2019-08-07T08:42:08.875Z cpu9:2099901)ipmi_si_drv loaded successfully.

2019-08-07T08:42:13.643Z cpu20:2099929)Loading module ipmi_devintf ...

2019-08-07T08:42:13.643Z cpu20:2099929)Elf: 2101: module ipmi_devintf has license GPL

2019-08-07T08:42:13.644Z cpu20:2099929)module heap vmklnx_ipmi_devintf: Initial heap size = 16384, max heap size = 9666560

2019-08-07T08:42:13.644Z cpu20:2099929)vmklnx_module_mempool_init: Mempool max 9666560 being used for module: 4198

2019-08-07T08:42:13.644Z cpu20:2099929)vmk_MemPoolCreate passed for 4 pages

2019-08-07T08:42:13.644Z cpu20:2099929)module heap vmklnx_ipmi_devintf: using memType 0

2019-08-07T08:42:13.644Z cpu20:2099929)module heap vmklnx_ipmi_devintf: creation succeeded. id = 0x430853c19000

2019-08-07T08:42:13.644Z cpu20:2099929)<6>ipmi device interface

2019-08-07T08:42:13.644Z cpu20:2099929)Mod: 4962: Initialization of ipmi_devintf succeeded with module ID 4198.

2019-08-07T08:42:13.644Z cpu20:2099929)ipmi_devintf loaded successfully.

Is there anything I can add to boot.cfg to load the above driver automatically?

Many thanks,

Chris

0 Kudos
Chris_CCT
Contributor
Contributor

Hi,

Can anyone help with the above or anyone got a copy of VIB author so I can create my own signed .vib file?

Many thanks,

Chris

0 Kudos