VMware Cloud Community
bradhoff
Contributor
Contributor
Jump to solution

Update Manager 6.7 Patch Integrity and Authenticity Check

Hi All,

I have a quick question regarding the security of the updates/patches that update manager uses.

Do you know if these updates are signed by VMware and then checked before they are deployed? If so, is there an article or document that states this for record purposes?

1 Solution

Accepted Solutions
Lalegre
Virtuoso
Virtuoso
Jump to solution

Hey bradhoff​,

Here is a link that states that VMware signs their products: Configuring the Update Manager Download Sources .

"Patches are cryptographically signed with the VMware private keys. Before you try to install a patch on a host, the host verifies the signature. This signature enforces the end-to-end protection of the patch itself, and can also address any concerns about patch download"

And also with the files you download from My VMware you have the MD5, SHA1 and SHA256 checksum in case you want to verify its validity.

View solution in original post

3 Replies
scott28tt
VMware Employee
VMware Employee
Jump to solution

Moderator: Thread moved to the Update Manager area.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
Jump to solution

Hey bradhoff​,

Here is a link that states that VMware signs their products: Configuring the Update Manager Download Sources .

"Patches are cryptographically signed with the VMware private keys. Before you try to install a patch on a host, the host verifies the signature. This signature enforces the end-to-end protection of the patch itself, and can also address any concerns about patch download"

And also with the files you download from My VMware you have the MD5, SHA1 and SHA256 checksum in case you want to verify its validity.

bradhoff
Contributor
Contributor
Jump to solution

Thanks, Lalegre.