bradhoff
Contributor
Contributor

Update Manager 6.7 Patch Integrity and Authenticity Check

Jump to solution

Hi All,

I have a quick question regarding the security of the updates/patches that update manager uses.

Do you know if these updates are signed by VMware and then checked before they are deployed? If so, is there an article or document that states this for record purposes?

1 Solution

Accepted Solutions
Lalegre
Commander
Commander

Hey bradhoff​,

Here is a link that states that VMware signs their products: Configuring the Update Manager Download Sources .

"Patches are cryptographically signed with the VMware private keys. Before you try to install a patch on a host, the host verifies the signature. This signature enforces the end-to-end protection of the patch itself, and can also address any concerns about patch download"

And also with the files you download from My VMware you have the MD5, SHA1 and SHA256 checksum in case you want to verify its validity.

View solution in original post

3 Replies
scott28tt
VMware Employee
VMware Employee

Moderator: Thread moved to the Update Manager area.

0 Kudos
Lalegre
Commander
Commander

Hey bradhoff​,

Here is a link that states that VMware signs their products: Configuring the Update Manager Download Sources .

"Patches are cryptographically signed with the VMware private keys. Before you try to install a patch on a host, the host verifies the signature. This signature enforces the end-to-end protection of the patch itself, and can also address any concerns about patch download"

And also with the files you download from My VMware you have the MD5, SHA1 and SHA256 checksum in case you want to verify its validity.

View solution in original post

bradhoff
Contributor
Contributor

Thanks, Lalegre.