I'm having trouble updating the Key Encryption Key (KEK) on my Windows virtual machines in VMware. I can successfully update the Secure Boot Database with a new bootloader certificate, and I've even replaced the boot manager with one signed by 'Windows UEFI CA 2023' on most VMs without any hitches.
However, when I try to update the KEK, I keep getting an error: "The Secure Boot update failed to update KEK 2023 with error Invalid access to memory location." This issue happens across all of my VMware virtual machines. Although the KEK isn't strictly necessary for Secure Boot to function, not being able to update it makes me jittery about future updates to the Secure Boot Databases. Has anyone else faced this issue, and what's the fix?
1 Answer
It sounds like your VMs might have been created using an older version of ESXi, maybe before 8.0.2? You’ll need to upgrade the hardware version and also rename or delete the .NVRAM file. This step can often resolve the KEK update issue you’re encountering. Check out a Broadcom article for more details on it!
Yes, I found out through trial and error that renaming the .NVRAM file does fix the problem! Thanks for confirming that with the vendor's info, it really gives me peace of mind!