Several months back, I was helping a customer debug an issue where I needed to install the GA release of ESXi 6.7! Yikes, it certainly has been a minute since I have installed anything older than 7.x but I figured it should still work fine with recent hardware like an Intel NUC systems, right?
After the ESXi installer started to boot up, it eventually halted with the following message:
Shutting down firmware services...
Using 'simple offset' UEFI RTS mapping policy
I decided to give it one more go by using a more recent release of ESXi 6.7 Update 3 and to my surprise, not only did ESXi installed perfectly fine but I did not run into the error message shown abvove!
I then realized that perhaps this has something to do with the ESXi bootloader, like any piece of software, there are fixes and enhancements with newer releases. I also recall a conversation with one of our Engineers that the ESXi bootloader is also designed to be backwards compatible, so that gave me an idea to try replacing the default ESXi 6.7 GA bootloader files with the ones found in ESXi 6.7 Update 3 and now I was able to install ESXi 6.7 GA release!
However, my success did not last very long as I ran into a slightly different message after the initial reboot:
Shutting down firmware services…
UEFI runtime services support is disabled
Like most users, I too assumed these were "error" messages but after speaking with Engineering, I came to learn that these are actually just progress messages that is displayed to the user and the very last message on the screen simply conveys how far the bootloader actually got before stopping. I have noticed that these messages are most common with users installing/upgrading to ESXi 6.x, which is not only an extremly old release of ESXi but it has also been EOL'ed for some time now!
With that said, there are still a few options depending on your setup which I have outlined below, including a full fix for my specific scenario, which was not actually related to the UEFI Runtime Services (RTS).
Option A:
To rule out UEFI RTS and see if disabling may help, you can add norts=1 on a brand newline in the ESXi boot.cfg file in your ESXi installer media which is located in EFI/boot/boot.cfg. If you are still encountering the messages above, then this is not UEFI RTS issue and is probably related to firmware issues which is causing the halting. You can try to install a newer ESXi release to see if there are any fixes/enhancements that might work but you may be out of luck with the current hardware that you are using.
Option B:
Update the ESXi default bootloader files with a more recent release if you wish to install a specific ESXi version and not using the latest. The solution here is a two step process, the first is to replace the ESXi bootloader files in the bootable media (e.g. USB) and after the installation, you will also need to replace the bootloader files which actually uses the original bootloader files and not the ones you had replaced. This is easily accomplished IF your installation media is a USB device, because we will need to mount this into a Linux system to replace the files. This was actually the reason I was seeing the message after the initial reboot of ESXi, as the original bootloader files were used rather than the replaced files upon rebooting.
Step 1 - After creating your ESXi bootable installer on USB, open up the EFI/BOOT directory and copy the updated files from newer ESXi ISO release (e.g. ESXi 8.0 Update 2) which includes BOOTx64.EFI, CRYPTO64.EFI and SAFEBOOT.EFI and overwrite those files in your ESXi bootable installer under the EFI/BOOT directory.
Step 2 - You will now be able to boot and install ESXi without any issues but upon reboot, you will see the same message as I mentioned earlier. At this point, unplug the USB device that should have ESXi installed and we will attach it to an Ubuntu VM.
Note: If you have installed ESXi onto an SSD, then you will need to boot an Ubuntu Live CD to perform the operation rather than using a VM, but the process is exactly the same using the steps below.
Step 3 - We need to identify the EFI partition to mount which we can do so using the following command:
sudo fdisk -l
In my example, the USB device shows up as /dev/sdb and the EFI system partition is /dev/sdb1.
Step 3 - Use the following command to mount the EFI system partition into a directory called /mnt/usb
mkdir /mnt/usb
sudo mount /dev/sdb1 /mnt/usb/
Step 4 - Next, we need to copy the BOOTX64.EFI file from a newer ESXi release and then overwrite /EFI/VMware/mboot64.efi file:
sudo mv BOOTX64.EFI /mnt/usb/EFI/VMware/mboot64.efi
Step 6 - Finally, unmount the USB device and then connect it back to your physical ESXi host and now it up and you should no longer run into the message as we have updated the ESXi bootloader on the installed system.
sudo umount /mnt/usb
Option C:
If neither Option A or B helps, then it is likely that you may have firmware related issues. For newer versions of ESXi, the ESXi bootloader now has a verbose mode that you can enable by adding -V option during the boot up process (SHIFT+O). You should see additional logging messages typically highlighted in yellow. If you do not, follow Step 1 only in Option B to obtain a newer ESXi bootloader and see if there are additional information that might point you issue.
You should also ensure that you update all the latest firmware from hardware vendors and also consider using newer ESXi releases as it will contain fixes and more than likely install out of the box compared to ESXi 6.x without requiring additional tweaks.
Thanks for the comment!