In an OS that supports UEFI secure boot, each piece of boot software is signed, including the bootloader, the OS kernel, and OS drivers.
VM secure boot has some important requirements:
- Virtual hardware version 13 or later
- EFI firmware in the VM boot options
- Guest OS that supports UEFI secure boot
Some examples of supported OS are Windows 8 and Windows Server 2012 or newer, VMware ESXi 6.5 and Photon OS, RHEL/Centos 7.0, and Ubuntu 14.04.
You can enable secure boot, using the vSphere Web Client, in the VM Options of the selected VM:
VM boot options
You cannot upgrade a VM that uses BIOS boot to a VM that uses UEFI boot. Only if a VM already uses UEFI boot and the OS supports UEFI secure boot can you simply enable secure boot.