UEFI[^1] Secure Boot[^2] (SB) is a verification mechanism for ensuring that code launched by a computer's UEFI firmware is trusted. Unsigned drivers are therefor not allowed to load.
2 kernels modules are compiled at installation time and must be loaded. If the host provides the proper kernel headers and gcc, these two modules will be built silently. The progress is logged into /tmp/vmware-root/vmware-PID.log [^3].
On error type like:
Cannot open /dev/vmmon: No such file or directory. Please make sure that the kernel module `vmmon' is loaded```
The modules must be signed and the keys added to a database recognised by the first stage of the bootloader, the Machine Owner Key
# Modules must be signed by a CA (Certificate Authority), here self-signed
openssl req -new -x509 -newkey rsa:2048 -keyout <MOK.priv> -outform DER -out <MOK.der> -nodes -days 36500 -subj "/CN=VMware/"
sudo /usr/src/linux-headers-``uname -r``/scripts/sign-file sha256 <MOK.priv> <MOK.der> $(modinfo -n vmmon)
sudo /usr/src/linux-headers-``uname -r``/scripts/sign-file sha256 <MOK.priv> <MOK.der> $(modinfo -n vmnet)
sudo mokutil --test-key <MOK.der>
# cert should not be currently enrolled
sudo mokutil --import <MOK.der>
# mokutil should request pwd
sudo mokutil --test-key <MOK.der>
# cert should be enrolled now
sudo mokutil --list-new
# your cert should be displayed
reboot[^1] Unified Extensible Firmware Interface - https://wiki.debian.org/UEFI [^2] Debian secure boot documentation page [^3] VMware knowledge base