Ok, some new facts.
Reverting VMWare to the previous version (Hitting Shift+R) during bootup of VMWare works.
The Rocky Linux Guests are running again.
I then installed the newest patch for ESXi 7U2 which works too.
Conclusion:
- The problem might not be related to Secure Boot Since Secure Boot option works for ESXi 7U2
- The problem appears if I update from 7U2 to 7U3 with esxcli commands. Since this was a production machine and time was of the essence I did not have the time to test if an new install of 7U3 would work.
- Since it was critical to bring the server back up running I did not test if the problem was RockyLinux related or a general problem with EFI after updating using the HP patch packages.
- To reproduce the error
4a) Install VMWare from newest Custom HP iso for ESXi 7U2.
4b) Update to VMWare ESXi to 7U3 using HP patch depots. Using VMWare patch depots does not seem to update anything at all. - To reproduce the working patch
5a) Install VMWare from newest Custom HP iso for ESXi 7U2.
5b) Update to newest 7U2 patch using this commands
esxcli network firewall ruleset set -e true -r httpClient
esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
pick the newest 7.0U2 profile or whatever you like and run
esxcli software profile update -p <profilename> -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml --dry-run
Check what the update is doing. Maybe you need to set the host in maintenance mode or if you use old hardware that is not officially supported you have to use the --no-hardware-warning. After verifying run the same command without --dry-run
esxcli software profile update -p <profilename> -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
esxcli network firewall ruleset set -e false -r httpClient
My Host is now running 7.0U2e without problems. I did not try to update any funder because this was a production server but I hope this info helps at least someone.