Microsoft added a secure boot mode option for Hyper-V virtual machines with Windows Server 2012 R2, but the option...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
wasn't available for Linux VMs. However, in the upcoming Windows Server 2016, administrators will now be able to enable secure boot mode for VMs running a variety of Linux operating systems.
Secure boot mode is a signature-checking process that occurs during the OS boot up. Secure boot ensures that only approved OS components are loaded during the boot. This feature prevents malicious code from running under the security context of the system account and then gain access to OS components. Microsoft introduced the secure boot feature as part of Generation 2 VMs in Windows Server 2012 R2. However, since Generation 2 VMs are available only for Windows VMs running on Windows Server 2012 R2 and later Hyper-V hosts, the secure boot feature wasn't an option for VMs running a Linux OS. While it is still in technical preview, Windows Server 2016 (I’m using Windows Server 2016 Technical Preview 4), will include a secure boot mode for Linux VMs.
VMs running a variety of Linux distributions, such as Ubuntu 14.04, SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7.0 and CentOS 7.0 will have the option for a secure boot. The Linux VMs must be running on Windows Server 2016 Hyper-V hosts and you must configure the secure boot option before you boot the Linux VM. There are three ways to enable secure boot mode; the Hyper-V Manager, System Center Virtual Machine Manager or using the Set-VMFirmware PowerShell cmdlet.
To enable secure boot mode using the Hyper-V Manager, go to the property of a Linux VM, select the security tab, check the "Enable Secure Boot" checkbox in the right pane and then select "Microsoft UEFI Certificate Authority" from the template dropdown list as shown in Figure A.
If you need to use the PowerShell cmdlet, run the following commands on the Windows Server 2016 Hyper-V host:
Set-VMFirmWare "<VM Name>" –EnableSecureBoot -OnSet-VMFirmWare <VM Name> -SecureBootTemplate MicrosoftUEFICertificateAuthority
Note that the "-SecureBootTemplate" parameter with Set-VMFirmWare is available only in Windows Server 2016 Hyper-V hosts. If you wish to disable secure boot for VMs, run the following command:
Set-VMFirware –VMName <VMName> -EnableSecureBoot Off
Using the upcoming secure boot mode for Linux VMs should help protect your virtual infrastructure from potential intrusions.
Five potential problems with Linux VMs on Hyper-V
Windows Server 2012 R2 updates for Linux VMs
Considerations for protecting VM data
How VMware ESXi secures boot functions
Dig Deeper on Microsoft Hyper-V management
Related Q&A from Nirmal Sharma
A misconfigured SCVMM service template can cause serious headaches. Before deploying service templates in production, validate them with SCVMM ...continue reading
When our Run As account experiences issues, SCVMM doesn't show an error message. How do I check account credentials to ensure they're correct?continue reading
It's getting difficult to keep track of all the service templates in SCVMM. Is there a simple command that enables us to query and export them easily?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.