Microsoft added a secure boot mode option for Hyper-V virtual machines with Windows Server 2012 R2, but the option...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
wasn't available for Linux VMs. However, in the upcoming Windows Server 2016, administrators will now be able to enable secure boot mode for VMs running a variety of Linux operating systems.
Secure boot mode is a signature-checking process that occurs during the OS boot up. Secure boot ensures that only approved OS components are loaded during the boot. This feature prevents malicious code from running under the security context of the system account and then gain access to OS components. Microsoft introduced the secure boot feature as part of Generation 2 VMs in Windows Server 2012 R2. However, since Generation 2 VMs are available only for Windows VMs running on Windows Server 2012 R2 and later Hyper-V hosts, the secure boot feature wasn't an option for VMs running a Linux OS. While it is still in technical preview, Windows Server 2016 (I’m using Windows Server 2016 Technical Preview 4), will include a secure boot mode for Linux VMs.
VMs running a variety of Linux distributions, such as Ubuntu 14.04, SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7.0 and CentOS 7.0 will have the option for a secure boot. The Linux VMs must be running on Windows Server 2016 Hyper-V hosts and you must configure the secure boot option before you boot the Linux VM. There are three ways to enable secure boot mode; the Hyper-V Manager, System Center Virtual Machine Manager or using the Set-VMFirmware PowerShell cmdlet.
To enable secure boot mode using the Hyper-V Manager, go to the property of a Linux VM, select the security tab, check the "Enable Secure Boot" checkbox in the right pane and then select "Microsoft UEFI Certificate Authority" from the template dropdown list as shown in Figure A.
If you need to use the PowerShell cmdlet, run the following commands on the Windows Server 2016 Hyper-V host:
Set-VMFirmWare "<VM Name>" –EnableSecureBoot -OnSet-VMFirmWare <VM Name> -SecureBootTemplate MicrosoftUEFICertificateAuthority
Note that the "-SecureBootTemplate" parameter with Set-VMFirmWare is available only in Windows Server 2016 Hyper-V hosts. If you wish to disable secure boot for VMs, run the following command:
Set-VMFirware –VMName <VMName> -EnableSecureBoot Off
Using the upcoming secure boot mode for Linux VMs should help protect your virtual infrastructure from potential intrusions.
Five potential problems with Linux VMs on Hyper-V
Windows Server 2012 R2 updates for Linux VMs
Considerations for protecting VM data
How VMware ESXi secures boot functions
Dig Deeper on Microsoft Hyper-V management
Related Q&A from Nirmal Sharma
PowerShell is just one way to trigger AD synchronization when troubleshooting, making configuration changes or ensuring a consistent copy of ...continue reading
Windows Server 2016 provides advanced security for VMs and enables the user to boot Linux VMs securely and to hot add and remove network cards and ...continue reading
With just a PowerShell cmdlet or two, you can create Hyper-V checkpoints, get a list of all existing checkpoints for a VM or revert a VM to a ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.