Q
Get started Bring yourself up to speed with our introductory content.

How do I enable secure boot mode for Linux VMs?

The upcoming release of Windows Server 2016 adds a secure boot option for Linux VMs.

Microsoft added a secure boot mode option for Hyper-V virtual machines with Windows Server 2012 R2, but the option...

wasn't available for Linux VMs. However, in the upcoming Windows Server 2016, administrators will now be able to enable secure boot mode for VMs running a variety of Linux operating systems.

Secure boot mode is a signature-checking process that occurs during the OS boot up. Secure boot ensures that only approved OS components are loaded during the boot. This feature prevents malicious code from running under the security context of the system account and then gain access to OS components. Microsoft introduced the secure boot feature as part of Generation 2 VMs in Windows Server 2012 R2. However, since Generation 2 VMs are available only for Windows VMs running on Windows Server 2012 R2 and later Hyper-V hosts, the secure boot feature wasn't an option for VMs running a Linux OS. While it is still in technical preview, Windows Server 2016 (I’m using Windows Server 2016 Technical Preview 4), will include a secure boot mode for Linux VMs.

VMs running a variety of Linux distributions, such as Ubuntu 14.04, SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7.0 and CentOS 7.0 will have the option for a secure boot. The Linux VMs must be running on Windows Server 2016 Hyper-V hosts and you must configure the secure boot option before you boot the Linux VM. There are three ways to enable secure boot mode; the Hyper-V Manager, System Center Virtual Machine Manager or using the Set-VMFirmware PowerShell cmdlet.

To enable secure boot mode using the Hyper-V Manager, go to the property of a Linux VM, select the security tab, check the "Enable Secure Boot" checkbox in the right pane and then select "Microsoft UEFI Certificate Authority" from the template dropdown list as shown in Figure A.

Secure boot mode for Linux VMs can be enabled from the Hyper-V Manager
Enable secure boot from a VM's security tab within the Hyper-V Manager

If you need to use the PowerShell cmdlet, run the following commands on the Windows Server 2016 Hyper-V host:

Set-VMFirmWare "<VM Name>" –EnableSecureBoot -OnSet-VMFirmWare <VM Name> -SecureBootTemplate MicrosoftUEFICertificateAuthority

Note that the "-SecureBootTemplate" parameter with Set-VMFirmWare is available only in Windows Server 2016 Hyper-V hosts. If you wish to disable secure boot for VMs, run the following command:

Set-VMFirware –VMName <VMName> -EnableSecureBoot Off

Using the upcoming secure boot mode for Linux VMs should help protect your virtual infrastructure from potential intrusions.

Next Steps

Five potential problems with Linux VMs on Hyper-V

Windows Server 2012 R2 updates for Linux VMs

Considerations for protecting VM data

How VMware ESXi secures boot functions

This was last published in March 2016

Dig Deeper on Microsoft Hyper-V management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Under what circumstances would you choose to disable the secure boot feature?
Cancel

-ADS BY GOOGLE

SearchVMware

SearchWindowsServer

SearchCloudComputing

SearchVirtualDesktop

SearchDataCenter

Close