Hyper-V Boot Error: The Image’s Hash and Certificate Are not Allowed

I got here throughout an attention-grabbing problem when attempting to put in Linux CentOS on a digital machine operating on a Hyper-V server (the kind of the digital machine was “Generation 2” with UEFI assist). I had downloaded CentOS 7 set up file (ISO), created a brand new gen2 kind VM in Hyper-V, mounted the ISO file and tried besides the VM from the set up ISO. However, when booting the VM, the next error message appeared within the Hyper-V console:

SCSI DVD (zero,zero). The picture's hash and certificates are not allowed (DB).

No UEFI-compatible file system was discovered.

No working system was loaded. Press a key to retry the boot sequence…

Hyper-V error: The image's hash and certificate are not allowed
The downside is that Hyper-V by default is utilizing UEFI with Secure Boot mode enabled for its Generation 2 digital machines. Secure Boot prevents boot from an untrusted Linux bootloader within the ISO file (the Linux bootloader neither signed nor licensed by Microsoft).

To begin Linux set up, I needed to disable Secure Boot within the digital machine settings (Settings -> Security -> uncheck the choice Enable Secure Boot).

Or you may go away Secure Boot enabled, however use Microsoft UEFI Certificate Authority template as a substitute of Microsoft Windows. According to Microsoft data, this template lets you run Linux distros within the Secure Boot compatibility mode.

hyper-v vm gen-2 - secure boot mode and Microsoft UEFI Certificate Authority template

Restart your VM and attempt to boot it once more from the CentOS set up ISO picture or one other Linux distribution (I managed to run CentOS eight and Ubuntu 19.04 set up utilizing this methodology).

boot from linux iso on hyper-v vm in uefi mode

In the identical manner, you may handle Secure Boot and templates setting of VM utilizing PowerShell. Here is how one can get the present VM firmware settings:

Get-VMFirmware -VMName "centos7"

Get-VMFirmware hyper-v

To disable Secure Boot mode on your VM:

Set-VMFirmware -VMName "centos7" -EnableSecureBoot Off

In order to alter the bootloader certificates validation template to the one appropriate with most Linux distros:

Set-VMFirmware -VMName "centos7" -EnableSecureBoot On -SecureBootTemplate "MicrosoftUEFICertificateAuthority"

Check Also

Transferring/Seizing FSMO Roles to Another Domain Controller

In this text we’ll think about how to discover area controllers with FSMO roles in …

Leave a Reply

Your email address will not be published. Required fields are marked *