Search This Blog

Saturday, January 3, 2015

Win 2016 TP3:- Linux Secure Boot

[ Update 31 August 2015]

We have just tested Linux Secure Boot and here is our evaluation.
What is “Secure Boot”?
According to Linux Foundation, Secure boot is a technology described by recent revision of the UEFI specification. It offers the prospect of a hardware verified, malware free operating bootstrap process that can improve the security of many system deployments. (Link).

When the VM starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If signatures are good, the VM boots and the firmware gives control to the operating system. And Secure boot is available in Generation 2 Virtual Machine.

At this moment, Generation 2 VM supported the following guest operating system:-
  • Windows 8 (64 bit)
  • Windows 8.1 (64 bit)
  • Windows Server 2012 R2
  • Windows Server 2012
With Windows Server Technical Preview 2016 TP3, it now extended support to Linux with
  • Ubuntu 14.04 and later
  • Suse Linux Enterprise Server 12

[ Configuration ]
Make sure VM is turn off before execute PowerShell command
Execute below command
Set-VMFirmware Ubuntu01 -SecureBootTemplate MicrosoftUEFICertificateAuthority

2 -Must turn off VM

or modify the setting from VM Properties. Go to Security | Tick Secure Boot | Select Microsoft UEFI Certificate Authority Template.

Now boot up Ubuntu VM and start the OS installation. You now have a linux secure boot VM running on Windows Server 2016 TP3.

For Windows VM - Generation 2, select template "Microsoft Windows"