121
16
I went to install a Debian instance on Windows Hyper-V client in Windows 10. However, when I attempted to start the VM, it would not boot from the cd. Eventually the Hyper-V BIOS gave me a failure to start screen that listed boot devices and their status. The status of the SCSI-DVD device said: "The unsigned image's hash is not allowed (DB)".
Finding information about this error on the internet is proving to be difficult.
Thomas
Posted 2016-01-14T08:19:43.837
Reputation: 3 377
188
This error is a consequence of having Secure Boot enabled on the VM. Secure Boot prevents the system from getting hijacked at boot time by only allowing specifically authorized boot images to load. In Hyper-V client, the list is rather short.
To disable Secure Boot, power off the VM and then open the VM settings. Under Secure Boot, uncheck the box "Enable Secure Boot" and then click "OK". This will allow the VM to boot the "unauthorized" CD image.
Update:
As mentioned by Itai Bar-Haim in the comments, and Thee Gamefanatic said in their answer, you can also select a different template depending on the OS image you're attempting to boot. Be aware that these templates are mutually exclusive - this means that you will not be able to boot a Windows OS image if you select the "Microsoft UEFI Certificate Authority" template.
Microsoft has a thorough deep dive into Secure Boot and how it works available on this blog: https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/
Thomas
Posted 2016-01-14T08:19:43.837
Reputation: 3 377
61
Disable Secure Boot option in the VM Settings:
This feature is enabled by default on Gen2 VMs and requires your ISO image boot loader to be signed by Microsoft Authenticode certificate. Any custom images with modified boot loader will fail to boot. There is also "Microsoft UEFI Certificate Authority" template for Linux images.
Mikhail
Posted 2016-01-14T08:19:43.837
Reputation: 1 124
3
I was looking into this issue and came upon this thread. I found that changing the option to utilize the "Microsoft UEFI Certificate Authority" resolved my problem using Ubuntu Server 17.x.
Set-VMFirmware -VM $VM -FirstBootDevice $(Get-VMDvdDrive -VM $VM) -EnableSecureBoot On -SecureBootTemplate MicrosoftUEFICertificateAuthority
Thee Gamefanatic
Posted 2016-01-14T08:19:43.837
Reputation: 31
how do you set the value of $VM? – code_monk – 2017-11-24T16:41:19.900
1You can also set this in the UI (show in Makhail's answer) by selecting "Microsoft UEFI Certificate Authority" from the Template dropdown on the Security settings screen. – devrelm – 2017-12-11T16:04:31.397
1
This happened to me too while trying to install Windows server 2008 R2 on windows 10 hyper-v. It also said DHCP failed and no bootable OS was found. Unchecking the Secure boot option didn't resolve the issue. However, creating a new Gen 1 VM did.
Jeevan Kulkarni
Posted 2016-01-14T08:19:43.837
Reputation: 11
0
Rather than disabling Secure Boot completely, if you are installing an OS supported by Microsoft, you can set it to "Microsoft UEFI Certificate Authority".
Here is the list of Microsoft-supported Linux and BSD OSes. For example, all Ubuntu LTS versions since 14.04 LTS are supported, as well as the current non-LTS version.
Power down the VM, open Settings, then under Security choose the Microsoft UEFI Certificate Authority template.
Tobias J
Posted 2016-01-14T08:19:43.837
Reputation: 990
1Thanks, really odd that this failed with ISO images directly from MSDN. But that's M$ for ya. – Rob – 2016-06-30T19:08:02.097
Perfect answer thanks, I was wondering what it was.Can we reactivate it after the installation ? – Raphael Teubner – 2016-12-04T18:19:06.203
Secure Boot is enabled or disabled on a per-VM basis. As long as the installed OS has a recognized boot image, you can re-enable Secure Boot after the installation. – Thomas – 2016-12-05T01:01:30.497
7I chose a different template: "Microsoft UEFI Certificate Authority". Worked like charm. – Itai Bar-Haim – 2018-02-07T08:16:01.327
Works perfectly! – Damian – 2018-08-31T09:33:48.197