The new and upgraded features are available on Windows Server 2016 Hyper-V Role with better enhancements when compared to windows 2012R2 Server.
The following are the enhanced features of Windows Server 2016 :
- Improved Hyper-V Manager
- Integration services delivered through Windows Updates
- Enhanced memory and processors for generation 2 virtual machines and Hyper-V hosts
- Shared virtual hard disks
- Storage quality of service (QoS)
- Virtual machine configuration file format
- Virtual machine configuration version
These are the New features on Windows Server 2016:
- Compatible with Connected Standby
- Discrete device assignment
- Encryption support for the operating system disk in generation 1 virtual machines
- Host resource protection
- Hot add and remove for network adapters and memory
- Linux Secure Boot
- Nested virtualization
- Networking features
- Production checkpoints
- Rolling Hyper-V Cluster upgrade
- Shielded virtual machines
- Start order priority for clustered virtual machines
- Virtualization-based security for generation 2 virtual machines
- Windows Containers
- Windows PowerShell Direct
This Document describes about Linux Secure Boot in windows Server 2016. For windows 2012R2 Generation 2, Virtual machines did not support Secure boot for Linux. This feature is added in windows Server 2016 Hyper-V Generation 2 VMs.
What is Secure Boot:
Secure Boot is a technology and the latest feature of the UEFI (Unified Extensible Firmware Interface) 2.3.1 specification. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.
UEFI can support remote diagnostics and repair of computers, even with no operating system installed.
UEFI firmware provides several technical advantages over a traditional BIOS system:
- Ability to boot from large disks (2TB) with a GUID Partition Table (GPT)
- CPU-independent architecture
- CPU-independent driver
- Flexible pre-OS environment, including network capability
- Modular design
- Backward and forward compatibility
Secure Boot ensures every component loaded during the booting process are validated and make sure that the PC using the software components, which is trusted by the Manufacturer or the user. Secure Boot helps computer fight against the Virus infections and Malware attacks.
For Secure Boot process, once the machine is powered ON, and it passes POST(Power ON Self Test) test and then UEFI (Unified Extensible Firmware Interface) firmware is loaded. This firmware is responsible for verification of components before they are loaded. If the verification of operating system is not complete then you might get an error.
Once you created the Ubuntu 16.04 Generation 2 Virtual Machine on Windows Server 2016 Hyper-V Manager, you can start the installation and you will get the error on Ubuntu Booting sequence, attached screenshot below.
Enabling Secure Boot on Linux(Ubuntu)
To enable Secure Boot on Linux(Ubuntu) Virtual Machine Power off the Ubuntu VM and go to setting on left side where you have a Security tab, select it. After clicking the Security tab, in right side there will be an option to enable Secure Boot. Select that box and change the template setting from Microsoft Windows to Microsoft UEFI Certificate Authority, listed below. Now click apply and OK.
Refer below screenshot.
After changing the Virtual Machine Settings, now you can boot the Ubuntu VM. Now install the Ubuntu OS.
Now the Virtual Machine boots through Secure Boot.
if you do not get any alert, then your VM Secure boot is working fine.
To enable secure boot for Linux VM on Hyper-V, we need to run the below command on Powershell.
Set-VMFirmware “VMname” -SecureBootTemplate MicrosoftUEFICertificateAuthority
VMname | Mentioned the VM which created in Hyper-V Manager.
This command helps you to add the Microsoft CA certificate. You have to check the VM Security settings which is automatically changed and now you can install the OS.
Conclusion:
Secure Boot is a technology and the latest feature of the UEFI and Secure Boot helps a computer fight against the Virus infection and Malware attacks. Linux Secure boot is a new feature added in Windows Server 2016. This document will help you to enable the secure boot on Linux based Virtual Machines.
Got questions? Email us at: vembu-support@vembu.com for answers.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.