Red Hat Bugzilla – Bug 1273989
[Hyper-V] Gen2 VM secure boot certificate signing - RHEL 7.2 Beta/RC
Last modified: 2016-01-22 15:15:54 EST
Description of problem:
Secure boot is not possible with any of RHEL 7.x releases.
Version-Release number of selected component (if applicable):
Tested also with the most recent 7.2 RC2.
Steps to Reproduce:
1. Create a new Gen2 VM
2. Go to the VM settings - Security
3. For the certificate template, select the Microsoft UEFI Certificate Authority.
4. Attach the DVD1 ISO
5. Boot the VM
These messages are displayed when booting from ISO:
error: /images/pxeboot/vmlinuz has invalid signature.
error: you need to load the kernel first.
EFI/UEFI kernel files would have the Microsoft UEFI CA Certificate present, that would allow the secure boot feature on a Gen2 VM.
I think this is expected for the RHEL 7.2 Beta version, according to below document:
Note: the kernel-signing-ca.cer could be found according to https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html-single/7.2_Release_Notes/index.html
And I have tried with the latest RHEL 7.2 version according to above steps, the guest could boot up with Secure Boot enabled.
For the RHEL 7.2 GA, I think it should just work without above action.
Thank you Yaju for the info, wasn't aware of this limitation as part of the Beta builds.
Will use the steps mentioned in the meantime and verify the GA ISO when released.
Since this is really just an artifact of the release process, and should naturally be resolved without any extra work, I'm NAKing this.
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.