Enabling Secure Boot on Linux with the Windows Technical Preview

When we released Windows Server 2012 R2 / Windows 8.1 and introduced the world to Generation 2 virtual machines – we were only able to run Windows guest operating systems.  In the following months we worked with a bunch of folks in the Linux community and were able to get a number of Linux distributions running on Generation 2 virtual machines.

With the Windows technical preview released we have worked to make this even better.  For the first time you can enable Secure Boot on a virtual machine running Linux.  To do this you will need to:

  1. Create a Generation 2 virtual machine
  2. Change the Secure Boot certificate of the virtual machine using the following PowerShell command:
    Set-VMFirmware “VM Name” -SecureBootTemplate MicrosoftUEFICertificateAuthority
  3. Install a version of Linux that supports SecureBoot using this template (presently Ubuntu or SuSE – latest versions)

Once you have done this – you can verify that Secure Boot is present and functionaly in the system by running:

sudo apt-get install fwts
sudo fwts uefidump – | grep Secure