The image hash and certificate are not allowed
Today I was deploying a new Linux machine in my home lab, part of which is running on Hyper-V,to host a Docker cluster base on Linux CentOS.
After creating the VM and connecting the required ISO File, CentOS 7 in my case, I booted it just to be greeted by the The image hash and certificate are not allowed error message with machine failing to boot as no PXE server is configured for network boot.
The error message is caused by having Secure Boot enabled with an incorrect configuration for guest OS, you can easily display the configuration with the following command:
Get-VMFirmware -VMName $vmName
VMName SecureBoot SecureBootTemplate PreferredNetworkBootProtocol BootOrder
------ ---------- ------------------ ---------------------------- ---------
SRV-TEST On MicrosoftWindows IPv4 {File, Network, Drive, Drive}
As you can see in the above example the SEcureBootTemplate is set to MicrosoftWindows which is the default value for new VMs.
To change this setting use the Set-VMFirmware like this
Set-VMFirmware -VMName $vmName -SecureBootTemplate MicrosoftUEFICertificateAuthority
# Very correct settings
VMName SecureBoot SecureBootTemplate PreferredNetworkBootProtocol BootOrder
------ ---------- ------------------ ---------------------------- ---------
SRV-TEST On MicrosoftUEFICertificateAuthority IPv4 {File, Network, Drive, Drive}
If you want to disable SecureBoot all together for a specific VM, for example if it will still not boot, you can easily do that with the following command:
Set-VMFirmware -VMName $vmName -EnableSecureBoot Off
Leave a comment