Secure boot with custom keys

Christoph 26 Reputation points
2022-09-06T13:33:50.467+00:00

I have a Linux VM and I want to enable secure boot. I used my own keys for signing. When I enabled secure boot in the trusted launch feature for my v2 VM it is not booting, the error message is 'The signed image's hash is not allowed (DB)'. The error was kind of expected since Azure doesn't know the keys. As soon as I disable the secure boot option the image boots without problem.

I am looking for a way to add my signing keys to be able to boot my Linux VM with secure boot enabled. So far I haven't found any option to upload my keys and I guess there is none. This is basically a validation question to make sure I haven't missed anything. Is there a way to add your own KEK, PK and DB to Azure to use secure boot with your own keys?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,057 questions
0 comments No comments
{count} vote

Accepted answer
  1. deherman-MSFT 33,051 Reputation points Microsoft Employee
    2022-09-06T23:17:38.817+00:00

    @Christoph
    Custom signing keys is not currently a supported feature for trusted launch VMs with secure boot. At this time, you can only enable the feature with the method described here.

    For product feedback and feature requests I will refer you to our feedback forum. This allows the community to add their voice and upvote popular ideas. The forums are monitored and responded to by our product teams.
    https://feedback.azure.com

    -------------------------------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful