Installing a non-Windows Secure Boot capable EFI Virtual Machine in Hyper-V

So you have downloaded an operating system installation disk (Ubuntu 16.04.2 used in this instructional) and noticed supports EFI, yet when you try to boot from the ISO message, you are greeted with a message stating that the machine does not detect it as a valid Secure Boot capable disk, as shown below it states that “The image’s hash and certificate are not allowed”

Luckily this is an easy fix, as it is simply secure boot that Ubuntu/Hyper-V are having an argument over the validity of the Secure Boot certificate.

Check out the video I have created showing you how to do this, alternatively keep reading below for instructions and more details



Turning off your VM, open up the settings page and navigate to the “Security” menu (Server 2016). As you can see in the image below, “Secure Boot” is enabled (checked) and the template is set to “Microsoft Windows”. What this effectively does is limit the Secure Boot function to working only with an appropriately signed Microsoft Windows boot system.

To fix this, there are two options, and it depends on the operating system you are trying to install. Preferably we want to keep the benefits of Secure Boot so the best option if it works for your operating system we want to simply change the template to “Microsoft UEFI Certificate Authority” this opens up the Secure Boot option to work with a greater range of appropriately signed boot systems, as against the Microsoft Windows one exclusively. The settings for this are shown below

Click Apply and this is hopefully now work, and you can check this by running the virtual machine.

Upon booting your virtual machine, you will now be presented with the boot menu from the disk, allowing you to continue on your way


If this change in of the CA template for Secure Boot does not work however you may need to disable secure boot entirely.

To achieve this go back to the “Security” menu simply uncheck it as per the image below, click Apply and it should now work.



Have Fun


Written By Justin

4 Comments on “Installing a non-Windows Secure Boot capable EFI Virtual Machine in Hyper-V

  1. Mark Kimson Reply

    October 24, 2017 at 12:42

    Your article says, “As you can see in the first image below”
    yet includes no images above or below?

    • Justin Reply

      November 4, 2017 at 6:27

      Thanks for that, I will get a couple of new Screenshots. I have no idea what happened there

      • ._. Reply

        November 29, 2017 at 5:00

        So are you going to add them? It’s been almost a month.
        This is all I have in the Firmware menu:

        • Justin Reply

          December 2, 2017 at 7:54

          Sorry about that, between being my busiest time at work for clients and being forgetful this had totally fallen off my radar of things to do. I have now corrected it and the images are added

Leave a Reply

You have to agree to the comment policy.

18 − 15 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.