So you have downloaded an operating system installation disk (Ubuntu 16.04.2 used in this instructional) and noticed supports EFI, yet when you try to boot from the ISO message, you are greeted with a message stating that the machine does not detect it as a valid Secure Boot capable disk, as shown below it states that “The image’s hash and certificate are not allowed”
Luckily this is an easy fix, as it is simply secure boot that Ubuntu/Hyper-V are having an argument over the validity of the Secure Boot certificate.
Check out the video I have created showing you how to do this, alternatively keep reading below for instructions and more details
Turning off your VM, open up the settings page and navigate to the “Security” menu (Server 2016). As you can see in the image below, “Secure Boot” is enabled (checked) and the template is set to “Microsoft Windows”. What this effectively does is limit the Secure Boot function to working only with an appropriately signed Microsoft Windows boot system.
To fix this, there are two options, and it depends on the operating system you are trying to install. Preferably we want to keep the benefits of Secure Boot so the best option if it works for your operating system we want to simply change the template to “Microsoft UEFI Certificate Authority” this opens up the Secure Boot option to work with a greater range of appropriately signed boot systems, as against the Microsoft Windows one exclusively. The settings for this are shown below
Click Apply and this is hopefully now work, and you can check this by running the virtual machine.
Upon booting your virtual machine, you will now be presented with the boot menu from the disk, allowing you to continue on your way
If this change in of the CA template for Secure Boot does not work however you may need to disable secure boot entirely.
To achieve this go back to the “Security” menu simply uncheck it as per the image below, click Apply and it should now work.