Windows – Hyper-V VM won’t boot from Cd, error: “unsigned image’s hash is not allowed”

bootable-mediahyper-vwindows 10

I went to install a Debian instance on Windows Hyper-V client in Windows 10. However, when I attempted to start the VM, it would not boot from the cd. Eventually the Hyper-V BIOS gave me a failure to start screen that listed boot devices and their status. The status of the SCSI-DVD device said: "The unsigned image's hash is not allowed (DB)".

Finding information about this error on the internet is proving to be difficult.

Best Answer

This error is a consequence of having Secure Boot enabled on the VM. Secure Boot prevents the system from getting hijacked at boot time by only allowing specifically authorized boot images to load. In Hyper-V client, the list is rather short.

To disable Secure Boot, power off the VM and then open the VM settings. Under Secure Boot, uncheck the box "Enable Secure Boot" and then click "OK". This will allow the VM to boot the "unauthorized" CD image.

As mentioned by Itai Bar-Haim in the comments, and Thee Gamefanatic said in their answer, you can also select a different template depending on the OS image you're attempting to boot. Be aware that these templates are mutually exclusive - this means that you will not be able to boot a Windows OS image if you select the "Microsoft UEFI Certificate Authority" template.

Microsoft has a thorough deep dive into Secure Boot and how it works available on this blog:

Related Question