Skip to navigation

Warning message

log in to add comments or rate this document

How do I install and test RHEL 7 Beta with UEFI Secure Boot technology?

Updated 2014-03-01T01:58:42+00:00

Issue

  • How do I install RHEL 7 Beta on a system using UEFI Secure Boot?

Environment

  • Red Hat Enterprise Linux 7 Beta
  • Hardware with UEFI Secure Boot technology

Resolution

Steps to install Red Hat Enterprise Linux 7 Beta with UEFI Secure Boot:

  1. Put the machine in setup mode. Consult system documentation provided by the hardware vendor for assistance with this step.
  2. Reboot the machine from Red Hat Enterprise Linux 7 Beta installation media.
  3. Select the entry on the installation media labeled "Red Hat Enterprise Linux 7 Secure Boot Lockdown."
  4. Once the lockdown process is complete, reboot the system. Completion of the lockdown process may vary by hardware vendor. Consult system documentation provided by the hardware vendor for assistance with this step.
  5. Verify in your firmware that keys are enrolled and it is in enforcing mode. Consult system documentation provided by the hardware vendor for assistance with this step.
  6. Reboot from Red Hat Enterprise Linux 7 Beta installation media again.
  7. Perform the installation. When finished, remove the installation media and reboot the system.

NOTE: The final release of Red Hat Enterprise Linux 7.0 should not require these steps. This process is only required for Red Hat Enterprise Linux 7.0 Beta because the Beta release has its own specific key. The final release will use a key signed by the standard UEFI vendor certificate authority chain.

NOTE: It is also possible that the systems firmware does not support the shim hash checking. As a further alternative, it is possible to insert the CA cert used to sign the Red Hat Enterprise Linux 7.0 beta shim manually into the firmware. This cert should only be used for testing the beta.