[LINUX] Cannot install if Secure Boot is enabled on RHEL8.2 Beta

The content of the trouble is as the title

Status

I encountered a problem trying to install RHEL8.2 Beta, which came out on January 22, 2020

8.2 Release Notes Red Hat Enterprise Linux 8-beta | Red Hat Customer Portal

When I start the installer and execute it, the following error is displayed and it does not proceed

environment

• ESXi: 6.7.0 U2 --Virtual machine settings --Boot mode: EFI --Secure Boot: ** Enabled **
• RHEL8.2 Beta
• ISO: rhel-8.2-beta-1-x86_64-dvd.iso

After that, I confirmed that the same problem occurred with RHEL8.0 Beta. A pattern of problems that have been known for some time.

Cause

Beta release of RHEL8 requires adding a public key for UEFI secure boot

[Chapter 7 Booting Beta Systems Using UEFI Secure Boot Red Hat Enterprise Linux 8 | Red Hat Customer Portal](https://access.redhat.com/documentation/ja-jp/red_hat_enterprise_linux/8/html/performing_a_standard_rhel_installation/ booting-a-beta-system-with-uefi-secure-boot_installing-rhel)

UEFI Secure Boot requires the operating system kernel to be signed with a recognized private key. For the beta release of Red Hat Enterprise Linux 8, the kernel is signed with a Red Hat beta-specific private key. UEFI Secure Boot uses the corresponding public key to verify the signature.

The beta release of Red Hat Enterprise Linux 8 cannot be launched unless the hardware recognizes the beta private key. To use UEFI Secure Boot in a beta release, use the Machine Owner Key (MOK) feature to add the Red Hat Beta Public Key to your system.

Coping

Install with Secure Boot disabled.

[7.2. Adding Custom Public Key for UEFI Secure Boot Red Hat Enterprise Linux 8 | Red Hat Customer Portal](https://access.redhat.com/documentation/ja-jp/red_hat_enterprise_linux/8/html/performing_a_standard_rhel_installation/adding -a-custom-private-key-for-uefi-secure-boot_booting-a-beta-system-with-uefi-secure-boot)

Prerequisites

--Disable UEFI Secure Boot on your system. --Install the beta version of Red Hat Enterprise Linux 8 release. The system will reboot when the installation process is complete. Secure boot should still be disabled. Reboot the system, log in, and complete the task in the initial setup window, if applicable.

After installation, if you want to enable secure boot that you have disabled, you need to add the public key for secure boot by following the steps in the link above.

Summary

I found that if I want to install RHEL8.2 in an environment where Secure Boot is enabled, I need to disable it and install it. I had installed RHEL8.0 Beta before, but at that time I may have dealt with it without thinking too much, so I tried to organize the contents again this time. Since it is a beta release, you can leave it disabled if you do not need to operate it for a long time, but it is desirable to enable it if you want to test for security.

Reference link

• Installation of RHEL8 on UEFI system with Secure Boot enabled fails with error 'invalid signature' on vmlinuz. - Red Hat Customer Portal Although it is not written as a beta release, the error content is almost the same

-[5.9. Using Beta Release with UEFI Secure Boot Red Hat Enterprise Linux 7 | Red Hat Customer Portal](https://access.redhat.com/documentation/ja-jp/red_hat_enterprise_linux/7/html/installation_guide/sect- installation-planning-beta-secure-boot) Similar content is described in the document from the RHEL7 beta release that supports secure boot

-[25.11. Unified Extensible Firmware Interface (UEFI) Secure Boot Red Hat Enterprise Linux 7 | Red Hat Customer Portal](https://access.redhat.com/documentation/ja-jp/red_hat_enterprise_linux/7/html/system_administrators_guide/sec -uefi_secure_boot) Explanation of secure boot (RHEL7)

--UEFI Secure Boot Constraints --Red Hat Customer Portal Knowledge Base on Secure Boot (RHEL7)