+1
Redhat 8 VM server on VMWare VCenter 7 with UEFI secure boot enabled
Hi everybody :) !
I would like to do the enrollment as described here:
but to do that I first need to do the import in the OS (RHEL 8 in this case):
mokutil --import “commvaults secure boot key”
I searched for the commvault keys but couldn’t find them.
Any hint , download location, would be great!
Thank you in advance whoever knows how to help me here,
brgds
stefan
Best answer by Damian Andre
View original
+23
Hi
I found this internally - the keys get installed in the UEFI automatically upon installation if it detects secure boot is enabled
1) A supported Linux OS for CV needs to be installed.
- Making sure the UEFI Secure Boot option is enabled on the Linux computer's UEFI boot options.
2) CV with the Media Agent and Virtual Server software needs to be installed.
- At which point the CV install automatically recognizes the Secure Boot option is enabled and registers the CV Keys with the UEFI MOK.
3) To complete the process in the UEFI MOK, please reboot the Linux OS and a prompt during post will ask you to enter the Shim UEFI key management console.
- Note: if the automatic prompt is not followed quick enough, the PC will boot into the installed OS normally.
Next step is to follow the instructions in the documentation
+1
Hi
thank you very much, this point of installation
I haven’t read anywhere. : I just istalled
Before creating the ISO , I would advise to set an easy to type root password here!
So now the enrolling of the MOKey when starting with the newly created ISO image worked.
BUT: my goal was also to do a full restore with this ISO, but it didn’t boot…
So what am I still missing?
pressing enter doesn’t continue the ISO booting…
Any ideas?
brgds
stefan
+1
Additional info: I could boot RHEL 8.7 ISO image and RHEL 9.1 ISO with the above shown way via selecting “EFI VMWare Virtual SATA CDROM Drive (0.0)” successfully…
...I created the Commvault boot ISO again after MOK activation , but this ISO image doesn’t want to boot…
Maybe I missed some point for creating a secure boot ISO?:
cd /opt/commvault/commvault/iDataAgent/systemrecovery/
./create_1tchbootcd.sh -m 1 -s CVclient -c bupserver -u restoreaccount -n DVD4_R11_B80_SP28.iso -o ‘pwd’...I am sure, that I ‘m close but something is still missing…
brgds
stefan
+1
Hi again,
I followed the instructions here:
https://documentation.commvault.com/2022e/expert/54016_1_touch_for_linux_single_stage_dvd.html
...can it be, that there is no support for UEFI secure boot ?
brgds
stefan
+23
Hey
From your original post it was not clear that the goal was to use 1-touch.
You are right that 1-touch restore while secure boot on UEFI is enabled is not supported
+1
Thank you for your answers! 👍
This was now also confirmed by official commvault support...:
“There is currently no solution for UEFI secure boot and 1touch recovery:
Not Single Stage and also no 2 stage - DVD … this uses BIOS legacy boot...”
I asked them to find a solution here, because security is nowadays a growing factor which must be taken into account,
So thank you Damian for your time and answers and all others who maybe thought also about my question or about a solution here!
brgds stefan 🖖
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.