I went to install a Debian instance on Windows Hyper-V client in Windows 10. However, when I attempted to start the VM, it would not boot from the cd. Eventually the Hyper-V BIOS gave me a failure to start screen that listed boot devices and their status. The status of the SCSI-DVD device said: "The unsigned image's hash is not allowed (DB)".
Finding information about this error on the internet is proving to be difficult.
This error is a consequence of having Secure Boot enabled on the VM. Secure Boot prevents the system from getting hijacked at boot time by only allowing specifically authorized boot images to load. In Hyper-V client, the list is rather short.
To disable Secure Boot, power off the VM and then open the VM settings. Under Secure Boot, uncheck the box "Enable Secure Boot" and then click "OK". This will allow the VM to boot the "unauthorized" CD image.
Update:
As mentioned by Itai Bar-Haim in the comments, and Thee Gamefanatic said in their answer, you can also select a different template depending on the OS image you're attempting to boot. Be aware that these templates are mutually exclusive - this means that you will not be able to boot a Windows OS image if you select the "Microsoft UEFI Certificate Authority" template.
Microsoft has a thorough deep dive into Secure Boot and how it works available on this blog: https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/
Disable Secure Boot option in the VM Settings:
This feature is enabled by default on Gen2 VMs and requires your ISO image boot loader to be signed by Microsoft Authenticode certificate. Any custom images with modified boot loader will fail to boot. There is also "Microsoft UEFI Certificate Authority" template for Linux images.
Rather than disabling Secure Boot completely, if you are installing an OS supported by Microsoft, you can set it to "Microsoft UEFI Certificate Authority".
Here is the list of Microsoft-supported Linux and BSD OSes. For example, all Ubuntu LTS versions since 14.04 LTS are supported, as well as the current non-LTS version.
Power down the VM, open Settings, then under Security choose the Microsoft UEFI Certificate Authority template.
I was looking into this issue and came upon this thread. I found that changing the option to utilize the "Microsoft UEFI Certificate Authority" resolved my problem using Ubuntu Server 17.x.
Set-VMFirmware -VM $VM -FirstBootDevice $(Get-VMDvdDrive -VM $VM) -EnableSecureBoot On -SecureBootTemplate MicrosoftUEFICertificateAuthority
This happened to me too while trying to install Windows server 2008 R2 on windows 10 hyper-v. It also said DHCP failed and no bootable OS was found. Unchecking the Secure boot option didn't resolve the issue. However, creating a new Gen 1 VM did.
