Linux Secure Boot for Server & Workload Protection

Views:

Prepare your Linux endpoints to allow the Trend Vision One Endpoint Security agent to run within the UEFI Secure Boot environment.

Some versions of Server & Workload Protection for Linux are compatible with Unified Extensible Firmware Interface (UEFI) Secure Boot. When Secure Boot is enabled, the Linux kernel checks the PKI signature of each kernel module before loading. The kernel does not load unsigned kernel modules, nor modules with invalid signatures. These agent features install the following kernel modules:

Anti-Malware
Web Reputation
Firewall
Integrity Monitoring
Intrusion Prevention
Application Control

To use these features with Secure Boot, you must enroll the public keys from Trend Micro in the endpoint firmware so the operating system can validate the kernel module signatures. Review the following topics to download the public keys and register them with your Linux endpoints:

Linux Secure Boot support for Server & Workload Protection
Download the Trend Micro public keys
Update the Trend Micro public keys
Enroll a Secure Boot key for AWS
Enroll a Secure Boot key for Google Cloud
Enroll a Secure Boot key for VMware vSphere or physical computers
Enroll a Secure Boot key for Oracle Linux
Enroll a Secure Boot key for Azure