Before You Begin
Before you start the installation process, consider the following:
- The computer on which you plan to install Veeam Agent for Linux must satisfy system requirements specified in this document. To learn more, see System Requirements.
- To install Veeam Agent for Linux software packages, you must use the root account or any user account that has super user (root) privileges on the computer where you plan to install the product.
- If you have used the Beta version of Veeam Agent for Linux, you must remove Veeam Agent for Linux software packages prior to installing the release version of the product. To learn more, see Uninstalling Veeam Agent for Linux.
Considerations for Installing Veeam Kernel Modules on UEFI Systems with Secure Boot
Consider the following about installing Veeam kernel modules on UEFI systems with Secure Boot:
- [Pre-built kernel modules] To make UEFI systems with Secure Boot work with pre-built Veeam kernel modules, Veeam Agent requires the Veeam public key enrolled to the Machine Owner Key (MOK) list. To learn more, see Enrolling Veeam Kernel Module Key Using MOK Management.
- [DKMS kernel modules] DKMS modules do not have a ueficert package because it is not possible to automatically sign such modules. You must either sign the module yourself and enroll the key to your system or disable Secure Boot.
Enrolling Veeam Kernel Module Key Using MOK Management
The key is available in the ueficert package that resides in the Veeam software repository. Depending on the Linux distribution version, the full name of the package can be veeamsnap-ueficert-6.0.3.1221-1.noarch or blksnap-ueficert-6.0.3.1221-1.noarch.
To enroll the Veeam public key to the MOK list, do the following:
- Install the package that contains the public key for pre-built Veeam kernel module by using the following command:
rpm -i <...>/veeamsnap-ueficert-6.0.3.1221-1.noarch.rpm |
or
rpm -i <...>/blksnap-ueficert-6.0.3.1221-1.noarch.rpm |
TIP |
After the package is installed, you can verify that the key enrollment is planned for the next reboot using the following command: mokutil -N. If the command output shows that the key enrollment is not planned, request the enrollment of the public key manually with the following command: mokutil --import veeamsnap-ueficert.crt. |
- Reboot the computer to enroll the Veeam public key into the UEFI database.
- During reboot, when prompted, press any key to perform MOK management.
IMPORTANT |
The prompt will time out in 10 seconds. If you don't press any key, the system will continue booting without enrolling the key. If you don't enroll the key at reboot, you will have to reconfigure the key by reinstalling the ueficert package and reboot again. |
- At the first step of the wizard, select Enroll MOK and press [Enter].
- At the Enroll MOK step, select Continue and press [Enter].
- At the Enroll the key(s) step, select Yes and press [Enter].
- Provide the password for the root account and press [Enter].
- At the final step, select Reboot and press [Enter].
- After the system reboots, verify that the key is successfully enrolled with the following command: mokutil -l.
By default, the key is stored in the /etc/uefi/certs directory.