Before You Begin
Before you start the installation process, check the following:
- The computer on which you plan to install Veeam Agent for Linux must satisfy system requirements specified in this document. To learn more, see System Requirements.
- To install Veeam Agent for Linux software packages, you must use the root account or any user account that has super user (root) privileges on the computer where you plan to install the product.
- If you have used the Beta version of Veeam Agent for Linux, you must remove Veeam Agent for Linux software packages prior to installing the release version of the product. To learn more, see Uninstalling Veeam Agent for Linux.
Considerations for Installing Veeam Kernel Modules on UEFI Systems with Secure Boot
Pre-Built Kernel Modules
To make UEFI systems with Secure Boot work with pre-built Veeam kernel modules, Veeam Agent requires the Veeam public key enrolled to the Machine Owner Key (MOK) list. The key is available in the ueficert package that resides in the Veeam software repository. Depending on the Linux distribution version, the full name of the package can be veeamsnap-ueficert-184.108.40.2068-1.noarch or blksnap-ueficert-220.127.116.118-1.noarch.
To enroll the Veeam public key to the MOK list, do the following:
- Install the package that contains the pre-built Veeam kernel module in the standard or offline mode. Veeam Agent will request the key enrollment during the package installation. For more information on package installation, see Installing Veeam Agent for Linux and Installing Veeam Agent for Linux in Offline Mode.
After the package is installed, you can verify that the key enrollment is planned for the next reboot using the following command: mokutil -N. If the command output shows that the key enrollment is not planned, request the enrollment of the public key manually with the following command: mokutil --import veeamsnap-ueficert.crt.
- Reboot the computer to enroll the Veeam public key into the UEFI database.
- During reboot, when prompted, press any key to perform MOK management.
The prompt will time out in 10 seconds. If you don't press any key, the system will continue booting without enrolling the key. If you don't enroll the key at reboot, you will have to reconfigure the key by reinstalling the package with Veeam kernel module and reboot again.
- Provide the password for the root account.
- After the system boots, verify that the key is successfully enrolled with the following command: mokutil -l. By default, the key is stored in the /etc/uefi/certs directory.
DKMS Kernel Modules
DKMS modules do not have a ueficert package because it is not possible to automatically sign such modules. You must either sign the module yourself and enroll the key to your system or disable Secure Boot.