Linux Secure Boot support

Some versions of Deep Security Agent (DSA) for Linux support Secure Boot. See also Configure Linux Secure Boot for agents.

In DSA 20 LTS, each Linux operating system is associated with corresponding Secure Boot public keys, such as DS2022.der, DS20_V2.der, and so on. These keys have different expiration dates. For more information, see "Update the Trend Micro public key - The public key has expired" in Configure Linux Secure Boot for agents.

See also Deep Security release strategy and life cycle policy.

Deep Security Agent 20 LTS

The following table lists Linux operating systems on which DSA 20 LTS provides support for Secure Boot.

VMware and physical machines are supported on all operating systems included in the table. Azure, AWS, and GCP support is limited to certain operating systems.

Operating System Secure Boot public key Required DSA build Support on Azure VM 1
AlmaLinux 9 (64-bit) DS2022.der 20.0.0-6912 (20 LTS Update 2023-05-02) or later
CentOS 7 (64-bit) DS2022.der 2
CentOS 8 (64-bit) DS2022.der 2
Debian Linux 10 (64-bit) DS2022.der 2
Debian Linux 11 (64-bit) DS2022.der
Debian Linux 12 (64-bit) DS2022.der 20.0.0-8438 (20 LTS Update 2023-12-12) or later
Miracle Linux 9 (64-bit) DS2022.der 20.0.0-8137 (20 LTS Update 2023-10-26) or later for Red Hat Enterprise Linux 9
Oracle Linux 7 (64-bit) DS20_V2.der 20.0.0-3165 (20 LTS Update 2021-10-08) or later
Oracle Linux 8 (64-bit) DS20_V2.der 20.0.0-3288 (20 LTS Update 2021-10-28) or later ✔ 3
Oracle Linux 9 (64-bit) DS2022.der ✔ 3
Red Hat Enterprise Linux 7 (64-bit) DS2022.der 2
Red Hat Enterprise Linux 8 (64-bit) DS2022.der 2
Red Hat Enterprise Linux 9 (64-bit) DS2022.der
Red Hat Enterprise Linux Workstation 7 (64-bit) DS2022.der 2 20.0.0-6912 (20 LTS Update 2023-05-02) or later
Rocky Linux 9 (64-bit) DS2022.der 20.0.0-6313 (20 LTS Update 2023-01-31) or later
SUSE Linux Enterprise Server 12 (64-bit) DS2022.der 2
SUSE Linux Enterprise Server 15 (64-bit) DS2022.der, DS20_V2.der 2
Ubuntu 16.04 (64-bit) DS2022.der 2
Ubuntu 18.04 (64-bit) DS2022.der 2
Ubuntu 20.04 (64-bit) DS2022.der 2
Ubuntu 22.04 (64-bit) DS2022.der 20.0.0-6658 (20 LTS Update 2023-03-22) or later
Ubuntu 24.04 (64-bit) DS2022.der 20.0.1-19250 (20 LTS Update 2024-09-18) or later

Deep Security Agent 12 FR

The following table lists Linux operating systems on which DSA 12 FR provides support for Secure Boot.

VMware and physical machines are supported on all operating systems included in the table, whereas AWS, GCP, and Azure are not supported. See also Secure Boot support.

Operating System
CentOS 7 (64-bit)
CentOS 8 (64-bit)
Debian Linux 10 (64-bit)
Red Hat Enterprise Linux 7 (64-bit)
Red Hat Enterprise Linux 8 (64-bit)
SUSE Linux Enterprise Server 12 (64-bit)
SUSE Linux Enterprise Server 15 (64-bit)
Ubuntu 16.04 (64-bit)
Ubuntu 18.04 (64-bit)

Note that the information about the public keys and required DSA build is not applicable to this DSA release.

Deep Security Agent 12 LTS

The following table lists Linux operating systems on which DSA 12 LTS provides support for Secure Boot.

VMware and physical machines are supported on all operating systems included in the table, whereas AWS, GCP, and Azure are not supported. See also Secure Boot support.

Operating System Secure Boot public key
CentOS 7 (64-bit) DS12.der
Red Hat Enterprise Linux 7 (64-bit) DS12.der

Note that the information about the required DSA build is not applicable.

Deep Security Agent 11 LTS

The following table lists Linux operating systems on which DSA 11 LTS provides support for Secure Boot.

VMware and physical machines are supported on all operating systems included in the table, whereas AWS, GCP, and Azure are not supported. See also Secure Boot support.

Operating System Secure Boot public key
CentOS 7 (64-bit) DS11_2022.der
Red Hat Enterprise Linux 7 (64-bit) DS11_2022.der

Note that the information about the required DSA build is not applicable.


Footnotes:

1

For details, see Trusted Launch for Azure virtual machines - Operating systems supported

2

DS20.der expired on November 26, 2024. It has been replaced with DS2022.der.

3

Support for Red Hat Compatible Kernel (RHCK) only. There is no support for Unbreakable Enterprise Kernel (UEK).