generation 2 virtual machine removes these emulated components to offer a simpler,
streamlined virtual machine that also enables the latest operating system features by
switching from BIOS to a Unified Extensible Firmware Interface (UEFI) such as
Secure Boot (enabled by default). Secure Boot ensures a secure handoff from the
UEFI to the operating system without any other party, such as malware, injecting
itself between the hardware and the operating system. In Windows Server 2012 R2,
Secure Boot worked for Windows guest operating systems, while in Windows Server
2016, this support extends to Linux guest operating systems as well.
Generation 2 virtual machines can boot from SCSI controller–connected hard disks
and DVD drives and also from the synthetic network adapter to enable PXE boot
scenarios. There is no IDE controller, floppy drive, or legacy network adapter option
for a generation 2 virtual machine.
No COM ports are available via the Hyper-V Manager graphical interface, either. If a
COM port is required in a generation 2 virtual machine for remote kernel debugging,
one can be added using the Set-VMComPort PowerShell cmdlet. However, better
options exist for virtual machines than using a serial port, such as using synthetic
debugging. If the COM port has no named pipe associated at boot time, the COM port
will not be visible in the virtual machine. Remember also that kernel debugging is not
compatible with Secure Boot, so if you need to perform kernel debugging (and many
of us won’t!), then turn off Secure Boot by using Set-VMFirmware -EnableSecureBoot
Off.
In Figure 2.6, you see a generation 1 virtual machine next to a generation 2 virtual
machine showing Device Manager and also the BIOS mode and version. Notice the
large amount of hardware that is not present in a generation 2 virtual machine,
because this hardware is not required for an operating system that is natively
virtualization enlightened.