Hyper-V VM won't boot from Cd, error: "unsigned image's hash is not allowed"

This error is a consequence of having Secure Boot enabled on the VM. Secure Boot prevents the system from getting hijacked at boot time by only allowing specifically authorized boot images to load. In Hyper-V client, the list is rather short.

To disable Secure Boot, power off the VM and then open the VM settings. Under Secure Boot, uncheck the box "Enable Secure Boot" and then click "OK". This will allow the VM to boot the "unauthorized" CD image.

Update:
As mentioned by Itai Bar-Haim in the comments, and Thee Gamefanatic said in their answer, you can also select a different template depending on the OS image you're attempting to boot. Be aware that these templates are mutually exclusive - this means that you will not be able to boot a Windows OS image if you select the "Microsoft UEFI Certificate Authority" template.

Microsoft has a thorough deep dive into Secure Boot and how it works available on this blog: https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/

Disable Secure Boot option in the VM Settings:

This feature is enabled by default on Gen2 VMs and requires your ISO image boot loader to be signed by Microsoft Authenticode certificate. Any custom images with modified boot loader will fail to boot. There is also "Microsoft UEFI Certificate Authority" template for Linux images.

Rather than disabling Secure Boot completely, if you are installing an OS supported by Microsoft, you can set it to "Microsoft UEFI Certificate Authority".

Here is the list of Microsoft-supported Linux and BSD OSes. For example, all Ubuntu LTS versions since 14.04 LTS are supported, as well as the current non-LTS version.

Power down the VM, open Settings, then under Security choose the Microsoft UEFI Certificate Authority template.