search

ventoy / Ventoy

A new bootable USB solution.
https://www.ventoy.net
GNU General Public License v3.0
63.22k stars 4.11k forks source link

[issue]: Unable to delete Ventoy secure boot key #2348

Open LeonXu260 opened 1 year ago

LeonXu260 commented 1 year ago

Official FAQ

Ventoy Version

1.0.91, 1.0.81

What about latest release

Yes. I have tried the latest release, but the bug still exist.

Try alternative boot mode

Yes. I have tried them, but the bug still exist.

BIOS Mode

UEFI Mode

Partition Style

MBR

Disk Capacity

32GB

Disk Manufacturer

SanDisk

Image file checksum (if applicable)

None

Image file download link (if applicable)

https://github.com/ventoy/Ventoy/releases/tag/v1.0.91

What happened?

When I tried to reinstall other OS with other bootkey (Rufus) on my HP Elitebook laptop, when I plugged in the new key and boot into the key, it said "Security Violation", so I did re-insert the Ventoy bootkey to Enroll Key into the BIOS. However, when I tried to remove the secure boot key found in this documentation How to delete Ventoy secure boot key, it said that secure boot is not turned on when run the ventoy-delete-key.iso file, I did went ahead and check in my BIOS settings and make sure that the secure boot is check and it is. Now I wanted to remove the enrolled keys, so it won't prevent me from using other bootkeys to install other operating system. I even tried to downgrade from v.1.0.91 to v.1.0.89, did not work either. Any suggestion for the next step?

dbugdan commented 1 year ago

I had the same issue and this solution from @Choum28 worked for me!

Boot with Super UEFIinSecureBoot Disk (https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk) Select efi tool Select keytool.efi Edit keys Select The mahcine owner key list (MokList) Go to mok Key you want to remove Select delete. reboot.

You can actually copy the img file to the Ventoy USB and it'll still work. 😀

(img file is inside the "Super-UEFIinSecureBoot-Disk_v3-4.zip" file in the releases page).

LeonXu260 commented 1 year ago

I've tried the steps you mentioned earlier today, after I remove the key, I still receive the same Blue Screen said that I need to re-enroll my MOK when trying to boot to a different boot key.

dbugdan commented 1 year ago

Hm, that's odd. Ventoy never prevented me from booting from a different USB. I can still boot from a separate Rufus USB regardless of Ventoy's key being enrolled or not.

What OS are you trying to boot from the Rufus USB? And did you try turning off secure boot?

LeonXu260 commented 1 year ago

Hm, that's odd. Ventoy never prevented me from booting from a different USB. I can still boot from a separate Rufus USB regardless of Ventoy's key being enrolled or not.

What OS are you trying to boot from the Rufus USB? And did you try turning off secure boot?

Hi, I am trying to boot Ubuntu 20 or Ubuntu 22 with Rufus. I believe it only shows that screen when I tried to boot into Ubuntu, I've tried it on Windows, it has not show me that screen. I have not yet tried to turned off Secure Boot since Ubuntu requires them to use it anyways.

dbugdan commented 1 year ago

I found this: https://askubuntu.com/questions/1456460/verification-failed-0x1a-security-violation-while-installing-ubuntu

And the accepted answer says

Downloading and booting from the 22.04.2 version solved the problem for me.

It could be that you have an earlier version. Maybe the one you have is 22.04.1?

LeonXu260 commented 1 year ago

Could be, I believe that mines is 22.04. Should I try the latest version?

dbugdan commented 1 year ago

Yes, try and see if the latest version works.

LeonXu260 commented 1 year ago

Yes, try and see if the latest version works.

What if I want to stick with the current version? Is there a way to fix that?

dbugdan commented 1 year ago

One of the answers suggested to disable Secure Boot, boot the 22.04 ISO, install, update, and then enable Secure Boot again.

But I think the easiest solution is to simply copy the ISO onto the Ventoy USB and boot from it so that it bypasses Ubuntu's own keys (you'll have to enroll the Ventoy key again).

I've been wondering, is there a reason you're using a separate USB for Ubuntu rather than just copying the ISO onto the Ventoy USB?

LeonXu260 commented 1 year ago

One of the answers suggested to disable Secure Boot, boot the 22.04 ISO, install, update, and then enable Secure Boot again.

But I think the easiest solution is to simply copy the ISO onto the Ventoy USB and boot from it so that it bypasses Ubuntu's own keys (you'll have to enroll the Ventoy key again).

I've been wondering, is there a reason you're using a separate USB for Ubuntu rather than just copying the ISO onto the Ventoy USB?

Thanks for letting me know, I'll try that. I just wanted to test out the Linux OS on a different USB. But I'll give that option a try.

SpecLad commented 1 year ago

FWIW, this might be the same issue as ventoy/DeleteVentoySecureBootKey#1.