EFI Blocked !!!!!!! Latest Laptop UEFI 64+SECURE BOOT ON Blocked message. I have a solution for this.

[haseakash]

I created E2B+agfm+VENTOY disk

however it works with secure boot on machines/laptops under year 2019. without any issue or without enrolling key.

But latest version lenovo/hp/dell gaming laptops are having new security.

so im getting EFI blocked error on it. i tested 10 different gaming laptops.

However im finding solution for this.

i found a new solution here https://www.ittoolspack.com/p/hybrid-tech.html

Edi made a pure uefi that can boot any latest laptops/pc without doing anything.

i learned that how he did.

so in my guess..

He boots Original Bootx64.efi without patching. and he created custom bcd to boot another WINPE .

means , He boot via original bootx64.efi (Microsoft official) to WINDOWS BOOT MANAGER Then he adds other WINPE Images to their using BCDEDIT.

So, I having question, Can we boot to Bootx64.efi>windows boot manager loader>grub.cfg? or Bootx64.efi>windows boot manager loader>ventoy64.efi? or Bootx64.efi>windows boot manager loader>ventoy?

we can skip windows boot manager setting timeout 0 and unmarking windows metro loader option in bootic bcd menu.

Anybody help me ?

i want to boot official bootx64.efi to ventoyx64.efi

mail me on

haseakash2008@gmail.com

thanks

[ventoy]

When secure boot is enabled: As I known windows boot manager loader will NEVER run another .efi file which has no valid signature. That is to say windows boot manager loader can ONLY boot Windows.

[haseakash]

Agree that.

Can it is possible to make small ventoy WINPE boot to install windows after loading WINPE??

Please find solution for 100% pure secureboot. latest laptops are blocking it. i dont want to disable it every time on different laptops.

Only ITPS Tool pack can do that.

But they are using it loading windows boot manager to WINPE.

My problem is that i created multiple separate windows iso. i want to make it all in one separate user choice with separate boot files. ventoy can do that but, SECURE BOOT is major problem. i dont want to enroll key . also i was tried E2B+AGFM+Ventoy. It works with secure boot ON. but latest laptops newer than 2019 Year says EFI Security Blocked !! error.

So im searching solution for this problem.. from two months. Anyone can make PURE UEFI Bootx64.efi??? that support Grub2?

Also 1 more thing i want to tell ventoy.

your project is amazing

Some user reported ventoy 1.33 having problem Lenovo Ideapad 330-15ISK , Some samsung laptops.

Please find these models and search solution for their problem. Already they mentioned model numbers in ISSUES.

Thanks.

DO SOMETHING FOR SECURE BOOT.

NOTHING IS IMMPOSSIBLE !!!!!!!!!!!!!!!!!!!!

[ventoy]

When secure boot in enabled. All the .efi files must be signed with a valid key which accepted by the BIOS or it will not be loaded. But all the BIOS only accepted Microsoft's key by default, unless you enroll third-part key. Windows's boot manager can not be used to load Ventoy, it can only boot windows.

So the only way is to pay money to Microsoft to get a signed shim loader. Even so, there is no guarantee that Microsoft will agree to sign your program. They have a very strict code review mechanism.

[ventoy]

135

[ValdikSS]

What kind of error do you get? Provide a screen photo or anything.

[haseakash]

Error is " EFI UEB Device Blocked by the current security policy" "Selected boot device is not authenticate"

means same as Motherboard blocking unsigned loader while secure boot ON.

Also, i don't want to enroll key manually. im daily format different laptops. i want to load grub2 loader without enrolling key manually.

I also tested your Super-UEFIinSecureBoot-Disk Project. it also blocking security.

I DONT WANT TO ENROLL KEY MANUALLY.

So can u find solution in whole galaxy system??? xd :P
even i think thanos can do that ! :p

Please find solution. You are the best programmers. I need PURE UEFI Solution.

[ValdikSS]

Well, does Ubuntu or Fedora linux ISO start? If it does not, then there's nothing can be done: UEFI has only Microsoft key in db, you'll have to enroll the key or disable Secure Boot. If the ISO files do boot, then we'll see what could be done.

[ventoy]

This is an old issue. I will close it now.