Efi Firmware for USB-device
Brought to you by:
drummerdp
Menu
▾
▴
The UEfi on my machine (Trekstor Wintron 10.1, Windows 8.1x32Bit) has been so manipulated by its manufacturer, that the machine is able to boot from a USB-drive with Microsoft Efi-signatures only, e.g. Windows Recovery or Install Medium (it´s the newest trend). So, my machine is not able to boot any Live PenDrive Linux. As grub2win can ignore the build in Microsoft UEfi and boot from USC device, I should be glad if anybody could tell me, from where could I load the suitable Efi Firmware. Many thanks in advance - robur 72
Hi Robert,
I looked up the manufacturers documentation for the Trekstor Wintron and didn't see anything about EFI secure boot.
When you run Grub2Win, the initial configruation screens shows whether secure boot is enabled.
Is it enabled?
Is there an option in the firmware setup to disable secure boot? If so, I would disable secure boot and try to boot from your PenDrive.
The option for secure boot is often buried in the firmware configruation or called by other names such as "Legacy Mode" or "Other Operating System", so you may have to dig around to find it.
Please let me know how you make out.
Thanks,
Dave
Hi Robert.
I'm surprised your 32-bit machine has UEFI capabilities.
For your Live Pendrive Linux situation when booting your machine try pressing F12 and see if a boot menu comes up allowing you to select different boot devices. My Dell has that option.
If your Live Pendrive Linux has an EFI folder you could try adding grub2 to it and add a grub2 menu that supports different boot modes. I did that with my Live Porteus USB drive. I added Ubuntu's grub2 to it, which supports Secure Boot, using this little bash script.
And this is the grub2 grub.cfg file I use.
if loadfont /boot/grub/font.pf2 ; then # set gfxmode=auto set gfxmode=800x600,auto insmod efi_gop insmod efi_uga insmod gfxterm terminal_output gfxterm fi set menu_color_normal=white/black set menu_color_highlight=black/light-gray set timeout=60 set gfxpayload=1024x768 menuentry " 1. Porteus 4.0 - UEFI Secure Boot" { set porteus_parms="volume=33 reboot=cold extramod=/Modules;/Modsavedat noload=save.dat;cinnamon" set bootdrv=$root search -f /boot/syslinux/vmlinuz if [ $? == 0 ]; then linux /boot/syslinux/vmlinuz $porteus_parms initrd /boot/syslinux/initrd.xz else echo "----------------------------------------" echo Porteus drive NOT found. echo sleep -v -i 10 fi set root=$bootdrv } menuentry " 2. Porteus 4.0 menu - UEFI system" { set bootmgr=/EFI/Porteusboot/bootx64.efi set bootdrv=$root search -f $bootmgr if [ $? == 0 ]; then chainloader $bootmgr else echo "----------------------------------------" echo Porteus drive NOT found. echo sleep -v -i 10 fi set root=$bootdrv } menuentry " 3. Porteus 4.0 menu - BIOS system" { set bootmgr=/boot/syslinux/chain.c32 set bootdrv=$root search -f $bootmgr if [ $? == 0 ]; then chainloader +1 else echo "----------------------------------------" echo Porteus drive NOT found. echo sleep -v -i 10 fi set root=$bootdrv } menuentry " " { echo } menuentry " 4. Reboot" { reboot }Obviously all Porteus references will need to be changed to fit your Live system.
Hope this helps.
Ed
Last edit: Ed P 2018-10-18
@EdP Trekstor Wintron 10.1 has only this manipulated UEfi
My PenDrive works with Mint 18.3 this time and is totally ignored by UEFi from Wintron. When I try to force UEFi to boot my PenDrive direct from UEFi menu, a massage " boot from USB-drive is not supported by this system" occurs. Furthermore, it is impossible to change anything in settings of this UEFi. But a USB-drive with Microsoft-EFi is recognised and accepted at once.
As I have tried to start my PenDrive with EFi changed to Microsoft EFi, The Pendrive was firstly recognised, but than a massage" there are no Microsofr data" has been displayed and the machine has crashed.
@All
Many thanks for your Answers.
Sory, but UEFi from my Trekstor ist to 100% so manipulated, as I have written and is not important what grub2win reports or not. I have cleared this case with Trekstor technical support allready one year ago and they said, it´s a well known feature of Trekstor-Type (this machine is sold also under different names by onother "manufacturers" as Lenovo, Asus and some others) and they have no possibillity to change it. By the way, a lot of newest notebooks and Win-tablets from another manufacrurers meet the same problem. It seems to be an agreement between Microsoft and some Manufacturers, selling their notbooks with integrated Windows. and MS-Office. My friend has bought a similar or identical Lenovo Tablet/Notebook which shows the same feature. A comparision between this machine and another working machines is not plausible on this place.
It seems that the only way to use a USB LinuxLive PenDrive on these machines is to dupe the own UEfi of the machine and to boot PenDrive via an another booitmanager. If grub2Win is able to do it,
it would be a correct solution.
Regards - robur
Last edit: Robert Glenervan 2018-10-19
Last edit: Ed P 2018-10-19
Hi Robert,
Grub2Win cannot boot in an EFI system with secure boot enabled. This requires a boot module specially signed by Microsoft. There is no possible way for me to get that signature on the Grub2Win boot module.
Dave
Robert, please create a Live Ubuntu USB drive and try to boot it on your system. Ubuntu supports UEFI's Secure Boot and it will verify that you have booting options with your system.
@Drummer
Thank you, Dave. I see that you know this problem with boot modules specially signed by Microsoft.
Does it mean that EFi ftom grub2win does not replace the own, signed by Microsoft EFi from the machine, as I thought, but works "through" this EFi only ?
@EdP
Thank you for your proposal. I shall try it.
Regards - robur
Last edit: Robert Glenervan 2018-10-19
Hi again Robert,
Here's how it works:
There is a specially formatted partition on your machine. It is set up with the FAT filesystem (any of the various FAT formats) and a GUID partition type of "C12A7328-F81F-11D2-BA4B-00A0C93EC93B".
Your EFI firmware locates the EFI partition and searches for modules with a suffix of .efi
These are the EFI boot modules that the firmware can load.
Windows, Ubuntu, Grub2Win and many other products can install .efi modules into your EFI directory.
The modules Microsoft installs are called bootmgr.efi and bootmgfw.efi.
Grub2Win installs gnugrub.kernel64.efi and gnugrub.kernel32.efi for use in 64 and 32 bit systems respectively. I generate these modules so they are not signed by Microsoft.
Your EFI firmware loads only a single one of these modules at boot time. The module loaded depends on several factors, but if "Secure Boot" is enabled, only .efi modules signed by Microsoft are allowed. This is because Microsoft persuaded PC manufacturers to design their EFI firmware to enforce these signature restrictions.
So your EFI firmware will only allow the Grub2Win .efi module to be loaded if "Secure Boot" is disabled.
Hope this clarifies things.
Dave
Last edit: Drummer 2018-10-19
Hi Dave,
I think you should have noted that the gnugrub.kernel64.efi and gnugrub.kernel32.efi modules that Grub2Win installs on EFI systems are not signed by Microsoft and that is why they do not work if Secure Boot is enabled.
If I recall Grub2Win will not even install on systems with Secure Boot enabled.
What's involved in creating a Microsoft signed .efi module?
Ed
Hey Ed,
I edited my previous post to clarify that the Grub2Win EFI boot modules are not signed by Microsoft.
Grub2Win will not install if "Secure Boot" is enabled.
What's involved in creating a Microsoft signed .efi module?
I can only guess, but I suspect it involves CIA intervention and several suitcases full of gold bars.
Dave
Last edit: Drummer 2018-10-19
https://drive.google.com/file/d/0B1Uj3OaWQnlLNHdZQ1NsY2t1LXM/view?usp=sharing
Last edit: Ed P 2018-10-20
Wow! SourgeForge sure doesn't like emoticons.