HP EFI struggles on Dual Boot veracrypted Windows, Linux
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
First of all, I know a lot has been said on HP UEFI firmware already, but I could not find the answer anywhere on the internet, so I am asking it anyway.
Currently I set up a dual boot Windows/Linux notebook. My foremost problem is that I cannot get GRUB, the bootloader, to Chainload the VeraCrypt loader into windows. Funny enough, the HP firmware cannot load veracrypt itself via either boot-os-manager entry/custom entry/veracrypt entry. The only way to load windows is to use the option 'Load from EFI-File'.
I have tried the following:
Boot notebook - ESC - F9 Boot Device Options - 'Load from EFI file' - EFI/Veracrypt/DcsBoot.efi This works, yet is very cumbersome as I have to watch my notebook, press ESC, navigate etc. It load the VC PBA, ask for passphrase, and boots windows.
Boot - ESC - F9 Boot Device Options - VeracryptDcs This gives a full black screen.
Boot - Grub - Windows entry This also gives a full black screen.
Boot - ESC - F9 Boot Device Options - 'Load from EFI file' - /EFI/Boot/bootx64.efi This works, as long as the Veracrypt directory exists as default. However, I have to navigate again.
Boot - ESC - F9 Boot Device Options - OS Boot manager Gives a black screen again. By HP UEFI defaults, OS Boot manager should point to /EFI/Boot/bootx64.efi. If I replace this .efi by the grub.efi, OS Boot manager loads grub. In other words, loading bootx64.efi manually works and results in Veracrypt PBA, but via OS does not.
Boot - ESC - F9 Boot Device Options - Custom Boot Gives a black screen. By HP UEFI settings, I set custom boot to /EFI/Veracrypt/Dcsboot.efi. Setting it to grub.efi works fine and loads grub. For Veracrypt I only get a black screen however.
Some details:
Model
HP Elitebook 8570w with BIOS Version/Date Hewlett-Packard 68IAV Ver. F.40, 1/31/2013
Bios mode; UEFI (with/without CSM does not make a difference)
Secureboot: Off
Fastboot: Off
Partitions
GPT-UEFI system with
sda1: Recovery NTFS
sda2: EFI partitions VFAT, contains grub, uuid B63A-C0C0
sda3 Microsoft reserved
sda4: Windows, encrypted by Veracrypt
sda5: Linux, encrypted by DM-crypt (Is not really involved in the story)
Grub Entry:
if [ "${grub_platform}" == "efi" ]; then
menuentry "Microsoft Windows 10 UEFI-GPT" {
insmod part_gpt
insmod ntfs
insmod fat
insmod chain
insmod search_fs_uuid
search --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 B63A-C0C0
chainloader /EFI/Boot/bootx64.efi
}
fi
Pointed to EFI/Boot/bootx64.efi before encrypting loaded windows perfectly. Pointing to EFI/Microsoft/Boot/bootmgfw.efi also loaded windows perfectly.
So to conclude; loading the veracrypt dcsboot.efi works if I do so manually, but not via Grub or the HP loader itself. Should I load additional modules in Grub? Is there a way of reconfiguring the VeraCrypt loader so that it can be chainloaded? I tried renaming various .efi's and see what happens, yet didn't manage to solve the problem yet.
Anybody any idea how to get either the HP loader, or Grub, to load veracrypt automatically?
look at it:
https://sourceforge.net/p/veracrypt/discussion/technical/thread/5b859040/#34c2/a892
I have added the line:
<config key="ActionSuccess">postexec file(EFI\Microsoft\Boot\bootmgfw.efi)</config>
In my case, the HP UEFI spec does not load EFI\Microsoft\Boot\bootmgfw.efi, but it boots \EFI\Boot\bootx64.efi by default.
Running this bootx64.efi manually, i.e. F9-Load from EFI file-navigating and selecting it, boots the PBA and eventually windows very well. However, booting bootx64.efi by pressing F9-OS boot loader, F9-VeracryptDcs or using Grub results in a black screen both with and without the config key. Hence, I cannot automatically boot into windows without navigating through the filetree every time
I do not get a password promt at this black screen. Replacing this default bootx64.efi by the veracrypt DCSboot.efi does not help.
Thanks for the suggestion though, any other ideas would be very welcome
Edit: replacing bootmgfw with dcsboot and postexec into bootmgfw_ms.efi does not solve the problem either. In all cases, I do not get automatic repair, only a black screen. It seems that the PBA cannot be loaded.
Last edit: Bram 2017-11-25
does file "EFI\VeraCrypt\PlatformInfo" exist? if not - try to create empty.
Yes it does, EFI\VeraCrypt contents are:
DcsInt.dcs
DcsCfg.dcs
LegacySpeaker.dcs
DcsBml.dcs
DcsInfo.dcs
Dcsboot.efi
DcsProp
PlatformInfo
It is readable as well and contains various properties of EFI, System, Bios, and such
Last edit: Bram 2017-11-25
Strange. try to investigate EFI boot menu via efibootmgr in Linux or via BOOTICE tool in Windows
Thanks that was a nice suggestion. It still does not work, but it gave some nice insights:
First time running efibootmgr gave no bootorder found, trying to recover on reboot.
I added Veracrypt directly (\EFI\Veracrypt\DCSboot.efi) and Grub
Moreover, I added a bootorder namely Grub, Veracrypt. I also added an ' exit' entry in Grub in order to reach the second entry.
Funny enough, this didn't change anything about the devices listed in the boot order when entering UEFI firmware (via either F10 or F9). 'Exiting' Grub did not help either.
Booting into Linux again, efibootmgr reported no bootorder found again. Clearly, the firmware maintains its own standars and does not really care about efibootmgr.... (I repeated several times, but no boot order remains found).
Now I was wondering; How can it be that manually booting Dcsboot.efi gets me into windows, but if I add it as entry via the UEFI firmware it does not? How is a manual selection different from such a added entry. How is a manual selection different from loading in Grub?
What modules does VeraCrypt need to properly boot?
Strange. HP creates EFI FW with extra functions...
try to execute EFI shell. Check "bcfg" command to edit boot menu. try to execute DcsBoot.efi from the EFI shell
VeraCrypt-DCS executes:
DcsBoot.efi - manager
DcsInt.dcs - authorization
DcsProp - configuration
Optional
LegacySpeaker - speaker driver
DcsInfo - PlatformInfo generator
DcsBml - lock boot menu to protect Boot menu modification from OS
DcsCfg - EFI shell tool to create/test configuration
DcsRe - recovery
One more: Try to test 1.22Beta3
https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/
Last edit: Alex 2017-11-27
I am having the same issues, and had mostly given up. I tried 1.22 Beta3, with no additional luck. After going through the initial setup steps, I initiate the boot test. Computer turns off. I press power button, I get the HP boot screen for a few seconds, then a black screen. Then it goes back to the HP boot screen, and right into Windows.
I'm using an HP Elitebook 840 G1, Windows 10 (UEFI).
Probably VeraCrypt boot menu item is removed by HP firmware.