Jump to content











Photo
- - - - -

Booting WinPE from hard disk and motherboard failure


  • Please log in to reply
37 replies to this topic

#26 alacran

alacran

    Gold Member

  • .script developer
  • 2386 posts
  •  
    Mexico

Posted 15 December 2021 - 07:28 PM

I don't know if I am allowed to mention about the brands and models, what's the forum's rule concerning this case?

 

I don't see any problem if you share the brands and models, in fact you are an old member of the forum, and not an spammer.

 

And I have no doubt it's important for all members and readers to know this info, to help avoid this catastrophic failures, if dealing with those models.

 

alacran



#27 Vortex

Vortex

    Frequent Member

  • Advanced user
  • 291 posts

Posted 15 December 2021 - 08:20 PM

Hello,

 

2 computers : HP Zbook Power G8
1 computer : I-Life ZED Air CX5 came back to life without any hardware replacement \ repair.


  • alacran likes this

#28 alacran

alacran

    Gold Member

  • .script developer
  • 2386 posts
  •  
    Mexico

Posted 15 December 2021 - 09:52 PM

Thanks, this allows me to share here the info I found about the desktops mentioned.

 

About the I-Life ZED Air CX5 that came back to life without any hardware replacement\repair, the issue could be related to any other malfunction of the MB, and not directly related to your batch file editing the BCD, as it is working perfectly fine now, IAW this post.

 

Next is a quote of the private message I send to Vortex related to the HP desktops info I found:

 

 

HP Zbook Power G8

From: https://www8.hp.com/...e=4AA7-9954ENUC

Security management:

Absolute persistence module; HP Device Access Manager; HP Power On Authentication; HP Security Manager; Integrated smart card reader; Master Boot Record security; Pre-boot authentication; HP Sure Click; Windows Defender; HP Secure Erase; HP Manageability Integration Kit; HP Sure Sense; HP Secure Platform; HP Sure Recover Gen3; HP BIOSphere Gen6; HP Sure Start Gen6; HP Sure Run Gen3; HP Tamper Lock; Nano Security Lock Slot; HP Client Security Suite Gen7; Trusted Platform Module TPM 2.0; 0; Windows Secured Core.

 

This is the full list, of course some of this items work only after the OS is running, but some of them (with links) run before the OS is loaded and some are integrated into the UEFI Bios, and only thing needed to block the PC is one of them detects an unautorized access to the PC (or as in this case a change in pre-set BCD), to block further boot process.

 

So to me there is no dubt the issue is caused by UEFI Bios settings + additional UEFI programs.

 

Maybe after a careful reading of UEFI Bios guide (if exists), you can dissable the undesired features, but I highly doubt it, as usually there is not any HP UEFI Bios guide to read.

 

Many of this features seem to me as a damn exaggeration.

 

But I can't investigate further as I don't have one of those PCs.  You will have to do it yourself.

 

alacran

 

In the previous quote I added some links to some features that seemed suspicious to me, as a possible cause of the MB blocking, but this does not mean these are the only potential causes of the issue.

 

So I strongly recommend in case of HP PCs, better analyze carefully all the Security management features, added by the OEM, before intent to make any modifications to the boot files/folders, (including editing so common things as the BCD), to avoid any potential malfunction or blocking of the MB.

 

alacran



#29 cdob

cdob

    Gold Member

  • Expert
  • 1469 posts

Posted 15 December 2021 - 10:38 PM

Today, one of those computers ( the lesser-known brand ) returned back to my office. Surprisingly, the computer had no any problems

-
Well, the computer was off/no external power supply for a couple of days.
This may be the difference.

I see, the motherboard failure arise at another location, another town, another users, average end users,

 

I've no idea about real issue:

broken motherboard, replace hardware

clear CMOS (basic motherboard settings)

press power button a long time, power down by hardware and restart

 

Let's assume the simple case:
Do this users know basic rescue?  Press and hold the power button for 10 - 30 seconds?
Shut down the machine thoroughly and restart.
Maybe there is no real issue, just a minor clitch.

 

Another idea: boot.wim at drive c: and bitlocker
Sorry, I wonder currently only, no question, no suggestion so far. It's a idea only.



#30 Vortex

Vortex

    Frequent Member

  • Advanced user
  • 291 posts

Posted 16 December 2021 - 06:37 PM

Hi cdob,

 

It's not about the intervention of other people. It was me, the last user who faced the motherboard failure after the attempt to boot to WinPE.

 

press power button a long time, power down by hardware and restart

 

 

I am afraid that should be the last resort as today's hardware is more fragil if you consider that the latest laptops are shipped with NVME m2 drives.

 

Bitlocker was turned off.



#31 Vortex

Vortex

    Frequent Member

  • Advanced user
  • 291 posts

Posted 16 December 2021 - 06:58 PM

Hi alacran,

 

The meeting of iLife and HP at the same failure after the WinPE experiment is a very strange coincidence. This is life as you can have million type of coincedences.

 

The adventures in the twilight zone continued today. The latest HP notebook returned back from maintenance. The report indicated the motherboard replacement. I tried again the batch file and everything went smoothly, Win10XPE booting successfully. The same hardware , the OS intact with the same securiy software. Later, I installed Windows 2021 H1 to get rid of the extra software bundled with the computer. I was able to update the BCD record with my batch file and boot to WinPE.

 

So I strongly recommend in case of HP PCs, better analyze carefully all the Security management features, added by the OEM, before intent to make any modifications to the boot files/folders, (including editing so common things as the BCD), to avoid any potential malfunction or blocking of the MB.

 

 

Exactly. I agree with you.

 

I copied the UEFI grub4dos loader to the FAT32 partition and renamed it to bootmgfw.efi ( the original Windows EFI boot manager renamed to bootmgfw10.efi ) I had no problem to boot to Windows. Tomorrow, I will try to boot the iso file :

 

menu.lst :

color blue/green yellow/red white/magenta white/magenta
timeout 30
default /default
 
title Windows 10
 
chainloader /EFI/Microsoft/Boot/bootmgfw10.efi
 
title Win10XPE
 
find --set-root /Win10XPE_x64.iso
map --mem /Win10XPE_x64.iso (0xff)
chainloader (0xff)


#32 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15976 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 December 2021 - 12:26 PM

Gibbs' Rule #39
There is no such thing as a coincidence.
https://ncis.fandom....s/Gibbs's_Rules
 
What happened to you (actually to your laptops) is more likely defined as "Act of God":
 

When a passenger check-in desk at Terminal Two, Heathrow Airport, shot up through the roof engulfed in a ball of orange flame, the usual people tried to claim responsibility. First the IRA, then the PLO and the Gas Board. Even British Nuclear Fuels rushed out a statement to the effect that the situation was completely under control, that it was a one in a million chance, that there was hardly any radioactive leakage at all and that the site of the explosion would make a nice location for a day out with the kids and a picnic, before finally having to admit that it wasn't actually anything to do with them at all.

No rational cause could be found for the explosion - it was simply designated an act of God. But, thinks Dirk Gently, which God? And why? What God would be hanging around Terminal Two of Heathrow Airport trying to catch the 15:37 to Oslo?

 
:duff:
Wonko

#33 alacran

alacran

    Gold Member

  • .script developer
  • 2386 posts
  •  
    Mexico

Posted 17 December 2021 - 10:44 PM

 

Hi alacran,

 

1 - I tried again the batch file and everything went smoothly, Win10XPE booting successfully. The same hardware , the OS intact with the same securiy software.

 

2 - I copied the UEFI grub4dos loader to the FAT32 partition and renamed it to bootmgfw.efi ( the original Windows EFI boot manager renamed to bootmgfw10.efi ) I had no problem to boot to Windows. Tomorrow, I will try to boot the iso file :

 

menu.lst :

color blue/green yellow/red white/magenta white/magenta
timeout 30
default /default
 
title Windows 10
 
chainloader /EFI/Microsoft/Boot/bootmgfw10.efi
 
title Win10XPE
 
find --set-root /Win10XPE_x64.iso
map --mem /Win10XPE_x64.iso (0xff)
chainloader (0xff)

 

 

I'm glad it's working as you want now, but following some questions and comments to clarify some things.

 

Related to the blue numbers added in the quote of your post:

 

1 - About this case (The same hardware , the OS intact with the same security software):

  1. Did you make any changes in Bios? as disabling Secure Boot in this case?
  2. Is it possible somebody modified Bios settings before your first failed attempt?
  3. Is it possible Bios or Security management (UEFI programs) incorporated in Bios of new MB, where updated or pre-set different by the OEM or the repair facility?

2 - It also works fine booting using UEFI grub4dos loader:

 

But you are omiting to boot this way Secure Boot has to be disabled, because it is well known the UEFI grub4dos loader DOES NOT work if SB is enabled.

 

And I'm 99 % sure, (in this case, just by disabling SB), this also disabled all other Security management things added by the OEM, (unless you disabled manually also some other items in the Bios before disabling SB, and also omitted to mention it).

 

So it seems in this case this is the key difference from your first intent, and now there is not something unexpected as SB is disabled.

 

Remember my comment on post No. 8:

 

...if possible as an extra precaution it is better always disable Secure Boot before working on the boot process or installing a OS (as an extra safety precaution, just in case), Or better (as I always do) just leave it disabled forever, ...

 

alacran



#34 Vortex

Vortex

    Frequent Member

  • Advanced user
  • 291 posts

Posted 19 December 2021 - 09:57 AM

Hi alacran,

 

I didn't modify the BIOS. Secure boot was already disabled before the motherboard issue.
Before the first failed attempt, no body touched the BIOS settings.
 
I don't think that the repair facility changes any settings, simply they changed the mother board.
 
UEFI grub4dos loads the .iso file without any problem. I am not omitting the status of secure boot ( disabled )
It's always on my mind.
 
Something interesting, before the motherboard failed, the boot menu was presented as GUI display, blue screen with white text.
After the repair, the boot menu appears as console window text, white characters on black screen.


#35 alacran

alacran

    Gold Member

  • .script developer
  • 2386 posts
  •  
    Mexico

Posted 19 December 2021 - 11:27 AM

 

Hi alacran,

 

I didn't modify the BIOS. Secure boot was already disabled before the motherboard issue.
Before the first failed attempt, no body touched the BIOS settings.
 
I don't think that the repair facility changes any settings, simply they changed the mother board.
 
UEFI grub4dos loads the .iso file without any problem. I am not omitting the status of secure boot ( disabled )
It's always on my mind.
 
Something interesting, before the motherboard failed, the boot menu was presented as GUI display, blue screen with white text.
After the repair, the boot menu appears as console window text, white characters on black screen.

 

 

Sorry to disagree with you, but:

 

HP very clearly says this model is freely updatable to Win11. In order to let OEMs say certain product is Win 11 updatable they have to comply with certain rules, one of them is their products have Secure Boot enabled and also that the PC has the TPM: Trusted Platform Module (TPM) version 2.0 already installed into the MB.

 

Previously (when failed) it was booting in the usual GUI mode, now it is booting in text mode (boot menu policy = legacy), please see attached picture, this change is made editing the BCD, this means the settings are not exactly the same as when the MB failed, so they were changed very possibly on the certified maintenance shop, including disable SB, and it also seems to me it is highly probable in first failed intent, SB was enabled (as it is usual), and you just involuntarily forgot to check it, and you are assuming you verified it.

 

I didn't mean you intentionally omitted in your previous post SB is currently disabled, I only mean you did not make any comment about its current status.

 

Changing the boot menu to legacy (boot menu policy = legacy), has an aditional advantage, it allows to boot directly to the option selected by the user, in GUI mode to boot anything different to the default Win OS installed, the PC is forced to make an extra new reboot and then it finaly boots from that option.

 

But anyway I'm glad it is working fine now the way you want/need.

 

alacran

Attached Thumbnails

  • Legacy-boot.png


#36 Vortex

Vortex

    Frequent Member

  • Advanced user
  • 291 posts

Posted 19 December 2021 - 06:29 PM

Hi alacran,

 

The secure boot feature was disabled before the motherboard failure. Let me explain. I installed all the required software on the HP laptop, sysprepped the operating system and then selected the boot from LAN in the BIOS settings, plus disabled secure boot ( SB ) . The reason to disable SB was to use Erwan's Tiny PXE Server supported by iPxe. Before the sysprep operation, I kept all the default \ bundled software of HP.

Receiving the laptop from the repair shop, I can confirm that the state of SB remained intact, it was disabled.

 

I will investigate the case of the legacy boot menu policy, thanks for the info.



#37 alacran

alacran

    Gold Member

  • .script developer
  • 2386 posts
  •  
    Mexico

Posted 19 December 2021 - 09:21 PM

Ok, that confirms SB was in fact and beyond any doubt disabled on your first intent when the MB failed, but at the same time will require an additional quest to find the cause of the issue, because this confirmed info also proves having SB disabled in that failed MBs was not enought to avoid the issue.

 

Then IMHO remaining possible culprid(s) is one (or more) of the extra Security management bundled programs.

 

About:

 

I will investigate the case of the legacy boot menu policy, thanks for the info.

 

If you are thinking in ask the repair shop about this, also ask them if they also made any other additional change on Bios, like disabling some of the extra Security management, because you would like to congratulate them if they did it, as it fixed the cause of failure, (maybe asking this way you can get desired info).

 

If they didn't disable some of those additional programs, then both MB(s) are maybe from the same batch with this defect (or improper default setting in Bios), that now is fixed by the OEM in new batches.

 

And I think after this there is no more that can be done to try to solve this mystery.

 

alacran



#38 Vortex

Vortex

    Frequent Member

  • Advanced user
  • 291 posts

Posted 22 December 2021 - 07:28 PM

Hi alacran,

 

Today, I had the opportunity to contact the call center of the authorized repair service. They told me that they could turn on the secure boot option if necessary. This does not apply to my case as the secure boot feature was not activated after the first repair. 






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users