Jump to content











Photo
- - - - -

Windows 7 + Secure Boot possible?


  • Please log in to reply
6 replies to this topic

#1 ndog37

ndog37

    Member

  • Members
  • 88 posts
  •  
    New Zealand

Posted 20 January 2017 - 11:55 AM

It's possible to boot into Windows 7 using secure boot with a trick from cdob which involves modifying the BCD entry. However if I try to boot with secure boot enabled, there is an error about windows\system32\winload.efi not supporting secure boot. So I tried to overwrite it with the Windows 10 version (including en-US\winload.efi.mui) , however it still fails with the secure boot error. I don't understand much about the booting process, I'm just guessing, but why does this fail to work as winload.efi is signed? Is there more than just having the right efi files?

 

2dayffb.png



#2 wean_irdeh

wean_irdeh

    Newbie

  • Members
  • 29 posts
  •  
    Vietnam

Posted 20 January 2017 - 02:05 PM

Linux preloader.efi actually able to make efi payload supported in secure boot, just place the windows 7 winload.efi next to the preloader.efi, boot into preloader.efi, sign the winload.efi, and voila! now the windows 7 winload.efi supported in secure boot



#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 January 2017 - 02:10 PM

It's possible to boot into Windows 7 using secure boot with a trick from cdob which involves modifying the BCD entry. 

Which trick?

Link please :).

Maybe the "trick" only applies to a particular setup and yours is different.

 

The idea of "secure boot" is that boot is a chain and each link needs to be verified (or "secure").

Now what are the links in this chain?

Did you replace them all with "signed" files?

 

Or if you prefer, can you make a windows 8/8.1/10 working as secure boot and later add a Windows 7 install added as dual boot?

 

@wean_irdeh

To use preloader also hashtool is needed, isn't it?

https://wiki.archlin...php/Secure_Boot

 

:duff:

Wonko



#4 cdob

cdob

    Gold Member

  • Expert
  • 1469 posts

Posted 20 January 2017 - 03:59 PM

Is there more than just having the right efi files?

Are the kernel and hal importand too?

https://technet.micr...y/hh824987.aspx

In addition: test signing is disabled at secure boot
https://msdn.microso...p/hh848062.aspx

#5 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 20 January 2017 - 07:10 PM

In practice, the answer is no. But I did read something awhile back that basically said that Windows 7 can use Secure Boot if support for it is implemented at the OEM level. I remember it being on a Microsoft-hosted website, but cant locate that page now.



#6 ndog37

ndog37

    Member

  • Members
  • 88 posts
  •  
    New Zealand

Posted 21 January 2017 - 09:50 AM

Thanks @all

It makes sense now, even replacing winload.efi will cause it to fail as kernel and hal need to be signed too, possibly need to be replaced from windows 10 as well.

Case closed. 



#7 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 21 January 2017 - 04:21 PM

Yep, go ahead and try replacing 7's kernel with 10's. That will go over really well, for sure.


  • ndog37 likes this




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users