Preamble:
Some moths ago Wonko let us know about this project: http://reboot.pro/to...-uefi-bootdisk/
I went again yesterday to the page on GitHub: https://github.com/V...SecureBoot-Disk
Description
Secure Boot is a feature of UEFI firmware which is designed to secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature.
Most of modern computers come with Secure Boot enabled by default, which is a requirement for Windows 10 certification process. Although it could be disabled on all typical motherboards in UEFI setup menu, sometimes it's not easily possible e.g. due to UEFI setup password in a corporate laptop which the user don't know.
This disk, after being installed on a USB flash drive and booted from, effectively disables Secure Boot protection features and temporary allows to perform almost all actions with the PC as if Secure Boot is disabled. This could be useful for data recovery, OS re-installation, or just for booting from USB without thinking about additional steps.
On that page there is a link to download page of the project: https://github.com/V...t-Disk/releases
And also there is a link to an article written by the author https://habr.com/ru/post/446238/with additional info.
Last version available is: Super UEFIinSecureBoot Disk v3 released on March 12th 2019, just a few days after Wonko started his thread.
Super UEFIinSecureBoot Disk v3 includes:
- Signed x86_64 Shim v13 with MokManager v13 from Fedora
- Signed i386 Shim v15 with MokManager v13 from Fedora
- Insecure PreLoader
- Insecure GRUB2
Well, after this long preamble I will comment what I have done so far:
Install:
Downloaded the: Super-UEFIinSecureBoot-Disk_v3.zip (38.5 MB)
Downloaded Balena Etcher: Etcher for Windows (x86|x64) (Portable) v1.5.63 (118 MB) from https://www.balena.io/etcher/(it seems too heavy for a portable version).
Then I used an old 4 GB USB stick to install on it Super UEFIinSecureBoot Disk v3.zip (no need to extract it), by means of Etcher. The install process erased the USB stick and created a 500 MB partition with 42.2 MB used space, partition is: primary partition Fat-32 not Active, no tag (I used GRUB2 for Vol name), MBR is GRUB2 and no PBR code on it. there is only a folder "EFI" and a file ENROLL_THIS_KEY_IN_MOKMANAGER.cer into it.
Into EFI folder I found 4 folders: BOOT, efi, grub and iso. (see attached pictures).
They recommend to enlarge this partition to let us put several Linux Live Isos on \EFI\iso
This is getting too long I better continue on next Post.
alacran