Jump to content











Photo
- - - - -

GRUB4DOS for UEFI


  • Please log in to reply
392 replies to this topic

#376 steve6375

steve6375

    Platinum Member

  • Developer
  • 7453 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 17 August 2021 - 07:45 AM

About the ext folder utilities

The grub4dos and grub4efi downloads now include a \ext folder which contains utilities which can be run under grub4dos\grub4efi.

Note that they are different!

Also the new grub4dos utilities will not run on older versions of grub4dos and vice versa.

 

If using both grub4dos and grub4efi on the same partition, you must make two /ext folders (e.g. /mbrext and /efiext) because the utilities are different.

 

 

/ext/hotkey -A   -  enable menu hotkey function + first character jump feature

#add a global hotkey to reload grub4efi

if "%@uefi%"=="64" /ext/hotkey [Ctrl+F8] "@root (bd) ;; chainloader /efi/boot/bootx64.efi ;; graphicsmode -1 1024 768 ;; boot" > nul

#@ prevents text from being echod to screen

 

/ext/hotkey -u     - uninstall hotkey

 

#check if boot device is removable flash drive or CD/DVD or floppy
set RMB=
(bd)/ext/efidiskinfo --rm (bd)
if %?%==1 set RMB=Removable Disk
if %?%==0 set RMB=Fixed Disk

 

you can also check if the drive is a USB drive, read-only, get block size, etc. using efidiskinfo.

Note that --usb-spec returns the current USB protocol being used which may not be the USB device spec or the USB port spec.

 

Note that the grub4efi /ext utilities DO NOT WORK for g4e UEFI32 - this effectively cripples UEFI32 support for grub4efi as hotkey function and all others just crash! I also cannot UEFI32 boot grub4efi when loading bootia32.efi using VBox and QEMU (crashes/reboots).


Edited by steve6375, 17 August 2021 - 07:58 AM.

  • Gerolf likes this

#377 alacran

alacran

    Gold Member

  • .script developer
  • 2230 posts
  •  
    Mexico

Posted 17 August 2021 - 08:25 AM

NOTE: steve6375 needs to change default location to adapt it to his E2B, but in case of the general/standard use I think it is better the default location.

 

IMHO I think it is better to use the default location for the external commands, as this simplifies the menu commands.

 

(From this post), Default location for grub4dos external commands is respectively:

 

UEFI version

 

On ext folder are the external commands that we can use, default location for them is the root of /EFI/grub folder.

 

MBR version

 

On ext folder are the external commands that we can use, default location for them is the root of /Boot/grub folder.

 

Check the default location (valid for both versions):

 

If you want to check default location: on command line just type command and enter to get the default location.

 

alacran



#378 steve6375

steve6375

    Platinum Member

  • Developer
  • 7453 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 17 August 2021 - 09:08 AM

I require NTFS partition to hold both grub4dos and grub4efi, so using \efi\boot does not work for me.

also, I change the path to point to where all my batch files are located (which work for both grub4efi and grub4dos).



#379 alacran

alacran

    Gold Member

  • .script developer
  • 2230 posts
  •  
    Mexico

Posted 17 August 2021 - 09:15 AM

Yes my friend, I understand you are making it that way in order to make it work on E2B.

 

But in case of the general/standard use I think it is better the default location, and the only intention was to avoid beginers potential confusion, I will make a note on my previous post to mention this.

 

alacran



#380 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15889 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 August 2021 - 01:51 PM

SERVICE POST

 

Posts related to the experiments by Gerolf with the various bootloaders/boot managers (and hopefully also the connected replies) have been moved to a separate thread, here:

 

http://reboot.pro/in...showtopic=22541

 

:duff:

Wonko


  • Gerolf likes this

#381 Gerolf

Gerolf

    Member

  • Members
  • 75 posts
  •  
    Germany

Posted 17 August 2021 - 07:17 PM

Thank you, Wonko, I agree to the moving of my posts, which applies to this one too, but the objections I want to answer are still at their old places.
 

Windows Update adds a key entry into the UEFI BIOS DBx blacklist which prevents the shim from being loaded if secure boot is enabled. The DBx list can be easily cleared by going into the UEFI BIOS Setup menu however.

Yes. Obviously this happened during my Experiments on GPT/UEFI with grub4dos, grub2, grub4EFI. After installation of Windows 10/11 and openSUSE Tumbleweed, with bootmgfw.efi being chainloaded by Shim and "Grub2EFI", the command msinfo32 told me I was running "BIOS mode: UEFI" in, five lines below, "Secure Boot State: On". This changed to "Off" after installation of Windows updates (and experiments with Chenall's Universal MBR in legacy mode), but it could easily be set back to "On" when I re-established the default platform key including the certificate for Windows 8 in the firmware setup.
 
Alacran said:

IMHO Gerolf is using for his tests a very old Lenovo laptop from 2013 and wimb is using a more modern Asus MB, the very different versions in the UEFI firmware, (based on very different versions of UEFI specs available at the time when each of them were builded), could explain the difference in the findings.
SB was included in the specs in 2013 perhaps the laptop firmware made in a hurry by Lenovo is more permissive. bad implemented or the SB option in it is fake

 
No. Because now I get the same error as Wimb did:
 

I have installed openSUSE Tumbleweed on GPT partition and can boot openSUSE Linux in UEFI Secure mode.
However, chainload of UEFI Grub4dos (Grub4EFI) fails in UEFI Secure mode with the message: bad shim signature
So indeed the secure boot chain is broken as expected already by alacran

 
Yes. Now, when I chainload "Grub4EFI" from "Grub2EFI" in UEFI Secure Boot mode, I get:
error: ../../grub-core/kern/efi/sb.c:150:bad shim signature
 So I have to reboot, enter the firmware setup and select "Reset to Setup Mode" in the Secure Boot options to clear the current platform key. Then I can boot from "Grub2EFI" to "Grub4EFI" to BootMGFW, but Windows 11 (and the firmware setup main page) will say: "Secure Boot State: Off". Nevertheless, the firmware, on the Security page, says: "Secure Boot enabled", and openSUSE's YaST reports "GRUB2 for EFI" as bootloader with "Secure Boot Support".
 
Slowly I get a better understanding what Secure Boot means. It doesn't require me to reinstall; on my test machine, Windows 11 starts up in UEFI mode, with or without Secure Boot, as well as in BIOS mode. It doesn't require me to give up modern Linux, or legacy software down to FreeDOS. I can have it all on my machine. But at boot time, I have to be "physically present" as an advanced user who knows how to switch the firmware settings, just because hopefully no malware can do this. This little procedure is a bit uncomfortable. Most people won't like to do it, and then forget how to do it. That's all about Microsoft's nasty little trick. Nothing criminal.
  • wimb likes this

#382 wimb

wimb

    Platinum Member

  • Developer
  • 3408 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted 17 August 2021 - 07:40 PM

No. Because now I get the same error as Wimb did:

 

 

OK, nice to hear about interesting results  :)

 

The Link given by you to Experiments on GPT/UEFI with grub4dos, grub2, grub4EFI does not work



#383 wimb

wimb

    Platinum Member

  • Developer
  • 3408 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted 18 August 2021 - 05:00 AM

No. Because now I get the same error as Wimb did:

 

 

Yes. Now, when I chainload "Grub4EFI" from "Grub2EFI" in UEFI Secure Boot mode, I get:

error: ../../grub-core/kern/efi/sb.c:150:bad shim signature

 So I have to reboot, enter the firmware setup and select "Reset to Setup Mode" in the Secure Boot options to clear the current platform key. Then I can boot from "Grub2EFI" to "Grub4EFI" to BootMGFW, but Windows 11 (and the firmware setup main page) will say: "Secure Boot State: Off". Nevertheless, the firmware, on the Security page, says: "Secure Boot enabled", and openSUSE's YaST reports "GRUB2 for EFI" as bootloader with "Secure Boot Support".

 

 

If you Clear the current platform key then indeed you have "Secure Boot State: Off" and in that case it is normal that you can chainload UEFI Grub4dos

 

But when you have "Secure Boot State: On" then you cannot chainload UEFI Grub4dos, just as I observed in my case with UEFI Secure Boot On

 

Also WinNTSetup can give you reliable info on UEFI Secure Boot State as shown here

 

Win11_SB_SUSE_2021-08-18_062345.jpg == opensuse_SB_2021-08-18_102445.jpg == opensuse_2021-08-18_102548.jpg == Win11x64_VHD_SB_2021-08-18_133700.jpg

 

The attachment makes it easy to experiment with opensuse shim

 

without the need to download openSUSE Tumbleweed and make bootable USB

 

and without the need to create Linux partition and then Install openSUSE .....a lot of work  :rolleyes:

 

The opensuse folder is expected to occur in EFI folder next to Boot and Microsoft folder

 

UEFI Grub4dos file bootx64_g4d.efi is in EFI\Boot folder

 

Use BOOTICE x64 and UEFI tab to Edit boot entries ... as indicated

 

Attachment Encrypted with password = bootwimb

 

Attached Files


  • Gerolf likes this

#384 a1ive

a1ive

    Member

  • Developer
  • 49 posts
  •  
    China

Posted 18 August 2021 - 12:57 PM

*
POPULAR

How do I edit the content of a post?
GRUB4EFI / GRUB4DOS download link:
https://github.com/c...ub4dos/releases
http://grub4dos.chenall.net/
Bug Report:
https://github.com/c...grub4dos/issues
Other discussions:
https://github.com/c...dos/discussions

reboot.pro is often down and slow to load.
The main developers of grub4dos (yaya, chenall and me) are mainly active on github.
So I recommend reporting bugs, requesting features or asking questions on github.
  • wimb, alacran and Gerolf like this

#385 alacran

alacran

    Gold Member

  • .script developer
  • 2230 posts
  •  
    Mexico

Posted 18 August 2021 - 01:12 PM

Attachment Encrypted with password = bootwimb

attachicon.gif opensuse.zip

 

I can't download your attachment, please re-upload it.

 

Thanks in advance

 

alacran



#386 wimb

wimb

    Platinum Member

  • Developer
  • 3408 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted 18 August 2021 - 01:14 PM

Browser Refresh is needed since I just Uploaded instead Encrypted version of opensuse.zip



#387 alacran

alacran

    Gold Member

  • .script developer
  • 2230 posts
  •  
    Mexico

Posted 18 August 2021 - 01:18 PM

Now downloaded fine the Encrypted version, thanks.

 

alacran



#388 steve6375

steve6375

    Platinum Member

  • Developer
  • 7453 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 18 August 2021 - 03:37 PM

E2B with grub4efi  first Beta is now available.

See https://rmprepusb.bl...ow-support.html for details and download link.

Secure Boot is supported as long as the Kaspersky shim is not blacklisted in the UEFI firmware NVRAM database.


Edited by steve6375, 18 August 2021 - 03:56 PM.

  • devdevadev and Gerolf like this

#389 wimb

wimb

    Platinum Member

  • Developer
  • 3408 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted 20 August 2021 - 01:59 PM

If you Clear the current platform key then indeed you have "Secure Boot State: Off" and in that case it is normal that you can chainload UEFI Grub4dos

 

But when you have "Secure Boot State: On" then you cannot chainload UEFI Grub4dos, just as I observed in my case with UEFI Secure Boot On

 

Also WinNTSetup can give you reliable info on UEFI Secure Boot State as shown here

 

 

Besides openSUSE Tumbleweed you can use Ubuntu or Fedora for booting in UEFI Secure mode with Grub2

 

and when "Secure Boot State = Off" you can chainload UEFI Grub4dos and map VHD.

 

However openSUSE and Ubuntu and Fedora Grub2 don't allow to map VHD

or to chainload grub2-filemanager file grubfmx64.efi for which you need to use a1ive Grub2 as used in UEFI_MULTI

 

I tried also Kali Linux but that does not support UEFI Secure booting.

 

The ubuntu folder is expected to occur in EFI folder next to Boot and Microsoft folder

 

UEFI Grub4dos file bootx64_g4d.efi is in EFI\Boot folder

 

Use BOOTICE x64 and UEFI tab to Edit boot entries ... as indicated

 

Attachment Encrypted with password = bootwimb

 

ubuntu_SB_2021-08-20_105618.jpg

 

Attached File  ubuntu-E.zip   1.29MB   45 downloads


  • Gerolf likes this

#390 Gerolf

Gerolf

    Member

  • Members
  • 75 posts
  •  
    Germany

Posted 01 September 2021 - 10:26 PM

The attachment makes it easy to experiment with opensuse shim

without the need to download openSUSE Tumbleweed and make bootable USB

and without the need to create Linux partition and then Install openSUSE .....a lot of work  :rolleyes:

 

Thank you for testing this approach and for uploading the essential files, Wimb! (Well, Firefox warns not to download your opensuse-E.zip as it "contains a virus or malware", but Windows Defender cannot detect any such thing.)

 

I said:

If this shim.efi is generated during installation, it might as well contain e.g. a checksum about the individual motherboard so that it would not be portable to another machine.

 

No. A binary file comparison with "fc /b" shows that the shim.efi in your opensuse-E.zip is exactly the same file that has been installed to my test computer. (Sorry, this test was overdue.)


  • wimb likes this

#391 wimb

wimb

    Platinum Member

  • Developer
  • 3408 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted 02 September 2021 - 05:06 AM

Thank you for testing this approach and for uploading the essential files, Wimb! (Well, Firefox warns not to download your opensuse-E.zip as it "contains a virus or malware", but Windows Defender cannot detect any such thing.)

 

I said:

 

No. A binary file comparison with "fc /b" shows that the shim.efi in your opensuse-E.zip is exactly the same file that has been installed to my test computer. (Sorry, this test was overdue.)

 

At first the opensuse.zip download was not encrypted and you get the Firefox warning.

Later I have Encrypted the download so that this problem should not occur anymore.

When unpacking the download you should switch off antivirus software like Norton to avoid problems.

 

Nice to hear that the opensuse shim.efi file is useful to you and is exactly the same as that you used before.



#392 alacran

alacran

    Gold Member

  • .script developer
  • 2230 posts
  •  
    Mexico

Posted 11 September 2021 - 01:44 AM

JFYI

 

grub4dos-0.4.6a-2021-08-13.7z 520K

 

grub4dos-for_UEFI-2021-09-08.7z 976K

 

I can confirm ISO issue isn't present anymore on UEFI version.

 

alacran


  • wimb likes this

#393 alacran

alacran

    Gold Member

  • .script developer
  • 2230 posts
  •  
    Mexico

Posted 6 days ago

JFYI

 

grub4dos-for_UEFI-2021-10-21.7z 988K

 

Update information (update log): 2021-10-21 7eceae9@chenall Update release.yml compile environment modified to ubuntu-18.04 corresponding source code

 

grub4dos-0.4.6a-2021-10-15.7z 520K

 

Update information (update log): 2021-10-15 eee10ae@yaya . Fix that when the pipe character ‘|’ is followed by the call (or goto) tag, a space must be added. issues #341 Corresponding source code

 

Haven't tested none of them yet.

 

alacran


  • wimb and Tokener like this




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users