Jump to content











Photo
- - - - -

How to get Windows 10 to boot in legacy mode? (UEFI on MBR)?


  • Please log in to reply
10 replies to this topic

#1 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 588 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 3 days ago

OK, so here's the deal.....I did a little experimenting awhile back and found that booting Windows 10 in UEFI mode on MBR partitioning works fine (http://reboot.pro/to...-gpt-very-easy/). My Samsung SSD is MBR-partitioned, and has a FAT32 EFI system partition, marked with the "EFI" flag in GParted. All runs fine, drivers install, updates install, games work, no BSODs. I chose MBR because this will allow me to boot legacy OSes as well. And I can use softwares like rEFInd and Clover for UEFI booting. I imagine that Linux should generally work fine on this setup too.

 

But now I have the issue of wanting to boot 10 in legacy mode. This of course requires the appropriate boot files, and an appropriate MBR. But if Clover's code (or whatever) is to occupy my disk's MBR, then Windows' MBR cannot live there too. So I'm thinking that maybe there is a way to chainload the Windows MBR, from something like GRUB4DOS, then it loads the Windows boot files, and (hopefully) 10 boots without BSODing.

 

I will also note that my C drive is encrypted with BestCrypt Volume Encryption, which to my surprise worked without a hitch. But if I am to boot 10 in legacy mode, then I will need to use the appropriate BC MBR so that it can decrypt and boot the C drive. This is another barrier that needs to be considered.

 

On a side note, I used the following command when installing 10, after installing the OS with imagex:

 

bcdboot C:\Windows /l en-US /s A: /f UEFI

 

C of course represents the C drive, A represents the letter I assigned to the EFI system partition. Valid options for /f are UEFI,BIOS, or All. I had tried the "All" option in the past and hit issues with BestCrypt and GRUB2.

 

Thanks again!



#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13917 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 3 days ago

You normally need not any "fancy" MBR.

The MBR on BIOS is just some means to load and execute the bootsector (PBR or VBR code).

If you use grub4dos you can even bypass that and directly chainload BOOTMGR directly, and - advised for experiments - you can still get away with a "Vista Boot floppy" image or similar.

That will work just fine, the complication is only given by your BestCrypt setup.

I am not familiar with the way Bestcrypt modifies the booting chain, but seemingly:

https://www.jetico.c..._in_version.htm

 

 

Since v.2 advanced users can move contents of BCVE code from MBR to first sector on removable device (floppy or USB stick) and restore original contents of the MBR sector. After that boot of encrypted operating system is possible only from the removable device, or, if the computer is dual-boot, only not encrypted system will load without displaying BCVE boot-time password prompt.

Several interesting schemes of booting computers can be invented with the help of the feature, example for dual-boot computers is only one of them. Although now the functionality is helpful rather to advanced users, future versions of BCVE will use it for enhancing security of the software.

there is no real need of the Bestcrypt IPL in the MBR, and very likely this feature can be "ported" to a floppy image loaded via grub4dos.

 

:duff:

Wonko



#3 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 588 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 3 days ago

Thanks for the response. Do you mind explaining what an IPL is? The point for me is to be able to boot in either UEFI or legacy modes, or with a UEFI emulator like Clover or DUET. There is no real need for doing this, apart from just "because I want to see if it is possible". Another issue I would like to avoid is the Windows Updates and hibernation issues that some in @milindsmart's "BIOS on GPT" thread seem to be experiencing. I think it is happening for them because some of them are loading Windows boot files from a floppy image. I do use hibernation sometimes and it is important to me that Windows Updates are able to install without failing because of arcane, unorthodox booting scheme or partitioning method. I am of course booting in UEFI on MBR, not GPT, but I think I might experience the issues they are having if I go the floppy route.

 

Are you saying that I just need to somehow find a way to make a copy of BC's bootloader code (that asks for the volume password), then chainload it with some other bootloader?

 

Thanks!



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13917 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 2 days ago

Are you saying that I just need to somehow find a way to make a copy of BC's bootloader code (that asks for the volume password), then chainload it with some other bootloader?

 

Thanks!

More or less yes.

 

IPL is the acronym for Initial Program Loader which is in itself an old (and now probably deprecated) "blanket" term that can be applied to anything that actually loads a program, typically on PC (BIOS) that is the code in a PBR/VBR (read as bootsector).

 

I was trying to make the distinction between the contents of "normal" MBR code (which only chainloads the bootsector of the active partition") and the bootsector itself that actually contains code that accesses the filesystem and loads a program.

 

I was suggesting to use for experiments the floppy image approach, so that you won't mess up with your hard disk, but since you are on MBR/BIOS, you should be able to later set it up as a "plain" boot from hard disk.

On the Bios on GPT thread the issue behind the hibernation/update problems revolve essentially on the "booting media" being not available (as it is mapped in a volatile manner).

 

As said the issue here is the Bestcrypt thingy, how it works and whether it will be chainloadable, etc. is the BIG question. :unsure:

 

If I were you I would make experiments in a virtual machine, first making a Windows 10 install (on MBR style disk) that can be booted BOTH in BIOS and in UEFI without any encryption overlay, then once the procedure is clear, add the encryption.

 

If you have also in the mix GRUB2 (installed to the MBR+hidden sectors) that will be a further complication, maybe that is the reason why your BCDBOOT command failed with /All (or /BIOS) :dubbio:

 

:duff:

Wonko



#5 cdob

cdob

    Gold Member

  • Expert
  • 1363 posts

Posted 2 days ago

Another issue I would like to avoid is the Windows Updates and hibernation issues that some in @milindsmart's "BIOS on GPT" thread seem to be experiencing.

Read the whole thread, at last the last three pages.
Go for a hard disk image. Boot from the hard disk image. Include Bestcrypt to this image first.
Mount the hard disk image early at windows boot. Use a third party disk driver to do this, not the default included vhd driver.

#6 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 588 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 2 days ago

@cdob: Thanks for the suggestion, but unfortunately a 3rd party disk driver, like WinVBlock or FiraDisk, is out of the question if at all possible. I would like to avoid using anything that requires constant booting in test-signing mode. I prefer my drivers to have valid digital signatures.



#7 cdob

cdob

    Gold Member

  • Expert
  • 1363 posts

Posted 2 days ago

The KernSafe Virtual Disk driver files EhSstorClass.sys and EhStorTcgDrv.sys are signed.

Small steps: try the floppy approach first.
And the "plain" boot from hard disk next.
If this works, use this.

#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13917 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 2 days ago

The KernSafe Virtual Disk driver files EhSstorClass.sys and EhStorTcgDrv.sys are signed.

This sounds like a different game :).

 

I presume that this will imply having the "boot" volume (the one with BOOTMGR and \boot\BCD) as a disk image initially mapped by grub4dos and later re-hooked by the KernSafe driver so that they allow the mounting of the "right" BCD as BCD0000001 in the Registry, i.e. "method #1" here:
http://reboot.pro/to...o-gpt/?p=204888

 

While till now we were on method #3

 

For method #1 any tutorial/specific howto on how to have the KernSafe drivers load before Trustedinstaller? :unsure:

 

:duff:

Wonko



#9 cdob

cdob

    Gold Member

  • Expert
  • 1363 posts

Posted A day ago

This sounds like a different game :).

Yes, and a overly complicated approach at given request.
Should be not required, take this as a last try.

Yes, it's "method #1" http://www.kernsafe....talmounter.aspx
No registry adjust, no driver load adjusting.
Most likely it's not the boot up, but the shut down. At which
Idea, not verified: The BCD has to be writable late, just before the reboot.

@IAmTheTrueMeaningOfCovfefe
As for testing:
Create a BestCrypt rescue media, a ISO image or a USB Disk.
Both integrate a floppy image. Inside the floppy image is a file bcve_mbr.bin.

Idea, not tested:
bcdboot C:\Windows /l en-US /s C: /f BIOS
Hexedit the file bcve_mbr.bin. Set the C: partiton active (0x80). Disalbe other active entries.
Can you boot from the rescue CD (ISO image) or the rescue USB Disk at BIOS mode?

Can you boot grub4dos, BIOS grub or BIOS syslinux from Clover?

Which partitons exist so far at hard disk?
Is one set active? Which one?

#10 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 588 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 15 hours ago

I have a spare USB SSD which I'm not using, so instead of going the VM route, I cannibalized it instead.

 

The setup:

1. 10 Enterprise 1709, originally installed in legacy mode, from an E2B 10 media booted in legacy mode as well

2. MBR partition table

3. 1024MB FAT32 partition is first, which has the "Boot" and "EFI" flags in GParted (I added EFI flag after setup completed, thinking it might prevent setup from finishing)

4. 100GB C drive

5. Extended partition, which contain a single logical partition, used for holding my Users folder, for which I used a method on TenForums to relocate it)

6. 47703MB of unallocated space at end of disk, for SSD overprovisioning, which is what the Samsung Magician software recommends

 

This leaves me able to create additional logicals in the extended, for more legacy OSes. And I still have a free primary partition slot. I had previously tried putting the c drive as a logical too, but setup wouldn't finish, it just kept spinning on the logo forever doing nothing.

 

Anyway, the initial boot was in legacy mode, setup finished. I used imagex for applying the WIM, the same bcdboot command as above but with the /f all parameter, and bootrec to create MBR. EFI partition has both UEFI and legacy boot files, disk currently has Windows bootstrap code in the MBR (which I'll change later). The setup USB was also in legacy mode, I had tried before in UEFI mode but bootrec /rebuildbcd failed with something like partition not found, it wrecked my E2B imgptn but not the USB itself.

 

After getting to desktop I turned off fastboot and immediately rebooted, using F7 to select Windows Boot Manager entry. No BSOD, System Information confirms UEFI boot mode. So if I select Samsung SSD in my boot menu, 10 boots in legacy, and if WBM is selected it boots in UEFI. I can switch at will between the 2 modes without issues, with no need of 3rd party programs. But I will still be testing hibernation, encryption, drivers, and updates on this disk. Those are the criticals for me.

 

@cdob: I'm not sure KernSafe will work, their webpage says it is only compatible with up to Windows 7. But it's worth trying anyway. What do you mean by plain boot? Like what I already have? I haven't encrypted yet, I don't think a floppy or other method will be necessary until I do that.

 

@Wonko: Can a floppy be avoided? It just sounds like extra fluff. I think it should be possible to use G4D or Clover to directly chainload a BC MBR/ISO, or just bootmgr if not encrypted.

 

Thanks!



#11 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13917 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 5 hours ago

Well, till now you are fine.

Of course if you have both the BOOTMGR and \boot\BCD (and code in the MBR and in the PBR that chainload those in BIOS mode) besides the \EFI\Microsoft\Boot\bootmgfw.efi and \EFI\Microsoft\Boot\BCD you need not the "floppy" (which is not a floppy it is a "floppy image", but it is just a small volume image)...

:duff:
Wonko




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users