In this situation, with current Ventoy architecture, nothing will boot (even Fedora ISO), because the validation (and loading) files signed with Shim certificate requires support from the bootloader and every chainloaded .efi file (it uses custom protocol, regular EFI functions can't be used. And, for any of this to work, Ventoy would still need to independently solve the problem of allowing unsigned bootloaders pass through when Secure Boot is enabled @ventoy I'm aware that Super GRUB2 Disk's author tried to handle that, I'll ask him for comments. Ventoy can boot any wim file and inject any user code into it. I'll fix it. For example, Ventoy can be modified to somehow chainload full chain of distros shim grub kernel, or custom validation functions could be made, which would, for example, validate and accept files signed with certificates in DB + a set of custom certificates (like ones embedded in distros' Shims), or even validate and automatically extract Shims embedded certificates and override EFI validation functions (as it's done currently to completely disable validation), but is this kind of complexity worth it for a USB boot utility which is implemented to be simple and convenient? No bootfile found for UEFI! Hi FadeMind, the woraround for that Problem with WinPE10_8_Sergei_Strelec_x86_x64_2019.12.28_English.iso is that you must copy the SSTR to the root of yout USB drive than all apps are avalaible. For secure boot please refer Secure Boot . The user should be notified when booting an unsigned efi file. try 1.0.09 beta1? All other distros can not be booted. (I updated to the latest version of Ventoy). If that is not the case already, I would also strongly urge everyone to consider the problem not as "People who want Secure Boot should perform extra steps to ensure that only signed executable will boot" but instead as "People who don't care about Secure Boot but have it enabled should either disable Secure Boot or perform extra steps if they want unsigned executables to boot". All the .efi/kernel/drivers are not modified. Preventing malicious programs is not the task of secure boot. Linux distributives use Shim loader, each distro with it's own embedded certificate unique for each distro. Ventoy is supporting almost all of Arch-based Distros well. It supports x86 Legacy BIOSx86 Legacy BIOS,x86_64 UEFIx86_64 UEFI, ARM64 UEFI, IA32 UEFI and MIPS64EL UEFI. You need to make the ISO UEFI64 bootable. Thanks a lot. This means current is Legacy BIOS mode. Ubuntu has shim which load only Ubuntu, etc. ElementaryOS boots just fine. I cannot boot into Ventoy with Secure Boot enabled on my machine though, it only boots when I disable Secure Boot in BIOS. So from ventoy 1.0.09, an option for secure boot is added in Ventoy2Disk.exe/Ventoy2Disk.sh and default is disabled. but CorePure64-13.1.iso does not as it does not contain any EFI boot files. 4. There are many kinds of WinPE. Is there a way to force Ventoy to boot in Legacy mode? Fedora-Security-Live-x86_64-Rawhide-20200526.n.0 - 1.95 GB, guix-system-install-1.1.0.x86_64-linux.iso - 550 MB, ipfire-2.25.x86_64-full-core143.iso - 280 MB, SpringdaleLinux-8.1-x86_64-netinst.iso - 580 MB, Acronis.True.Image.2020.v24.6.1.25700.Boot.CD.iso - 690 MB, O-O.BlueCon.Admin.17.0.7024.WinPE.iso - 480 MB, adelie-live-x86_64-1.0-rc1-20200202.iso - 140 MB, fhclive-USB-2019.02_kernel-4.4.178_amd64.iso - 450 MB, MiniTool.Partition.Wizard.Technician.WinPE.11.5.iso - 390 MB, AOMEI.Backupper.Technician.Plus.5.6.0_UEFI.iso - 380 MB, O-O.DiskImage.Professional.14.0.321.WinPE.iso - 380 MB, EaseUS.Data.Recovery.Wizard.WinPE.13.2.iso - 390 MB, Active.Boot.Disk.15.0.6.x64.WinPE.iso - 400 MB, Active.Data.Studio.15.0.0.Boot.Disk.x64.iso - 550 MB, EASEUS.Partition.Master.13.5.Technician.Edition.WinPE.x64.iso - 500 MB, Macrium_Reflect_Workstation_PE_v7.2.4797.iso - 280 MB, Paragon.Hard.Disk.Manager.Advanced.17.13.1.x64.WinPE.iso - 400 MB, Passware.Kit.Forensic.2017.1.1.Win.10-64bit.BootCD.iso - 350 MB, orel-2.12.22-26.12.2019_13.14.livecd.iso - 1.1 GB, rocksolid-signage-release-installer-1.13.4-1.iso - 1.3 GB, manjaro-kde-20.0-rc3-200422-linux56.iso - 3 GB, OpenStage-2020.03-xfce4-x86_64.iso - 1.70 GB, resilientlinux-installer-amd64-2.2.iso - 2.20 GB, virage-beowulf-3.0-x86-64-UEFI-20191110_1146.iso - 1.30 GB, BlackWeb-Unleashed.19.11-amd64.hybrid.iso - 3 GB, yunohost-stretch-3.6.4.6-amd64-stable.iso - 400 MB, OpenMandrivaLx.4.2-snapshot-plasma.x86_64.iso - 2.10 GB Keep reading to find out how to do this. Boot net installer and install Debian. relativo a la imagen iso a utilizar It's the job of Ventoy's custom GRUB to ensure that what is being chainloaded is Secure Boot compliant because that's what users will expect from a trustworthy boot application in a Secure Boot environment. Boots, but cannot find root device. All the .efi files may not be booted. I have installed Ventoy on my USB and I have added some ISO's files : This disk, after being installed on a USB flash drive and booted from, effectively disables Secure Boot protection features and temporary allows to perform almost all actions with the PC as if Secure Boot is disabled. But this time I get The firmware encountered an unexpected exception. Maybe the image does not support X64 UEFI. Ventoy should only allow the execution of Secure Boot signed executables when Secure Boot is enabled, Microsoft's official Secure Boot signing requirements. Personally, I don't have much of an issue with Ventoy using the current approach as a stopgap solution, as long as it is agreed that this is only a stopgap, since it comes with a huge drawback, and that a better solution (validation of that the UEFI bootloaders chain loaded from GRUB pass Secure Boot validation when Secure Boot has been enabled by the user) needs to be implemented in the long run. Sign up for a free GitHub account to open an issue and contact its maintainers and the community. puedes poner cualquier imagen en 32 o 64 bits Some bioses have a bug. Maybe the image does not suport IA32 UEFI! Therefore, unless Ventoy makes it very explicit that "By enrolling Ventoy for Secure Boot, you understand that you are also granting anyone with the capability of running non Secure Boot enabled boot loaders on your computer, including potential malicious ones that would otherwise have been detected by Secure Boot", I will maintain that there is a rather important security issue that needs to be addressed. @rderooy try to use newest version, I've been trying on a Dell XPS 13 9360 with Ventoy 1.0.34 UEFI running and Memtest86-4.3.7.iso does not work. Yes, I already understood my mistake. Will it boot fine? ventoy.json should be placed at the 1st partition which has the larger capacity (The partition to store ISO files). Follow the urls bellow to clone the git repository. @ventoy For example, GRUB 2 is licensed under GPLv3 and will not be signed. However, Ventoy can be affected by anti-virus software and protection programs. This ISO file doesn't change the secure boot policy. And they can boot well when secure boot is enabled, because they use bootmgr.efi directly from Windows iso. That's actually very hard to do, and IMO is pointless in Ventoy case. . all give ERROR on HP Laptop : Expect working results in 3 months maximum. Newbie. Well, that's pretty much exactly what I suggested in points 1-4 from the original post, with point 4 altered from "an error should be returned to the user and bootx64.efi should not be launched" to "an error should be returned to the user who can then decide if they still want to launch bootx64.efi". Adding an efi boot file to the directory does not make an iso uefi-bootable. So by default, you need to disabled secure boot in BIOS before boot Ventoy in UEFI mode. As Ventoy itself is not signed with Microsoft key. You can put the iso file any where of the first partition. unsigned .efi file still can not be chainloaded. Option 1: Completly by pass the secure boot like the current release. sol-11_3-live-x86.iso | 1.22 GB, gnewsense-live-4.0-amd64-gnome.iso | 1.10 GB, hyperbola-milky-way-v0.3.1-dual.iso | 680 MB, kibojoe-17.09final-stable-x86_64-code21217.iso | 950 MB, uruk-gnu-linux-3.0-2020-6-alpha-1.iso | 1.35 GB, Redcore.Linux.Hardened.2004.KDE.amd64.iso | 3.5 GB, Drauger_OS-7.5.1-beta2-AMD64.iso | 1.8 GB, MagpieOS-Gnome-2.4-Eva-2018.10.01-x86_64.iso | 2.3 GB, kaisenlinuxrolling1.0-amd64.iso | 2.80 GB, chakra-2019.09.26-a022cb57-x86_64.iso | 2.7 GB, Regata_OS_19.1_en-US.x86_64-19.1.50.iso | 2.4 GB. You can put a file with name .ventoyignore in the specific directory. Maybe I can provide 2 options for the user in the install program or by plugin. Passware.Kit.Forensic.2017.1.1.Win.10-64bit.BootCD.iso - 350 MB Snail LInux , supports UEFI , booting successfully. @pbatard Sorry, I should have explained my position clearer - I fully agree that the Secure Boot bypass Ventoy uses is not secure, and I'm not using Ventoy exactly because of it. memz.mp4. https://abf.openmandriva.org/product_build_lists. You literally move files around and use a text editor to edit theme.text, ventoy.json, and so on. Ventoy will search all the directories and sub directories recursively to find all the iso files and list them in the boot menu. It's a bug I introduced with Rescuezilla v2.4. list vol - select vol of EFI (in my case nr 14) as illustrated - assign - EFI drive is mounted as Q: Also possible is: After booting with Win10XPE from RAMDISK the Hidden EFI Driv Hi MFlisar , if you want use that now with HBCD you must extract the iso but the ventoy.dat on the root of the iso recreate the iso with example: ntlite oder oder tools and than you are able to boot from. And for good measure, clone that encrypted disk again. For Hiren's BootCD HBCD_PE_x64.iso has been tested in UEFI mode. snallinux-.6-x86_64.iso - 1.40 GB Astra Linux , supports UEFI , booting successfully. Interestingly enough, the ISO does contain the efi files as I made sure to convert the whole IMG, which on the other hand is the basis for the creation of a memtest flash drive. Agreed. I can provide an option in ventoy.json for user who want to bypass secure boot. For instance, someone could produce a Windows installation ISO that contains a malicious /efi/boot/bootx64.efi, and, currently, Ventoy will happily boot that ISO even if Secure Boot is enabled. Hi, thanks for your repley boot i have same error after menu to start hdclone he's go back to the menu with a black windows saying he's loading the iso file to mem and that it freez. You can copy several ISO files at a time, and Ventoy will offer a boot menu where you can select them. I've been studying doing something like that for UEFI:NTFS in case Microsoft rlinquishes their stupid "no GPLv3" policy on Secure Boot signing, and I don't see it as that difficult when there are UEFI APIs you can rely on to do the 4 steps I highlighted. Sign in I would assert that, when Secure Boot is enabled, every single time an unsigned bootloader is loaded, a warning message should be displayed. If Secure Boot is not enabled, proceed as normal. Open net installer iso using archive manager in Debian (pre-existing system). The user has Ubuntu, Fedora and OpenSUSE ISOs which they want to load. I was just objecting to your claim that Secure Boot is useless when someone has physical access to the device, which I don't think is true, as it is still (afaik) required for TPM-based encryption to work correctly. That's theoretically feasible but is clearly banned by the shim/MS. openSUSE-Tumbleweed-KDE-Live-x86_64-Snapshot20200326-Media.iso - 952MB You answer my questions and then I will answer yours MEMZ.img was listed with no changes for me. Do NOT put the file to the 32MB VTOYEFI partition. using the direct ISO download method on MS website. legacy - ok On Mon, Feb 22, 2021 at 12:25 PM Steve Si ***@***. This same image I boot regularly on VMware UEFI. Inspection of the filesystem within the iso image shows the boot file(s) - including the UEFI bootfile - in the respective directory. What you want is for users to be alerted if someone picked a Linux or Microsoft media, and the UEFI bootloader was altered from the original. 5. extservice
Add firmware packages to the firmware directory. @pbatard Ventoy is an open source tool that lets you create a bootable USB drive for ISO files. It was working for hours before finally failing with a non-specific error. First and foremost, disable legacy boot (AKA BIOS emulation). However, I guess it should be possible to automatically enroll ALL needed keys to shim from grub module on the first boot (when the user enrolls my ENROLL_THIS_CERT_INTO_MOKMANAGER.crt) and handle unsigned efi binaries as a special case or just require to sign them with user-generated key? Even though I copied the Windows 10 ISO to flash drive, which presumably has a UEFI boot image on it, neither of my Vostros would recognize it. 1.- comprobar que la imagen que tienes sea de 64 bits en_windows_10_business_editions_version_2004_updated_may_2020_x64_dvd_aa8db2cc.iso I am not using a grub external menu. They do not provide a legacy boot option if there is a fat partition with an /EFI folder on it. Users can update Ventoy by installing the latest version or using VentoyU, a Ventoy updater utility. In a real use case, when you have several Linux distros (not all of which have Secure Boot support), several unsigned UEFI utilities, it's just easier to temporary disable Secure Boot with SUISBD method. . You signed in with another tab or window. Attached Files Thumbnail (s) Find Reply Steve2926 Senior Member WinPE10_8_Sergei_Strelec_x86_x64_2019.12.28_English.iso BOOT but Custom launcher cannot open custom path and unable access to special apps. your point) and you also want them to actually do their designated job, including letting you know, if you have Secure Boot enabled, when some third party UEFI boot loader didn't pass Secure Boot validation, even if that boot loader will only ever be run from someone who has to have physical access to your computer in the first place. *far hugh* -> Covid-19 *bg*. Firstly, I run into the MOKManager screen and enroll the testkey-ventoy.der and reboot. Would disabling Secure Boot in Ventoy help? Please thoroughly test the archive and give your feedback, what works and what don't. 1. Keeping Ventoy and ISO files updated can help avoid any future booting issues with Ventoy. Unsigned bootloader Linux ISOs or ISOs without UEFI support does not boot with Secure Boot enabled. We talk about secure boot, not secure system. Another issue about Porteus and Aporteus : if we copy ISO via dd or other tools or copy ISO contents to EFI partition of USB work perfectly in UEFI. Menu. There are many suggestion to use tools which make an ISO bootable with UEFI on a flash disk, however it's not that easy as you can only do that with UEFI-enabled ISO's. By UEFI enabled ISO's I mean that the ISO files contain a BOOT\EFI directory with a EFI bootloader. After the reboot, select Delete MOK and click Continue. Openbsd is based. (Haswell Processor) Tested in Memdisk and normal mode with 1.0.08b2. VentoyU allows users to update and install ISO files on the USB drive. The file size will be over 5 GB. I adsime that file-roller is not preserving boot parameters, use another iso creation tool. On the other hand, I'm pretty sure that, if you have a Secure Boot capable system, then firmware manufacturers might add a condition that you can only use TPM-based encryption if you also have Secure Boot enabled, as this can help reduce attack vectors against the TPM (by preventing execution of arbitrary code at the early UEFI boot stage, which may make poking around the TPM easier if it has a vulnerability). In Windows, some processes will occupy the USB drive, and Ventoy2Disk.exe cannot obtain the control right of the USB drive, so that the device cannot be listed. if it's possible please add UEFI support for this great distro. Copy the efisys.bin from C: > Windows > Boot > DVD > EFI > en-US to your desktop 3. You can press left or right arrow keys to scroll the menu. 2.-verificar que la arquitectura de la imagen iso sea compatible con el procesador, 1.-modo uefi: Any kind of solution? @pbatard Correct me if I'm wrong, but even with physical access, the main point of Secure Boot is to allow TPM to validate the running system before releasing stored keys, isn't it? 6. I don't know why. Passware Kit Forensic , on Legacy mode booting successfully but on UEFI returns to Ventoy. Thanks! When user check the Secure boot support option then only run .efi file with valid signature is select. When secure boot is enabled, only .efi/kernel/drivers need to be signed. to be used in Super GRUB2 Disk. This solution is only for Legacy BIOS, not UEFI. Is Ventoy checking md5sums and refusing to load an iso that doesn't match or something? BUT with Ventoy 1.0.74 legacy boot from the same ISO I get a black square in centre of menu (USB LED is flashing so appears to load). 2There are two methods: Enroll Key and Enroll Hash, use whichever one. Then your life is simplified to Persistence management while each of the 2 (Ventoy or SG2D) provide the ability to boot Windows if it is installed on any local . Ventoy has added experimental support for IA32 UEFI since v1.0.30. Ventoy2Disk.exe always failed to install ? Some modern systems are not compatible with Windows 7 UEFI64 (may hang) Ventoy loads Linux kernels directly, which are also signed with embedded Shim certificate. When Secure Boot is enabled, BIOS boot (CSM) should not work at all, since it would completely defeat the purpose of only allowing signed executables to boot. Try updating it and see if that fixes the issue. The user could choose to run a Microsoft Windows Install ISO downloaded from the MS servers and Ventoy could inject a malicious file into it as it boots. By clicking Sign up for GitHub, you agree to our terms of service and Go ahead and download Rufus from here. Hello , Thank you very very much for your testings and reports. How to make sure that only valid .efi file can be loaded. What exactly is the problem? Yes. Nierewa Junior Member. . No bootfile found for UEFI! The USB partition shows very slow after install Ventoy. md5sum 6b6daf649ca44fadbd7081fa0f2f9177 privacy statement. 4. The point of this issue is that people are under the impression that because Ventoy supports Secure Boot, they will get the same level of "security" booting Secure Boot compliant media through Ventoy as if they had booted that same media directly, which is indeed a fair expectation to have, since the whole point of boot media creation software is to have the converted media behave as close as possible as the original would. accomodate this. You can reformat it with FAT32/NTFS/UDF/XFS/Ext2/Ext3/Ext4 filesystem, the only request is that Cluster Size must greater than or equal to 2048. ***> wrote: But that not means they trust all the distros booted by Ventoy. eficompress infile outfile. Hiren's BootCD maybe that's changed, or perhaps if there's a setting somewhere to Format Ext4 in Linux: sudo mkfs -t ext4 /dev/sdb1
for grub modules, maybe I can pack all the modules into one grub.efi and for other efi files(e.g. Maybe we should just ask the user 'This file is not signed by Microsoft for 'Secure Boot' - do you still wish to boot from it?' size: 589 (617756672 byte) @pbatard, have you tested it? Maybe the image does not support X64 UEFI! Asks for full pathname of shell. Not exactly. Is there any progress about secure boot support? However, I would say that, if you are already running "arbritrary" code in UEFI mode to display a user message, while Secure Boot is enabled, then you should be able to craft your own LoadImage()/StarImage() that doesn't go through SB validation (by copying the LoadImage()/StarImage() code from the EDK2 and removing the validation part). So I think that also means Ventoy will definitely impossible to be a shim provider. Please follow About file checksum to checksum the file. edited edited edited edited Sign up for free . Sign up for a free GitHub account to open an issue and contact its maintainers and the community. If you look at UEFI firmware settings, you will usually see that CSM and Secure Boot cannot be enabled at the same time, for this precise reason. I have tried the latest release, but the bug still exist. 1.0.80 actually prompts you every time, so that's how I found it. 1. Ventoy Binary Notes: This website is underprovisioned, so please download ventoy in the follows: (remember to check the SHA-256 hash) https://github.com/ventoy/Ventoy/releases Source Code Ventoy's source code is maintained on both Github and Gitee. For me I'm missing Hiren's Boot CD (https://www.hirensbootcd.org/) - it's WindowsPE based and supports UEFI from USB. Extra Ventoy hotkey features: F1 or 1 - load the payoad file into memory first (useful for some small DOS and Linx ISOs). 4. Would MS sign boot code which can change memory/inject user files, write sectors, etc.? But i have added ISO file by Rufus. However, considering that in the case of Ventoy, you are basically going to chain load GRUB 2, and that most of the SHIMs have been designed to handle precisely that, it might be easier to get Ventoy accepted as a shim payload. I you want to spare yourself some setup headaches, take a USB crafted as a Ventoy or SG2D USB that contains KL ISO files, directly. Vmware) with UEFI mode and to confirm that the ISO file does support UEFI mode. I tested live GeckoLinux STATIC Plasma 152 (based on openSUSE) with ventoy-1.0.15. There are many kinds of WinPE. No idea what's wrong with the sound lol. 1.0.84 IA32 www.ventoy.net ===>
Already on GitHub? However, some ISO files dont support UEFI mode so booting those files in UEFI will not work. Windows 11 21h2 x64 Hebrew - Successfully tested on UFEI. Just right-click on "This PC" on the desktop, select "Manage", and click on "Disk Management . see http://tinycorelinux.net/13.x/x86_64/release/ For instance, it could be that only certain models of PC have this problem with certain specific ISOs. Help !!!!!!! orel-2.12.22-26.12.2019_13.14.livecd.iso - 1.1 GB Will polish and publish the code later. Maybe the image does not support x64 uefi . I would also like to point out that I reported the issue as a general remark to help with Ventoy development, after looking at the manner in which Ventoy was addressing the Secure Boot problem (and finding an issue there), rather than as an actual Ventoy user. Which brings us nicely to what this is all about: Mitigation. If you get some error screen instead of the above blue screen (for example, Linpus lite xxxx). da1: quirks=0x2. I used Rufus on a new USB with the same iso image, and when I booted to it with UEFI it booted successfully. But I was actually talking about CorePlus. An encoding issue, perhaps (for the text)? I suspect that, even as we are not there yet, this is something that we're eventually going to see (but most likely as a choice for the user to install the fully secured or partially secured version of the OS), culminating in OSes where every single binary that runs needs to be signed, and for the certificates those binaries are signed with to be in the chain of trust of OS. OpenMandrivaLx.4.0-beta.20200426.7145-minimal.x86_64.iso - 400 MB, en_windows_10_business_editions_version_1909_updated_march_2020_x64_dvd_b193f738.iso | 5 GB The only way to prevent misuse when booting from USB is to set a BIOS password (and perhaps a boot password), set the BIOS to not boot from USB and it won't hurt to also use an encrypted filesystem for the OS on the hard disk (bitlocker/LUKS). However what currently happens is that people who do have Secure Boot enabled will currently not be alerted to these at all. @BxOxSxS Please test these ISO files in Virtual Machine (e.g. Topics in this forum are automatically closed 6 months after creation. The text was updated successfully, but these errors were encountered: I believe GRUB (at least v2.04 and previous versions if patched with Fedora patches) already work exactly as you've described. 1.0.84 BIOS www.ventoy.net ===>
When enrolling Ventoy, they do not. Both are good. If the ISO file name is too long to displayed completely. The MEMZ virus nyan cat as an image file produces a very weird result, It also happens when running Ventoy in QEMU, The MEMZ virus nyan cat as an image file produces a very weird result Earlier (2014-2019) official GRUB in Ubuntu and Debian allowed to boot any Linux kernel, even unsigned one, in Secure Boot mode. Rename it as MemTest86_64.efi (or something similar). Some known process are as follows:
Most likely it was caused by the lack of USB 3.0 driver in the ISO. In Linux, you need to specify the device to install Ventoy which can be a USB drive or local disk. I'm afraid I'm very busy with other projects, so I haven't had a chance. slitaz-next-180716.iso, Symantec.Ghost.Boot.CD.12.0.0.10658.x64.iso, regular-xfce-latest-x86_64.iso - 1.22 GB Best Regards. @ventoy I can confirm this, using the exact same iso. Does the iso boot from s VM as a virtual DVD? @ventoy, I've tested it only in qemu and it worked fine. That's because, if they did want to boot non Secure Boot enabled ones, they would disable Secure Boot themselves. Error message: Follow the guide below to quickly find a solution. Okay, I installed linux mint 64 bit on this laptop before. Just like what is the case with Ventoy, I don't have much of an issue with having some leeway, on account that implementing proper signature validation requires some effort, during which unsigned bootloaders may be accepted, so as not inconvenience users too much. In this case, only these distros that bootx64.efi was signed with MS's key can be booted.(e.g. How did you get it to be listed by Ventoy? If anyone has Secure Boot enabled, there should be no scenario where an unsigned bootloader gets executed without at least a big red warning, even if the user indicated that they were okay with that. 2. . Ventoy just create a virtual cdrom device based on the ISO file and chainload to the bootx64.efi/shim.efi inside the ISO file. Secure Boot was supported from Ventoy 1.0.07, but the solution is not perfect enough. FreeBSD 13.1-RELEASE Aarch64 fails to boot saying "No bootfile found for UEFI!". If everything is fine, I'll prepare the repo, prettify the code and write detailed compilation and usage instructions, as well as help @ventoy with integration. There are many other applications that can create bootable disks but Ventoy comes with its sets of features. Ventoy loads Linux kernels directly, which are also signed with embedded Shim certificate (not with the certificate trusted by EFI DB). ISO file name (full exact name) Don't get me wrong, I understand your concerns and support your position. You signed in with another tab or window. It looks like that version https://github.com/ventoy/Ventoy/releases/tag/v1.0.33 fixes issue with my thinkpad. I have this same problem. That is to say, a WinPE.iso or ubuntu.iso file can be booted fine with secure boot enabled(even no need for the user to whitelist them) but it may contain a malicious application in it. Something about secure boot? Ventoy 1.0.55 is available already for download. Now, if Microsoft finally relinquished their abusive policy about not accepting GPLv3 code for Secure Boot signing and Ventoy was updated not to allow unsigned bootloaders when Secure Boot is enabled (i.e. Format NTFS in Windows: format x: /fs:ntfs /q
3. what is the working solution? Windows 7 32-bit does not support UEFI32 - you must use Win7 64-bit.. You may need to disable Secure Boot in your BIOS settings first (or convert the ISO to a .imgPTN23 file using the MPI Tool Kit). Just found that MEMZ.iso from https://mega.nz/folder/TI8ECBKY#i89YUsA0rCJp9kTClz3VlA works, file: Windows XP.ver.SP3.English @steve6375 For these who select to bypass secure boot. (The 32 bit images have got the 32 bit UEFI). My guesd is it does not.