starred/Ventoy-ventoy
1
0
Fork 0
mirror of https://github.com/ventoy/Ventoy.git synced 2026-03-03 00:07:49 -05:00
Code Issues 859 Projects Packages Wiki Activity

EFI Blocked !!!!!!! Latest Laptop UEFI 64+SECURE BOOT ON Blocked message. I have a solution for this. #655

New issue
Closed
opened 2026-02-20 19:33:44 -05:00 by deekerman · 8 comments
deekerman commented 2026-02-20 19:33:44 -05:00
Owner
Copy link

Originally created by @haseakash on GitHub (Feb 4, 2021).

I created E2B+agfm+VENTOY disk

however it works with secure boot on machines/laptops under year 2019.
without any issue or without enrolling key.

But latest version lenovo/hp/dell gaming laptops are having new security.

so im getting EFI blocked error on it. i tested 10 different gaming laptops.

However im finding solution for this.

i found a new solution here
https://www.ittoolspack.com/p/hybrid-tech.html

Edi made a pure uefi that can boot any latest laptops/pc without doing anything.

i learned that how he did.

so in my guess..

He boots Original Bootx64.efi without patching.
and he created custom bcd to boot another WINPE .

means ,
He boot via original bootx64.efi (Microsoft official) to WINDOWS BOOT MANAGER
Then he adds other WINPE Images to their using BCDEDIT.

So,
I having question,
Can we boot to Bootx64.efi>windows boot manager loader>grub.cfg?
or
Bootx64.efi>windows boot manager loader>ventoy64.efi?
or
Bootx64.efi>windows boot manager loader>ventoy?

we can skip windows boot manager setting timeout 0
and unmarking windows metro loader option in bootic bcd menu.

Anybody help me ?

i want to boot official bootx64.efi to ventoyx64.efi

mail me on

haseakash2008@gmail.com

thanks

Originally created by @haseakash on GitHub (Feb 4, 2021). I created E2B+agfm+VENTOY disk however it works with secure boot on machines/laptops under year 2019. without any issue or without enrolling key. But latest version lenovo/hp/dell gaming laptops are having new security. so im getting EFI blocked error on it. i tested 10 different gaming laptops. However im finding solution for this. i found a new solution here https://www.ittoolspack.com/p/hybrid-tech.html Edi made a pure uefi that can boot any latest laptops/pc without doing anything. i learned that how he did. so in my guess.. He boots Original Bootx64.efi without patching. and he created custom bcd to boot another WINPE . means , He boot via original bootx64.efi (Microsoft official) to WINDOWS BOOT MANAGER Then he adds other WINPE Images to their using BCDEDIT. So, I having question, Can we boot to Bootx64.efi>windows boot manager loader>grub.cfg? or Bootx64.efi>windows boot manager loader>ventoy64.efi? or Bootx64.efi>windows boot manager loader>ventoy? we can skip windows boot manager setting timeout 0 and unmarking windows metro loader option in bootic bcd menu. Anybody help me ? i want to boot official bootx64.efi to ventoyx64.efi mail me on haseakash2008@gmail.com thanks
deekerman commented 2026-02-20 19:33:50 -05:00
Author
Owner
Copy link

@ventoy commented on GitHub (Feb 4, 2021):

When secure boot is enabled:
As I known windows boot manager loader will NEVER run another .efi file which has no valid signature.
That is to say windows boot manager loader can ONLY boot Windows.

@ventoy commented on GitHub (Feb 4, 2021): When secure boot is enabled: As I known windows boot manager loader will NEVER run another .efi file which has no valid signature. That is to say windows boot manager loader can ONLY boot Windows.
deekerman commented 2026-02-20 19:33:51 -05:00
Author
Owner
Copy link

@haseakash commented on GitHub (Feb 5, 2021):

Agree that.

Can it is possible to make small ventoy WINPE boot to install windows after loading WINPE??

Please find solution for 100% pure secureboot.
latest laptops are blocking it.
i dont want to disable it every time on different laptops.

Only ITPS Tool pack can do that.

But they are using it loading windows boot manager to WINPE.

My problem is that i created multiple separate windows iso.
i want to make it all in one separate user choice with separate boot files.
ventoy can do that but, SECURE BOOT is major problem.
i dont want to enroll key .
also i was tried E2B+AGFM+Ventoy.
It works with secure boot ON.
but latest laptops newer than 2019 Year says EFI Security Blocked !! error.

So im searching solution for this problem.. from two months.
Anyone can make PURE UEFI Bootx64.efi??? that support Grub2?

Also 1 more thing i want to tell ventoy.

your project is amazing

Some user reported ventoy 1.33 having problem
Lenovo Ideapad 330-15ISK , Some samsung laptops.

Please find these models and search solution for their problem.
Already they mentioned model numbers in ISSUES.

Thanks.

DO SOMETHING FOR SECURE BOOT.

NOTHING IS IMMPOSSIBLE !!!!!!!!!!!!!!!!!!!!

@haseakash commented on GitHub (Feb 5, 2021): Agree that. Can it is possible to make small ventoy WINPE boot to install windows after loading WINPE?? Please find solution for 100% pure secureboot. latest laptops are blocking it. i dont want to disable it every time on different laptops. Only ITPS Tool pack can do that. But they are using it loading windows boot manager to WINPE. My problem is that i created multiple separate windows iso. i want to make it all in one separate user choice with separate boot files. ventoy can do that but, SECURE BOOT is major problem. i dont want to enroll key . also i was tried E2B+AGFM+Ventoy. It works with secure boot ON. but latest laptops newer than 2019 Year says EFI Security Blocked !! error. So im searching solution for this problem.. from two months. Anyone can make PURE UEFI Bootx64.efi??? that support Grub2? Also 1 more thing i want to tell ventoy. your project is amazing Some user reported ventoy 1.33 having problem Lenovo Ideapad 330-15ISK , Some samsung laptops. Please find these models and search solution for their problem. Already they mentioned model numbers in ISSUES. Thanks. DO SOMETHING FOR SECURE BOOT. NOTHING IS IMMPOSSIBLE !!!!!!!!!!!!!!!!!!!!
deekerman commented 2026-02-20 19:33:51 -05:00
Author
Owner
Copy link

@ventoy commented on GitHub (Feb 5, 2021):

When secure boot in enabled.
All the .efi files must be signed with a valid key which accepted by the BIOS or it will not be loaded.
But all the BIOS only accepted Microsoft's key by default, unless you enroll third-part key.
Windows's boot manager can not be used to load Ventoy, it can only boot windows.

So the only way is to pay money to Microsoft to get a signed shim loader.
Even so, there is no guarantee that Microsoft will agree to sign your program. They have a very strict code review mechanism.

@ventoy commented on GitHub (Feb 5, 2021): When secure boot in enabled. All the .efi files must be signed with a valid key which accepted by the BIOS or it will not be loaded. But all the BIOS only accepted Microsoft's key by default, unless you enroll third-part key. Windows's boot manager can not be used to load Ventoy, it can only boot windows. So the only way is to pay money to Microsoft to get a signed shim loader. Even so, there is no guarantee that Microsoft will agree to sign your program. They have a very strict code review mechanism.
deekerman commented 2026-02-20 19:33:51 -05:00
Author
Owner
Copy link

@ventoy commented on GitHub (Feb 5, 2021):

#135

@ventoy commented on GitHub (Feb 5, 2021): #135
deekerman commented 2026-02-20 19:33:51 -05:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Mar 3, 2021):

What kind of error do you get? Provide a screen photo or anything.

@ValdikSS commented on GitHub (Mar 3, 2021): What kind of error do you get? Provide a screen photo or anything.
deekerman commented 2026-02-20 19:33:51 -05:00
Author
Owner
Copy link

@haseakash commented on GitHub (Mar 4, 2021):

Error is " EFI UEB Device Blocked by the current security policy"
"Selected boot device is not authenticate"

means same as Motherboard blocking unsigned loader while secure boot ON.

Also, i don't want to enroll key manually.
im daily format different laptops.
i want to load grub2 loader without enrolling key manually.

I also tested your Super-UEFIinSecureBoot-Disk Project.
it also blocking security.

I DONT WANT TO ENROLL KEY MANUALLY.

So can u find solution in whole galaxy system??? xd :P
even i think thanos can do that ! :p

Please find solution. You are the best programmers.
I need PURE UEFI Solution.

@haseakash commented on GitHub (Mar 4, 2021): Error is " EFI UEB Device Blocked by the current security policy" "Selected boot device is not authenticate" means same as Motherboard blocking unsigned loader while secure boot ON. Also, i don't want to enroll key manually. im daily format different laptops. i want to load grub2 loader without enrolling key manually. I also tested your Super-UEFIinSecureBoot-Disk Project. it also blocking security. I DONT WANT TO ENROLL KEY MANUALLY. So can u find solution in whole galaxy system??? xd :P even i think thanos can do that ! :p Please find solution. You are the best programmers. I need PURE UEFI Solution.
deekerman commented 2026-02-20 19:33:51 -05:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Mar 4, 2021):

Well, does Ubuntu or Fedora linux ISO start? If it does not, then there's nothing can be done: UEFI has only Microsoft key in db, you'll have to enroll the key or disable Secure Boot.
If the ISO files do boot, then we'll see what could be done.

@ValdikSS commented on GitHub (Mar 4, 2021): Well, does Ubuntu or Fedora linux ISO start? If it does not, then there's nothing can be done: UEFI has only Microsoft key in db, you'll have to enroll the key or disable Secure Boot. If the ISO files do boot, then we'll see what could be done.
deekerman commented 2026-02-20 19:33:51 -05:00
Author
Owner
Copy link

@ventoy commented on GitHub (Oct 18, 2021):

This is an old issue. I will close it now.

@ventoy commented on GitHub (Oct 18, 2021): This is an old issue. I will close it now.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.1.10
v1.1.09
v1.1.08
v1.1.07
v1.1.06
v1.1.05
v1.1.04
v1.1.03
v1.1.02
v1.1.01
v1.1.00
v1.0.99
v1.0.98
v1.0.97
v1.0.96
v1.0.95
v1.0.94
v1.0.93
v1.0.92
v1.0.91
v1.0.90
v1.0.89
v1.0.88
v1.0.87
v1.0.86
v1.0.85
v1.0.84
v1.0.83
v1.0.82
v1.0.81
v1.0.80
v1.0.79
v1.0.78
v1.0.77
v1.0.76
v1.0.75
v1.0.74
v1.0.73
v1.0.72
v1.0.71
v1.0.70
v1.0.69
v1.0.68
v1.0.67
v1.0.66
v1.0.65
v1.0.64
v1.0.63
v1.0.62
v1.0.61
v1.0.60
v1.0.59
v1.0.58
v1.0.57
v1.0.56
v1.0.55
v1.0.54
v1.0.53
v1.0.52
v1.0.51
v1.0.50
v1.0.49
v1.0.48
v1.0.47
v1.0.46
v1.0.45
v1.0.44
v1.0.43
v1.0.42
v1.0.41
v1.0.40
v1.0.39
v1.0.38
v1.0.37
v1.0.36
v1.0.35
v1.0.34
v1.0.33
v1.0.32
v1.0.31
v1.0.30
v1.0.29
v1.0.28
v1.0.27
v1.0.26
v1.0.25
v1.0.24
v1.0.23
v1.0.22
v1.0.21
v1.0.20
v1.0.19
v1.0.18
v1.0.17
v1.0.16
v1.0.15
v1.0.14
v1.0.13
v1.0.12
v1.0.11
v1.0.10
v1.0.09
v1.0.09beta1
v1.0.08
v1.0.08beta2
v1.0.08beta1
v1.0.07
v1.0.06
Labels
Clear labels   
Denied Feature Request

   
File Corrupted

   
Fixed

   
Good practice

   
Not an issue

   
Not planed

   
USB 2.0/3.0

   
USB Hardware Issue

   
Wait Upstream Fix

   
bug

   
documentation

   
duplicate

   
enhancement

   
help wanted

   
question

   
wontfix

   
【Tested Image Report】

   
【Tested Image Report】
No labels
Denied Feature Request
File Corrupted
Fixed
Good practice
Not an issue
Not planed
USB 2.0/3.0
USB Hardware Issue
Wait Upstream Fix
bug
documentation
duplicate
enhancement
help wanted
question
wontfix
【Tested Image Report】
【Tested Image Report】
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Ventoy-ventoy#655
No description provided.