[issue]: Ventoy refuses to boot with Secure Boot on Dell Latitude #2902
Comments
|
I have the same problem with Dell laptops at work. I used to get the option to enroll the Ventoy keys at first Ventoy boot, then it reboots fine into Ventoy. I am no longer given that option, just fails as you describe. There was another issue posted on this not too long ago, actually came back here to find it. What does work is to change Secure Boot in the BIOS/UEFI from Deployed Mode to Audit Mode, then save and reboot. You still get those initial errors show (before the blue screen) but then boots into Ventoy. I don't know much about details with Secure Boot, but my basic understanding is that in audit mode it detects and logs the errors but does not block the boot process (in essence, you are auditing things!) Not sure what the security implications are and likely after install you can switch back to deployed mode if you want as the newly installed OS boot UEFI shim (or whatever) should have valid keys. Why Ventoy no longer works as used to when you could enroll the keys I do not know. I also do not know what issues come from enrolling the keys. On a plus side, this has got me digging into Secure Boot a little to try and better understand it! |
|
Having the same error messages as on video |
|
Either turn off secure boot in UEFI/BIOS or enable the secure boot support option in Ventoy
|
|
This issue is identical to mine. VID20240731155335.1.mp4
That is okay as a workaround, but it doesn't fix the issue itself. 😊 With most computers there is an option to perform MOK management. |
|
Uh.. i fixed the issue without changing anything but just downgrading one
version aka 1.0.98
*Regards*
*TechySkills*
…On Thu, Jul 11, 2024 at 8:34 PM OssDesign ***@***.***> wrote:
I have the same problem with Dell laptops at work. I *used* to get the
option to enroll the Ventoy keys at first Ventoy boot, then it reboots fine
into Ventoy. I am no longer given that option, just fails as you describe.
There was another issue posted on this not too long ago, actually came
back here to find it. What does work is to change Secure Boot in the
BIOS/UEFI from Deployed Mode to Audit Mode, then save and reboot. You still
get those initial errors show (before the blue screen) but then boots into
Ventoy.
I don't know much about details with Secure Boot, but my basic
understanding is that in audit mode it detects and logs the errors but does
not block the boot process (in essence, you are auditing things!) Not sure
what the security implications are and likely after install you can switch
back to deployed mode if you want as the newly installed OS boot UEFI shim
(or whatever) should have valid keys.
Why Ventoy no longer works as used to when you could enroll the keys I do
not know. I also do not know what issues come from enrolling the keys. On a
plus side, this has got me digging into Secure Boot a little to try and
better understand it!
—
Reply to this email directly, view it on GitHub
<#2902 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ATS23J2KDXT4C5NF6YWPIHDZL2QZ5AVCNFSM6AAAAABKO753W6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRTGI3DEMZRGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
This was exactly my error, but I fixed it by downgrading to 1.0.98 it is a ventoy fault i dont know what they changed but it works with 1.0.98, try with that 😉 |
Sounds like a workaround for now. Not sure what changed in it. Definitely some new feature it sounds like. @ventoy |
|
Yup, A new feature which broke the secure boot.
*Regards*
*TechySkills*
…On Mon, Aug 12, 2024 at 11:45 PM asheroto ***@***.***> wrote:
This was exactly my error, but I fixed it by downgrading to 1.0.98 it is a
ventoy fault i dont know what they changed but it works with 1.0.98, try
with that 😉
Sounds like a workaround for now. Not sure what changed in it. Definitely
some new feature it sounds like. @ventoy <https://github.com/ventoy>
—
Reply to this email directly, view it on GitHub
<#2902 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ATS23JZWGYOSB7XSQEXHN4TZRD7FHAVCNFSM6AAAAABKO753W6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUGY4DOMJYG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
People report that they can’t enroll the keys on their Secured-core PCs. https://forums.ventoy.net/showthread.php?tid=2896&highlight=enroll+key It affects all Surface devices, Dell, and Lenovo’s Secured-core PCs. If your PC is Secured-core and you want to boot with secure boot enabled, disable the “Microsoft UEFI CA” option in the BIOS setup. I’m not sure if it’s safe to disable it.
https://forums.ventoy.net/showthread.php?tid=2896&page=2&highlight=enroll+key If you’re not sure whether your PC is Secured-core, just Google your model or check to see if there’s the “Microsoft UEFI CA” option in the BIOS setup. |
|
That may be a good workaround, but I don't know if that's that's the "fix" for it. 😊 Especially since previous versions seem to work fine. |
What's your model? |
|
The computer I experienced the issue on is a |
|
Yes I am the guy with the E5540... and uh I dont think so I have ever seen
a UEFI CA option ever before on my Bios
*Regards*
*TechySkills*
…On Tue, Aug 13, 2024 at 2:59 AM asheroto ***@***.***> wrote:
The computer I experienced the issue on is a Dell OptiPlex 3020. Looks
like Dell Latitude E5540 has also been mentioned here, so not just one
model affected.
—
Reply to this email directly, view it on GitHub
<#2902 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ATS23J2NR2ECBGTCQEHDBLTZREV37AVCNFSM6AAAAABKO753W6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHE3TIOJYGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
If you don't see that option in your BIOS, that means your model is not "Secured-core". People aren't aware that they use Secured-core PCs, and previous versions won't work. They need to disable the option if they want to boot with secure boot enabled. Before doing that, I recommend they make a backup. |
|
Secured-core PCs are fairly new, and both of these models are not. 😊 But I will keep a lookout on newer PCs for that option you mentioned. I think this is still a bug, especially since previous versions work fine with the same computers. |
I believe it's a bug. Hopefully, they fix it in the next version. |
Official FAQ
Ventoy Version
1.0.99
What about latest release
Yes. I have tried the latest release, but the bug still exist.
Try alternative boot mode
Yes. I have tried them, but the bug still exist.
BIOS Mode
UEFI Mode
Partition Style
MBR
Disk Capacity
64GB
Disk Manufacturer
Kingston
Image file checksum (if applicable)
Yes.
Image file download link (if applicable)
https://www.microsoft.com/software-download/windows11?msockid=25005cd7c01065343308484cc1606434
What happened?
Ventoy refuses to boot with UEFI Secure boot ON, on a Dell Latitude E5540.
Gives some weird error when I boot into the USB from BIOS:
1st Error:
Failed to open \EFI\BOOT\ - Not Found
Failed to Load Image || - Not Found
start_image() returned Not Found, falling back to defualt loader.
Then it boots to a blue Security Violation Screen, and If only the Online Tutorials worked... I tried what the online tutorials said, and pressed enter, but it gave another error and straight up rebooted instead of going to MOKManager...
2nd Error:
Failed to load image: Security Policy Violation
start_image returened Security Policy Violation
A video is attached:
video_2024-07-07_09-00-41.mp4
The text was updated successfully, but these errors were encountered: