Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 Any way to use an OS' security key instead of registering Ventoy's?
#1
Question 
Hi,

Maybe a bit of a niche question, but I've started using Ventoy at work to easily switch between diagnostic and various OS ISOs for client hardware, and one thing that's been floating in the back of my mind is,

"If a Windows ISO can boot fine, and an Ubuntu ISO can boot fine, how come I need to register Ventoy's certificate?"

I really don't know too much when it comes to exactly how secure boot works. I figured maybe it's a Microsoft thing where OEMs ship with private keys that only handshake with Windows, but my Ubuntu USBs will boot on these systems with no Mokmanager prompt as well.

In that case, is it possible to take the certificate from Ubuntu or Windows and "transplant" it onto my VTOYEFI partition? Or perhaps there's a tool I can use to enroll my Ventoy .cer with the private keys the UEFIs expect, or something?

Like I said, I'm not too sure how secure boot works on anything beyond a basic conceptual level, but if anyone could help me make it so I can boot my Ventoy USBs on new machines without enrolling the key or disabling secure boot every time, I'd be very appreciative Smile
Reply
#2
Some referrence:
https://www.rodsbooks.com/refind/secureboot.html#basic
https://www.rodsbooks.com/efi-bootloader...eboot.html
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)