Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 Is it time to update Ventoy?
#1
After a few days (9?) I have an active account.
I hope that the content of the post I wrote on September 1st is still relevant.

Applies to: Ventoy ver. 1.0.99.

On August 31, 2024, Debian was updated (12.6 -> 12.7, 11.10 -> 11.11).
In these releases, among other things, shim packages were updated (to version 15.8, signed to 1.44+15.8).

Even oldoldstable Buster received an update: https://tracker.debian.org/pkg/shim-signed (sic!).

In these updates, to put it simply, shim numbers were raised from 2 to 4.
You can see these numbers by issuing the command:
mokutil --list-sbat-revocations

Debian was probably the last to do it.
Fedora, OpenSuse did it earlier. 
Also Ubuntu/Mint/Clonezilla, which downloaded the latest shim from Debian Sid.
Even Windows reportedly released such an update on August 13.

Now that we have Secure Boot enabled (+ Ventoy UEFI key included) and new shim numbers in UEFI, we will not be able to start older systems (e.g. installed on a USB stick) that do not contain this update.

We will see the message:

Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation


and after a few seconds the computer will turn off by itself.

The only thing we can do then is to enter BIOS and disable Secure Boot or disconnect the USB drive with the older system (lower shim numbers).

We can also lower the shim number in the computer's UEFI (# mokutil --set-sbat-policy delete) or try to replace files in the Ventoy /EFI/BOOT/ directory ourselves.

Updating Ventoy on the updated system (shim 4) does nothing - Ventoy still has files from 2024-06-08 in the /EFI/BOOT/ directory.

That's why I think there's no point in trying to figure it out yourself.

A big request to Ventoy developers - update Ventoy.

Best regards.
Reply
#2
Fully agree: +1
Reply
#3
Yes please - for me too.
Reply
#4
This may or may not have something to do with this: https://forums.ventoy.net/showthread.php?tid=2965

I have a feeling that Ventoy as we know it will no longer be developed.  I suspect this issue of booting to Secure boot is going to cost some money for the developer, something they might be unable to do with a FOSS application.  I suspect that Ventoy may be at an end and perhaps a new app that is no longer FOSS is going to take it's place.  I may be wrong, and I hope I am.  I've just seen this happen a few times to great FOSS (or some other free license) apps being forced out by changes and requirements and are no longer feasible to support under the current FOSS model.
Reply
#5
(09-17-2024, 11:02 AM)Rootman Wrote: This may or may not have something to do with this: https://forums.ventoy.net/showthread.php?tid=2965

I have a feeling that Ventoy as we know it will no longer be developed.  I suspect this issue of booting to Secure boot is going to cost some money for the developer, something they might be unable to do with a FOSS application.  I suspect that Ventoy may be at an end and perhaps a new app that is no longer FOSS is going to take it's place.  I may be wrong, and I hope I am.  I've just seen this happen a few times to great FOSS (or some other free license) apps being forced out by changes and requirements and are no longer feasible to support under the current FOSS model.


I hope you are wrong too. But if you aren't, I guess there is always Rufus - which is not as flexible as Ventoy. But does not seem to have the Secure Boot problem either.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)