12-29-2020, 08:48 PM
If Secure Boot is enabled in the UEFI BIOS, then only files which have been signed by Microsoft are valid and will run.
A UEFI BIOS can contain a 'whitelist' (DB) and a 'blacklist' (DBx) of keys.
Mok Manager will add the key for the Ventoy EFI boot file into the DB database (keys are usually stored in EEPROM flash memory on the motherboard).
Flashing the BIOS can also clear the stored keys but usually you have to specify an extra command line option (depends on the flash utility) - otherwise if you flashed a new BIOS you would lose all your keys and the operating system might not Secure Boot afterwards.
To get any UEFI boot file signed by Microsoft costs many $1000's.
The PartedMagic developers paid the $ to MS which is probably why PartedMagic is no longer free.
A UEFI BIOS can contain a 'whitelist' (DB) and a 'blacklist' (DBx) of keys.
Mok Manager will add the key for the Ventoy EFI boot file into the DB database (keys are usually stored in EEPROM flash memory on the motherboard).
Flashing the BIOS can also clear the stored keys but usually you have to specify an extra command line option (depends on the flash utility) - otherwise if you flashed a new BIOS you would lose all your keys and the operating system might not Secure Boot afterwards.
To get any UEFI boot file signed by Microsoft costs many $1000's.
The PartedMagic developers paid the $ to MS which is probably why PartedMagic is no longer free.