Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 Ventoy enroll key manager not working in new Dell laptops that use SecureBoot
#14
(08-05-2024, 03:51 PM)MBSTech Wrote:
(08-03-2024, 11:28 AM)Steve2926 Wrote: Did you see this? Does your BIOS have a config entry for this?

https://download.lenovo.com/pccbbs/mobil...re_PCs.pdf

Secure Boot is supported by many Linux distributions and is an important security
feature for ensuring that your boot loader and kernel have not been tampered with.

Linux distributions use a Microsoft signed ‘shim’ executable that is then able to verify
the subsequent boot stages - that have been signed with the distribution key. The
Microsoft signed shim is signed using the “Microsoft 3rd Party UEFI Certificate”, and
this certificate is stored in the BIOS database.

Starting in 2022 for Secured-core PCs it is a Microsoft requirement for the 3rd Party
Certificate to be disabled by default. This means that for any of these Lenovo
platforms shipped with Windows preinstalled an extra step is needed to allow Linux to
boot with secure boot enabled.

To enable secure boot to work with Linux we need to enable the “Allow Microsoft 3rd
Party UEFI CA” option in the BIOS setup.


That option is actually available in the Dell bios and enabling it then allows you to enroll the Ventoy key.  Great find!  Thanks!

This workaround now no longer works.  We are now back where this thread started.  Must disable secureboot on Dell laptops in order to use Ventoy.

I really like Ventoy but this is eventually going to make me to find a different option for booting ISO's other than Ventoy.  Constantly turning secure boot off and on just to boot to an iso is getting old quickly.
Reply


Messages In This Thread
RE: Ventoy enroll key manager not working in new Dell laptops that use SecureBoot - by MBSTech - 08-22-2024, 04:13 PM

Forum Jump:


Users browsing this thread: 6 Guest(s)