Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Secure Boot
#1
I have read https://www.ventoy.net/en/doc_secure.html and I don't get
Code:
ENROLL_THIS_KEY_IN_MOKMANAGER.cer

I don't want to disable secure boot, as I am looking to dual boot and somehow windows doesn't allow me to boot without it.
Reply
#2
If you want to support secure boot in Ventoy.
When you install Ventoy to the USB, you must enable "option---->Secure Boot Support" option. This option is disabled by default.
Reply
#3
I did this already.
I have mentioned in my post that I have read https://www.ventoy.net/en/doc_secure.html and so I have already done the mentioned steps.
Reply
#4
If you enable the support secure boot option, this file should be in the root of the 32MB VTOYEFI partition.
Did you enter the blue mokmanager screen?
Reply
#5
solved 
(09-16-2021, 12:26 PM)longpanda Wrote: If you enable the support secure boot option, this file should be in the root of the 32MB VTOYEFI partition.
Did you enter the blue mokmanager screen?
After going into the boot settings
1. I click on the USB device which shows - secure boot violation, invalid signature detected.
2. In the Boot order menu third option shows Boot from EFI file (first 2 options being my USB and SSD)
3. Clicking on the option shows 4 other options viz. grub, ventoy, efi and tool. Here the enroll option is not shown.

Also I do not get the blue screen as shown in the tutorials. My error screen is also different, I do not get Shim and Mokmanager screens.
Reply
#6
Plug your USB again to your computer and open Ventoy2Disk.exe
Does it show a lock icon on the right (as shown in the attachment picture) ? Which means the secure boot support option is enabled.


Attached Files Thumbnail(s)
   
Reply
#7
(09-16-2021, 02:51 PM)longpanda Wrote: Plug your USB again to your computer and open Ventoy2Disk.exe
Does it show a lock icon on the right (as shown in the attachment picture) ? Which means the secure boot support option is enabled.
Yes, it does
You don't have to be that specific with the picture.
I can read. LOL
Reply
#8
Ventoy use https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk as the secure boot solution.
It seems that it can not work in your computer. You can make an issue in this project and hope the author @ValdikSS
ValdikSS can fix it.
Reply
#9
(09-17-2021, 01:10 AM)longpanda Wrote: Ventoy use https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk as the secure boot solution.
It seems that it can not work in your computer. You can make an issue in this project and hope the author @ValdikSS
ValdikSS can fix it.
Can I have ENROLL_THIS_KEY_IN_MOKMANAGER.cer as a seperate file.
As I have mentioned earlier that I get an option "Boot from EFI file".
If I can put it in one of the folder shown and it will install ??
Reply
#10
You can have ENROLL_THIS_KEY_IN_MOKMANAGER.cer as a seperate file.
But this file is just for shim not the UEFI BIOS.
The shim is already signed with a valid signature and the shim will check the grub.efi.
For the first time, shim check grub.efi fail, so it will start the mokmanager screen for user to enroll the cer file.
After that, the second boot time, shim will check OK then start grub.efi.

Anyway, the EFI\BOOT\BOOTX64.efi is the shim and is signed with a valid key(because the shim is directly get from fedora/redhat distro)
So I don't known why your UEFI BIOS still report "- secure boot violation, invalid signature detected."
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)