help-grub
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Universal Secure Boot bootloader?

From: Steve
Subject: Re: Universal Secure Boot bootloader?
Date: Mon, 11 May 2020 08:32:33 +0100 
A Secure Boot UEFI BIOS can only boot signed UEFI boot files.
If it could boot to any other type of boot file then it wouldn't be secure!
If you disable Secure Boot, then you can UEFI-boot to unsigned UEFI boot
files.

Legacy\MBR BIOSes can only boot via the old Legacy BIOS methods.
UEFI BIOSes scan only boot using EFI boot files.

Some UEFI BIOSes allow you to enabled CSM in the BIOS options menu -
Compatibility Support Mode - essentially this just adds an old-style Legacy
BIOS along side the UEFI BIOS so that you can Legacy Boot or UEFI boot from
the same system.

So the two boot methods (UEFI and Legacy) are *completely different.* If
you UEFI-boot then there is no Legacy support (e.g. you can't use BIOS
interrupt calls which is the main method that Legacy BIOSes use). If you
Legacy-boot, then you cannot run EFI files because there are no UEFI API
calls available.

So, if you want to boot to some of the Legacy ISOs, you will need to enable
CSM in your BIOS (and disable Secure Boot).

Now it is possible that some Linux-based ISOs which do not support UEFI may
run from a UEFI-boot - but this is because grub2 is directly loading the
Linux kernel from inside the ISO (it needs to recognise the ISO type and
use the correct parameters, etc.). As long as that Linux kernel does not
use BIOS interrupt calls (i.e. it accesses the hardware directly via it's
own drivers) then it may boot to Linux even though the Linux ISO itself
will not UEFI boot.

https://www.easy2boot.com/useful-things-to-know/

S




On Mon, 11 May 2020 at 01:01, David Balažic <address@hidden> wrote:

> Thanks, I tried and it seems to work.
>
> What it can not do is to load legacy/MBR/BIOS code.
> At least I found no way.
>
> Can CloverBootManager do this? It is included in this package, but I
> found no way do do it (I can start CloverBoot, but it does not start
> MBR things only EFI)
>
> Regards,
> David
>
> On Sun, 10 May 2020 at 15:54, Steve <address@hidden> wrote:
> >
> > Try Easy2Boot v2 which uses a1ive grub2 File Manager and Kaspersky shim
> > Can Secure UEFI64 boot and run any payload (ISO, WIM, VHD, EFI, IMG,
> etc.)
> >
> > S
> >
> > On Sun, 10 May 2020 at 14:51, David Balažic <address@hidden> wrote:
> >>
> >> Hi!
> >>
> >> Is it possible to build a boot disk, that (using grub) loads anything,
> >> yet works on Secure Boot enables systems?
> >>
> >> Currently I have a utility USB drive, using grub legacy. Obviously, it
> >> does not work on Secure boot enabled systems.
> >>
> >> Is there a way to "fix" that?
> >>
> >> I did a quick look at the grub bootloader used by ubuntu, but it only
> >> loads signed kernels.
> >>
> >> Is there a version that loads unsigned kernels?
> >>
> >> The goal is to make a utility boot disk, that works on modern PC
> >> computers (without turning Secure boot off on them).
> >>
> >> Regards,
> >> David
> >>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]