Thursday 27 March 2014

Adding KonBoot to Easy2Boot (with UEFI support)

KonBoot is no longer free, but for only $27 it is well worth adding to your Easy2Boot multiboot USB drive.

The  version 2.7 will work on all Windows systems from XP to Win 10. Kon-Boot now is able to bypass online account authorization on Windows 8/8.1. On Windows 10 only local account authorization bypass is available (with the possibility to add new administrator account automatically by using StickyKeys + command line).

Version 3.4 will also work on online (email address) accounts if you buy the Commercial License.

Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit)Yes (FULL SUPPORT (normal BIOS + UEFI BIOS)).
Local and online authorization.
Microsoft Windows 10 all versions (32Bit/64Bit)Yes (FULL SUPPORT (normal BIOS + UEFI BIOS)).
Local authorization bypass only. Local administrator account can be added automatically (USB only)
Kon-boot 2.7 has a new feature present called automatic powershell script execution. This feature is present only in COMMERCIAL LICENSES (UEFI64 mode only, Windows 8 x64/Windows 10 x64).

Not supported: Disk encryption, tablets (includes Microsoft Surface hybrid), multiple operating systems installed on target computer, kernel debuggers, enabled secure boot, virtualization software (VMware, QEMU, VirtualBox), authorization through domain. CD and Floppy versions are deprecated (but still in the package for compatibility reasons). 

Kon-Boot will not bypass authentication of domain controllers. Although there are instances where a client computer will locally cache a domain login, and Kon-Boot may work in this case. You can use the Sticky Keys Feature to add new local system administrator account.

The KonBoot manual is here.

Tip: always enter a 'dummy' password - do not leave the password blank when logging in.
If the system is on a Domain, disconnect the Ethernet cable and disable WiFi in the BIOS if it is used in case there is a locally cached user account.

Note: Newer licensed versions of KonBoot (2.7+) are locked to the particular Serial number, Product ID and Vendor ID of the USB flash drive, so unless the E2B USB drive is also registered as the KonBoot licensed drive, KonBoot will report an error (red GURU meditation error - see KonBoot FAQ). Unfortunately, the maximum size of flash drive allowed by the KonBoot installer is only 16GB which is not much use for a multiboot USB drive! 
When the install application is run, the file bootx64.efi will contain the flash drive details in an encrypted form. The KonWin.efi file is unaltered. To see which USB drive was originally used, see the konlog.txt log file in the installation file folder. e.g. '+ Got usb vendor="LEXARWN" / product="USB_FLASH_DRIVE" / serial="PX4EZAS2LRKRF5J20JN9".'
Details of how to make a UEFI64 Secure Bootable version of KonBoot are in eBook #4. 

UEFI or MBR?

You can use Windows Disk Manager to see if there is an EFI System Partition on your boot disk - if so then your system probably uses UEFI to boot to Windows.


Alternatively, just run MSINFO32 and look for the BIOS Mode  UEFI (or Legacy) entry.


MBR-booting

For the .img file, simply change the .img file extension to .imgfdhd01 and add it to the E2B USB drive.

Alternatively, copy the kon-bootFLOPPY\kon-bootFLOPPY.img file to the (say) \_ISO\MAINMENU\MNU folder of your Easy2Boot USB drive and also the FD0-konboot-v2.1.mnu file from the \_ISO\docs\Sample mnu files folder. Then change the title in the .mnu file to suit your version of KonBoot.
Note: Some systems do not show the Kon-Boot multi-colour, ASCII character boot screen (it just hangs with a black screen). The sample .mnu files in E2B v1.91A and later versions contain a special second menu entry with a patch to fix this issue.
You should find that the floppy image will work for all versions of Windows except if the system uses UEFI instead of the BIOS. Most new Windows 8/10 systems will use UEFI booting and contain GPT partitions instead of 'Simple' partitions.

UEFI-booting

To use KonBoot on a UEFI Windows system, you need to add the KonBoot EFI files to the Easy2Boot USB drive.

Recomended: SanDisk Extreme Pro 128GB (#ad)
 

The best way to achieve this is to make use of a spare FAT32 USB Flash drive and use the KonBoot script provided to make a new KonBoot flash drive. Then, once the drive has been confirmed as working (there should be a \EFI folder on it and it should UEFI-boot), simply convert it to a FAT32 .imgPTN file and add the file to your Easy2Boot USB drive as follows:

Make a .imgPTN KonBoot image for Windows UEFI-system and MBR systems

  1. Create a small (any size) single-partition FAT32 USB drive containing KonBoot in the way they suggest. Ensure that the \EFI folder is present on the USB drive for UEFI-booting.
  2. Test it works on a Mac or UEFI system and a normal BIOS system.
  3. Convert the USB flash drive to a FAT32 .imgPTN file using the E2B MPI ToolKit (drag-and-drop the USB drive letter onto the MPI_FAT32 Desktop shortcut).
  4. Copy the .imgPTN file to your E2B drive
  5. Boot it (in MBR mode) and switch to the .imgPTN partition - you can do this loads of ways:
    a. Real BIOS system
    b. Use the QEMU_MENU_TEST.cmd file on the E2B USB drive
    c. RMPrepUSB - QEMU
    d. VirtualBox
    e. MobaLiveCD.exe
    f. Some other VM like VMWare that can boot from a USB drive
    Alternatively, run \_ISO\SWITCH_E2B.exe and select the .imgPTN KonBoot file to switch it in.
  6. You should see the CSM menu when you MBR boot to the E2B USB drive.
  7. Ensure the volume label of the FAT32 partition is KONBOOT.
  8. Now connect the E2B USB drive to the Mac or UEFI system and see if it boots (hold down left-alt key whilst booting for MAC)
    You can also use it on MBR systems too.
    You may need to disable Secure Boot in the firmware first.
  9. When you have finished, you must return the E2B drive to it's normal E2B state - it can be done in a number of ways:
    a. boot it in a VM\emulator as listed above and choose option 0
    b. Under Windows, run the \e2b\Restore_E2B .cmd file
    c. Run \e2b\SWITCH_E2B.exe under Windows and click on the 'Restore E2B partitions' button.

Alternative method (no flash drive required)

You can make a .imgPTN file for Windows systems without needing to prepare a flash drive:

1. Create an empty folder called 'KonBoot' on your Windows Desktop
2. Copy the EFI folder and it's contents to the new KonBoot folder (.\KonBoot\EFI\...)
3. Copy the contents of the kon-bootUSB\USBFILES folder to the new KonBoot folder, so that the KonBoot now folder has the konboot.img + others files in it.
You can delete the grldr and menu.lst files if you wish as they are not needed.



4. Drag-and-drop the KonBoot Desktop folder onto the MPI_FAT32 Desktop shortcut - if prompted to combine the menu.lst files, answer No.

Booting KonBoot on a UEFI system

To run KonBoot on a UEFI Windows system:
1. Connect the E2B USB drive to the target system - it must be in the CSM mode after having selected the KonBoot .imgPTN file from the E2B menu.
2. Enter the BIOS configuration menu and ensure that Secure Boot is set to Disable
3. Select the E2B USB drive as the boot device but ensure it is listed as a UEFI Boot device
4. KonBoot should load via EFI and then boot to Windows (if the E2B menu loads then you have not booted via UEFI!)
5. If the system reboots before you get to the User login, use the BIOS menu to boot from the E2B USB UEFI drive again - this is sometimes necessary when more than one Windows installation is present on the system.
6. Always enter a dummy password (don't leave it blank).

If Win10 domain login or online login, press the SHIFT key 5 times to get an admin console and create a local Admin user account (see KonBoot guide).

Alternative UEFI-boot method (not recommended)

An alternative - which may not be successful on all systems is:
  1. The E2B USB drive MUST be formatted as FAT32 and should be the first partition on the drive (first entry in the partition table in the MBR).
  2. Copy the whole EFI folder from the kon-boot USB folder to the root of your E2B drive so you will have a \EFI folder on your E2B drive.
  3. The volume name may need to be KONBOOT instead of E2B for Kon-Boot v3 or later.
Note: Some BIOSes will not recognise the disk as UEFI-bootable unless the FAT32 partition is the only partition on the USB drive. Some BIOSes will not UEFI-boot if the FAT32 partition is the 2nd partition on the drive (e.g. NTFS+FAT32). Some BIOSes will not MBR-boot if valid \EFI boot files are present. This means that you will not be able to boot to the E2B or CSM menu on these systems as they only offer you the UEFI boot option!

E2B UtilMan and SetHC hack feature

E2B v1.92+ contains a useful automated way to use the UtilMan.exe hack for Windows XP-10 which works on all (unencrypted) Windows OS's. Since KonBoot has to rely on the same 'StickyKeys' bypass method for Windows 10 accounts with online authentication, you can use this method for free and it requires no typing of commands from the user either!

SuperFast USB 3 SSD M.2 enclosure (#ad)







Outdated instructions:

Using KonBoot UEFI with an Easy2Boot NTFS drive

Note: The instructions below are outdated and deprecated. I recommend you use MakePartImage to make a partition image (.imgPTN file) from a working KonBoot USB Flash drive.

If you want to have an NTFS EasyBoot USB drive and still be able to boot the UEFI version of KonBoot, you need to modify your E2B USB drive so that the first partition is a small (any size) FAT32 partition which holds the EFI KonBoot files.

Note: this may not work for many UEFI systems. Most UEFI systems will only recognise a Simple Volume (MBR) drive if there is only one partition on it which must be FAT32. It is best to use a .imgPTN image file as described above which will work on all systems.

This can easily be done with a 3rd-party utility such as Easeus Partition Master.

Partition 1: FAT32 Primary
    \EFI\boot\  (4 KonBoot .efi files)

Partition 2: NTFS Primary
    \_ISO        (easy2boot files)

Once you have made the FAT32 Primary partition, just copy the KonBoot EFI folder into it. Do NOT copy the KonBoot grldr, menu.lst or any other files to the FAT32 partition.

If the USB drive does not boot to E2B, re-install grub4dos using RMPrepUSB (it is best not to copy the grldr to the FAT32 partition so that the grldr file on the E2B NTFS partition is used instead).

If you are using a USB Removable Flash drive, the 2nd NTFS partition will no longer be accessible to Windows. You can gain access by using CTRL+O in RMPrepUSB to re-order the partitions.

Many UEFI systems may boot from the FAT32 partitition even if the FAT32 partition is the 2nd partition, but you will have more success if you ensure that the FAT32 partition is the first partition on the USB drive. Always use RMPrepUSB CTRL+O to ensure that the FAT32 partition is the first partition before you use it for UEFI KonBoot testing.

Tip: Add the E2B_PTN_SWAP.mnu menu file to your E2B MAINMENU folder and then you can swap over the two partitions from within E2B.

Note: New .imgPTN support in E2B v1.32 allows KonBoot UEFI to work on all (?) systems.




No comments:

Post a Comment