UEFI_GRUB2_PTN2_Beta5.imgPTNLBAa23 is available from the Alternate Downloads Area - Other Files folder.
The main difference between this version and the previous version is that for UEFI-booting to grub2, it uses a 64-bit shim for Secure Booting.
You may find that the grub2 menu will load in Secure Boot mode without using MOK Manager. However, only Memtest86 will work and the menu will not be correctly populated unless you use MOK Manager first.
Note that this procedure alters the Non-Volatile RAM storage area on the target PC.
I have found it extremely difficult\impossible to remove the hash keys afterwards! I have tried using the UEFI BIOS menu options and also booting to linux and using mokutil. Neither of these seemed to completely reset the NVRAM and clear the keys! mokutil may set a MOK Manager password which I also found difficult to remove afterwards (maybe it is just me!).
My point is, if it is at all possible, go into the BIOS and disable Secure Boot - try to avoid using MOK Manager!
1. If you wish to secure boot to the grub2 menu, then you will be prompted to load MOK Manager.
2. Choose the Enroll hash from disk option.
3. Use the GUI to navigate to the \EFI\boot folder on the USB drive and select the grubx64.efi file - you may be offered to view the hash and then enroll it.
4. Repeat the Enroll hash from disk process, but this time for \EFI\boot\bootx64.efi
5. Select 'Continue to boot' and you should see the grub2 menu
Good luck and please don't blame me if you 'brick' your system or 'modify' it without being able to undo the changes - you have been warned!
The main difference between this version and the previous version is that for UEFI-booting to grub2, it uses a 64-bit shim for Secure Booting.
You may find that the grub2 menu will load in Secure Boot mode without using MOK Manager. However, only Memtest86 will work and the menu will not be correctly populated unless you use MOK Manager first.
Note that this procedure alters the Non-Volatile RAM storage area on the target PC.
I have found it extremely difficult\impossible to remove the hash keys afterwards! I have tried using the UEFI BIOS menu options and also booting to linux and using mokutil. Neither of these seemed to completely reset the NVRAM and clear the keys! mokutil may set a MOK Manager password which I also found difficult to remove afterwards (maybe it is just me!).
My point is, if it is at all possible, go into the BIOS and disable Secure Boot - try to avoid using MOK Manager!
1. If you wish to secure boot to the grub2 menu, then you will be prompted to load MOK Manager.
2. Choose the Enroll hash from disk option.
3. Use the GUI to navigate to the \EFI\boot folder on the USB drive and select the grubx64.efi file - you may be offered to view the hash and then enroll it.
4. Repeat the Enroll hash from disk process, but this time for \EFI\boot\bootx64.efi
5. Select 'Continue to boot' and you should see the grub2 menu
Notes
- If you wish to remove the hash key afterwards from the BIOS, you can try the BIOS Setup options to delete them (e.g. db keys), however, I found this did not work on my Lenovo IdeaPad 300.
- You can also boot to linux (e.g. Ubuntu 16.04) and run mokutil to try to reset the keys. However, I found you needed to set a password first and then clear the keys and then remove the password. But this did not seem to work correctly.
- When I selected 'Enroll hash from disk' in MOK Manager on my Asus Z87A PC, it just froze! This meant I could not Secure Boot on that PC.
- The grubx64.efi is taken from this site's AIO Boot project, which uses grub2 to make a bootable All-in-One USB drive which you might like to experiment with.
- You may want to read more about UEFI and Secure Booting - see Rod Smiths pages for more details.
Good luck and please don't blame me if you 'brick' your system or 'modify' it without being able to undo the changes - you have been warned!
No comments:
Post a Comment