Saturday, 29 June 2019

UEFI-boot from Windows Install ISOs using E2B grub2 menu system and wimboot

A1ive has modified the standard grub2 sources and has added a wimboot module for UEFI.

This mean we can now UEFI-boot to grub2 and then install Windows directly from ISO files.

You will need to replace the standard (signed) .EFI grub2 files that are using in the E2B grub2 menu system with unsigned versions however, so UEFI Secure Boot is not possible (although you may be able to use MokManager to load a certificate).

I have added instructions RMPrepUSB Tutorial 145. These use the E2B GRUB2 menu system and you will need to partition and prepare your E2B USB drive first as detailed here.

Once it is set up, you can just add or delete your Windows ISOs to the 2nd partition (\_ISO\MAINMENU\WINDOWS folder) and either *MBR-boot or UEFI-boot (in non-secure mode).

*The drivemap line may prevent it from booting to Setup in a VM - test using a real system.

A1ive also has made a grub2 file manager which allows you to navigate any drive\folder using a menu system and then boot from ISOs, WIM files, etc. just be selecting them. There is also a menu system which is similar to E2B that enumerates any files that you add by aguslr which may be of interest to you.

Common grub2 issues

I have found grub2 to be unreliable when used on a wide variety of systems, here are a few issues I have found with it:
  1. When booting linux, grub2 needs to specify the correct kernel parameters which are very specific to each linux distro - these change often and so you constantly find that a new version of a linux ISO no longer works and you have to find out how to modify the grub2 menu.
  2. Grub2 does not support the extremely useful partnew command (as found in grub4dos) which solves Problem 1.
  3. The grub2 graphical menu system has problems on some systems and updates the screen very slowly.
  4. The Secure boot signed versions of grub2 (e.g. Ubuntu) do not contain some modules (such as wimboot or regexp) which means you cannot UEFI Secure Boot and use regular expressions for scripting.
  5. If you use an unsigned non-secure grub2 version, when you Secure Boot you need to use MokManager to certify the grub boot file in order to load it. MokManager modifies the BIOS non-volatile RAM and so alters the system (and makes it insecure to some extent). It is often tricky to undo this change.
  6. Unfortunately MokManager hangs/crashes on many systems which means you cannot use it to Secure Boot.
  7. With a few exceptions, grub2 does not allow writes to the drive (e.g. no dd command in EFI mode). This means we cannot modify sectors or files on a USB boot drive. 
  8. The main grub2 developers are very slow/reluctant to add functionality or respond to bug reports.
  9. Keyboard does not work after booting to grub2 (MBR or UEFI) on some real systems.
  10. grub2 is poorly documented (documentation is very out-of-date). I have not found any good documentation on scripting or regular expression support for instance.
Note: If you use E2B and convert each Windows ISO into Windows .imgPTN files, you can directly Secure-boot from them (but you do not get a UEFI menu containing a list of all ISOs). No additional intermediate loader such as grub2 or syslinux is used.

No comments:

Post a Comment