Saturday 4 January 2020

MBR-boot and UEFI-boot (almost) any file using a1ive's new grub2 and grub2 File Manager

a1ive has been busy modifying and extending a branch of grub2.

 Just copy your ISOs, etc. onto the drive and Secure UEFI boot!
Later versions: 
https://rmprepusb.blogspot.com/2020/01/a1ives-grub2-file-manager-v12.html 
https://rmprepusb.blogspot.com/2020/01/a1ive-grub2-file-manager-menu-for.html

As you know, grub4dos only supports MBR\Legacy-booting but grub2 also supports 32-bit and 64-bit UEFI. Now, a1ive has added support to UEFI-boot Windows Install ISOs, .wim files, .VHD files using NTBOOT. grub2 now supports the partnew and map commands even under UEFI, so we can generically boot most Linux ISO files under UEFI too.

He also has scripted a grub2 menu as a 'File Manager'. You can Legacy or UEFI-boot to grub2, select a partition and then select a file (.iso or .vhd(x) or .wim or .img, .ima or .efi). The File Manager will then offer a range of various options. The current supported list includes:

Also boots Windows Vista//7/8/10 Install ISOs too!
File extensions supported are:
.cfg - run as grub2, syslinux or pxelinux menu
.efi - run as UEFI file (UEFI mode only)
.img - run as disk image
.ipxe - run as ipxe
.iso - run as .iso (also includes .grubfm file of the same file name)
.lst - run as grub4dos menu (MBR mode only)
.lua - run as lua script
.mod - load grub2 module
.pf2 - load font file
.png  - graphics image
.vhd - run as VHD
.wim - run as NT6 .wim file


Add this to your Easy2Boot USB drive

If you want to try this with Easy2Boot, you can download the .imgPTN23 file (from Alternate Download - Other folder).
Note: This .imgPTN23 file also supports an automated workaround for bypassing Secure Boot on UEFI64 systems so you can boot any unsigned payload from a Secure UEFI boot!

You will need to create a second partition on your E2B drive and place your payload files (ISOs, etc.) in any folder on that second partition. I suggest using an NTFS 2nd partition so you can store large files on it.

  • Ptn1: Primary NTFS + Easy2Boot and grub2 .imgPTN23 file
  • Ptn2: Primary NTFS + payload files (ISOs, .wim, .vhd, .vhdx, .img, .ima, .efi)

You should then be able to MBR or UEFI-boot to the grub2 File Manager after 'switching-in' the .imgPTN file in the usual way.

Just add ISO's etc. to the 2nd partition.

To use the 'Easy2Boot' grub2 option, the ISO file must be contiguous, so run WinContig or Defraggler after copying the Linux ISO files to the USB second partition.

Note that because the payload file is on the 2nd partition, if you are using a Removable type of USB Flash drive with E2B, then only Windows 10 Install ISOs will work. Win7/8 Install ISOs will only work if the ISO is on the first partition of a Removable drive. If you are using a 'hard disk' type of USB drive, then there should be no problem.

If your E2B drive already has three Primary partitions, then you can use any one of the last two partitions to store payload files on.

Select the partition (this E2B drive has three partitions)

Select the folder and payload file
Select a boot option for that file (press e key to see the boot code)

Secure Boot

The Secure UEFI64 Boot bypass used in my .imgPTN file comes from this Chinese post which was pointed out to my by a1ive here. This exploits a loophole found in the signed Kaspersky grub2 boot loader (see here). However, in the coming months it may be that this grub2 loader will be blacklisted in your UEFI BIOS after performing an OS or firmware update, so it may not last long and then you will have to disable Secure Boot in the BIOS!

WinPE AIOs (Strelec, etc.)

Direct booting from WinPE ISOs may not work correctly. For instance, if you boot to a Strelec WinPE ISO, you will have to right-click on the Strelec .iso file once booted to the WinPE Desktop,  and then 'mount' it using ImDisk - then run MInstall from the Start Menu to obtain all the program shortcuts, etc.

Compile and make your own grubfm USB drive

If you want to compile and make a bootable USB drive containing the new grub2 and grubfm, here is what to do:

1. Download the grub2 File Manager files. I downloaded the ready-made pre-compiled files in grubfm-en_US.7z.
If you wish, you can compile a new version under Linux.

I followed the Linux command shell instructions, but you need to run update_grub.sh first, i.e.
git clone --recursive https://github.com/a1ive/grub2-filemanager.git 
cd grub2-filemanager
./update_grub2.sh
./build.sh
You may need to use sudo before each command.
./update_grub2.sh downloads the grub2 binaries are at https://github.com/a1ive/grub/releases/tag/latest
I used Linux Mint in a VM (VirtualBox under Windows).

2. The target USB drive should be partitioned with one FAT32 partition (at least 30MB) and one large NTFS partition for the payload files.

Since some Windows OS's cannot see the 2nd partition on a Removable USB flash drive, I suggest:

PTN1: Primary NTFS (large) - for payload files
PTN2: Primary FAT32 50MB - for grub2 files

If you don't need to boot to Windows XP\7\8\early 10, then the partition order does not matter.

3. Make a new folder on the FAT32 partition:  \EFI\BOOT

4. Copy the files in the ./secureboot folder to the FAT32 \EFI\BOOT\ folder.

5. Copy the ./grubfmx64.efi and ./grubfmia32.efi files to the FAT32 \EFI\BOOT folder.

6. Copy the ./grubfm.iso and ./loadfm files to the root of the FAT32 partition \

7. Create a new \menu.lst file on the root of the FAT32 partition:

find --set-root /grubfm.iso
map --mem /grubfm.iso (0xff)
map --hook
chainloader (0xff)
boot

8. Install grbub4dos to the USB drive (e.g. using RMPrepUSB) and ensure \grldr is also copied over to the root of the FAT32 partition.

\grldr
\menu.lst
\loadfm
\grubfm.iso


\EFI\BOOT\ folder:


It may be more convenient to also copy the GRUBFM.cer file to the root of the USB drive/

9. Finally, copy all of your payload files to the NTFS partition. You can use any folder structure you like.

Note: To use the Easy2Boot\partnew boot option, you must ensure that the payload files are contiguous. It might be useful to copy WinContig or Defraggler to the USB drive also.

The USB drive does not include the new Secure Boot patch that is included in my .imgPTN file. To add the new patch files, you will need to download the sb_minimal.7z file and add it onto your USB drive and then change the \boot\grub\grub.cfg file to chainload the grubfmx64.efi file.


IMPORTANT: If using the 'Easy2Boot' boot option, you must ensure that the 4th MBR partition on the USB drive is not used for anything (it should be unused/empty) - partition #4 (hd0,msdos4) will be destroyed when using the 'Easy2Boot' option. Also the target payload file must be contiguous.

P.S. I recommend creating a 2nd FAT32 partition instead of using a .imgPTN file - see here for details,

3 comments:

  1. Hi! I have followed the second part of this instruction to make my own grubfm USB drive. But I cannot make Windows 10 install iso to work. It loads windows installer but then it says "A required CD/DVD device driver is missing". Also I do not understand about 4th partition. At first you say that I need only two partitions (ntfs and fat32), but then you say that there should be 4 partitions. Can you help please?

    ReplyDelete
    Replies
    1. So are you MBR or UEFI booting?
      If using the File Manager, you need to select the ISO and then choose the 'Install Windows' option. Are you using this option?
      What ISO are you using?
      Note 3 questions, so I expect 3 clear, precise answers... :=)

      Delete
    2. P.S. There are four partition table entries in an MBR disk. The first two table entries can be used. The 3rd can be used but it will limit the function. The fourth partition table entry must be unused = empty.

      Delete