Get ready for a second Corona wave!

Will there be a second wave? 

In the UK and probably many other countries, the schools, colleges and universities are starting to open again. Also we are being asked to go back into our offices and shops. However, if we are not careful, this could lead to the start of a second wave of the epidemic.

It has been estimated that over 40% of grandparents are 'carers' for their grandchildren. Since Corona has a more severe effect on older people and those with health problems, it makes sense to continue to avoid contact and close proximity to ALL other people (even those in the same household). The grandparents should try to keep their distance from the kids (somehow!).

The larger the 'dose' - the more severe the symptoms? 

agFM v1.57 Beta2 with full F5 VENTOY support

I have now added a patch into agFM and recompiled it since a1ive has not yet made the change to the f5.sh file in the github master.

The F5 key will now boot to Ventoy once you update partition 2 with the new v1.57Beta2 version.

Follow the previous blog article for instructions on how to add Ventoy to your E2B USB drive.

Here are three useful FREE text tools I use every day

Here are my three favourite utilities for text file maintenance.

If you work with scripts, batch files, source code, etc. you probably use them already but I will list them here just in case...

SwiftSearch

Searches for files on all NTFS drives in seconds! Can use multiple wildcards in the search string e.g. *win*.iso or abd*def.j*.

Note: Does not work on exFAT, FAT32 or other non-NTFS file systems - but it is super fast!

Tip: If you add a drive (e.g. NTFS USB drive or change a drives contents), then you must press F5 to reload the NTFS filesystem indexes before searching again.

WinMerge

Compare two files or two folders. Side-by-side view lets you easily copy over portions of a file with just a click. This makes it very easy to compare two versions and make changes.

FNR

Find and Replace - find any string in all matching files and can then replace all occurrences with a different string in all those files.

This is useful when I want to find out which files contain a particular string. I can then double-click to load up the file or I can replace the string with a different string throughout all files.

agFM v1.57 Beta1 with VENTOY support

 These new versions are experimental and they allow you to add any Ventoy release to your E2B+AgFM USB drive.

Background

a1ive's latest grubfm allows the F5 function key to boot Ventoy or AIOBOOT from a separate partition which contains those files. However, it is not very useful as we cannot use the same FAT32 partition that E2B+agFM already uses and Ventoy requires a particular fixed partition order!

If Ventoy is detected, then pressing F5 will boot from efi/boot/bootx64.efi on the Ventoy partition or MBR\Legacy boot from the grub2 boot sector (which is actually grub4dos on an E2B drive). The Ventoy files cannot therefore be on the same FAT32 partition as the agFM files.

AIOBOOT can be present on any partition and F5 will boot from the /efi/boot/bootx64.efi file or the /AIO/grub/i386-pc/core.img file (for MBR\Legacy booting). The AIOBOOT files cannot therefore be on the same FAT32 partition as the agFM files.

So the current Ventoy\AIOBOOT F5 function is not suitable for E2B+agFM!

New Betas

5000+ free magazines

Just signed up to Readly (first month free - cancel if you don't like it!). It's the Spotify of mags! Not only can I view 1000s of mags for free, but I have access to back copies and I can search ALL of the mags for any mention of a key word or phrase (such as "easy2boot") and see all the pages which mention E2B in all mags! I am seriously considering cancelling all my current paper mag subscriptions! This is cheaper, faster and gives me access to way more mags. Only problem is that I might have to buy an iPad or Chromebook now...

P.S. I bought an Amazon Fire HD 10" (#ad). It is cheap and ideal for reading the mags/newspapers on. I installed Google Play store and then the Readly app.

agFM v1.56 now available

Anwar has discovered a bug where agFM (MBR grub2 only) can report a contiguous file as being non-contiguous.

agFM v1.56 - changes from v1.55 are...

1. SAMPLE_startup_menu.txt revised - now only shows 'Restore E2B Partitions' menu entry when the backup partition is a valid MBR.
2. Bugfix in agFM MBR code (grubfm.iso) to fix issue of some files reported as not contiguous (thanks to Anwar for reporting bug).
3. Latest agFM build with various bug-fixes.
4. Variable 'hires' (set hires=1) can now be set in your menu so that WinPE runs at highest screen resolution available (e.g. set in in startup_menu.txt). Setting this may cause virtual machines to default to their highest resolution but it should be OK to set the hires variable when booting from real systems.
5. The wimboot code has changed - do not specify bcd, boot.sdi or bootmgr files in wimboot command list as they are not needed. MBR\Legacy also uses the wimboot command now.
6. Ventoy modules have been removed by a1ive from agFM..

The new v1.56 version of E2B agFM can be found here. Just unzip the file directly onto the second FAT32 partition to update from v1.55.

The Update download is still 1.55 and will be updated in a few days to 1.56.

UEFI Secure Boot is in chaos!

As you may be aware, the agFM grub2 boot files which are added to the second FAT32 partition when you make an Easy2Boot v2 USB drive uses a Kaspersky shim to load the a1ive grub2 kernel.

Because the Kaspersky shim is signed, it means  that it can load the grub2 kernel which can then effectively disable Secure Boot!

This allows us to boot an insecure grub2 kernel and we can do pretty much anything we like to the system, including booting to non-secure OS's!

This loophole was reported to Microsoft last year (if not before!) and Microsoft tried to fix it using a Windows Update KB which was rolled out to all Windows 10 systems earlier this year. The 'hotfix' added an entry into the UEFI firmware dbx 'blacklist' of the BIOS. Thus the signed Kaspersky shim file was blacklisted by the UEFI BIOS.

Unfortunately, the KB hotfix caused problems with many systems because the same signed Kaspersky shim was used by some OEMs as standard - so these systems suddenly refused to Secure UEFI-boot after the Microsoft Update was applied!

So Microsoft quickly reversed the KB Kaspersky hotfix part in the next hotfix removed the blacklist dbx entry from the UEFI BIOS again. So - assuming you could get your system to non-secure boot by disabling Secure Boot in the BIOS, you could do a Windows Update and then re-enable Secure Boot again. Of course, your system would still be vulnerable though.

Since then it seems Microsoft, Linux developers and grub2 developers have actually bothered to look at and analyse the shims and grub2 code which they are getting signed and have found a large number of other vulnerabilities too!  To me this raises a number of questions about the Microsoft Secure Boot signing process:

1. What did Microsoft actually do when they signed Secure Boot files - just accept a huge amount of $$$ and sign any old boot file without bothering to fully analyse it?
2. Why does everyone insist that Open Source code is so desirable when there has been gaping security holes in grub2 for years?

A recent number of these vulnerabilities have now been fixed in grub2, but updating systems is not going to be easy! We cannot simply blacklist all current and older versions of grub2 by adding entries to the UEFI dbx blacklist. This would prevent any OS on older drives, backups, old install media, USB drives, PXE servers, etc. from Secure Booting because they would still contain the old, blacklisted, grub2 signed UEFI boot files. See the 'mitigation' section of this article for more details.

For the complete picture, read the whole article here.

Note also that very new linux/grub2 OS's (install ISOs and updates) may have these new 'fixes' added and it may prevent them from UEFI Secure booting and in some cases even non-Secure UEFI booting then fails!...

July 30 Important Update

Some of the Linux distribution updates appear to be leading to unsuccessful reboots. The developers and distribution maintainers are working to provide new updates. The maintainers are recommending to avoid installing updates for grub2, shim, and other bootloader-related applications until new packages are available. Some of the issues to watch are listed below:

• https://access.redhat.com/security/vulnerabilities/grub2bootloader
• https://bugzilla.redhat.com/show_bug.cgi?id=1862045
• https://bugzilla.redhat.com/show_bug.cgi?id=1861977
• https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1889556
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966554
• https://status.cloud.google.com/incident/compute/20009#20009005

Easy2Boot eBooks (PDFs) are now all $5

The E2B eBooks are now all reduced to only $5 each again. If you have not yet read all of them then now is your chance!

• E2B #1: How to make a multiboot USB drive using Easy2Boot
• E2B #2: How to install Microsoft Windows using Easy2Boot
• E2B #3: How to make a UEFI multi-boot Easy2Boot USB drive
• E2B #4: UEFI-multiboot using the a1ive grub2 File Manager 
• Getting started with grub4dos

There are some user comments\reviews on the E2B sites Guest Book page if you want to see what others thought of them.

Updates are free. Just use the download link that is emailed to you again to check for later versions.

re. Fixing faulty computers

This is just a quick blog post to say 'Hi'. I have been busy doing other things recently (like playing with my new IODD Mini SSD - Amazon link which is performing very well) so I have not been spending much time on E2B.

In my few moments of free time, I have been enjoying watching Adamant IT  repair shop YouTube videos which are quite entertaining. He has videos on 'live' repair and also 'live' PC builds as well as reviews, etc.

Although I have retired from repairing/building/developing PCs and Notebooks now, unless they have changed a lot in the last 6 years or so, I thought I would go through what I tended to do to diagnose and fix PCs\Notebooks.

Add Medicat 2020 to your Zalman\IODD disk

The Medicat 20.05 download comes as a .BIN file which contains a 512-byte header file which is only recognised by a few utilities such as OSFMounter and ImageUSB by Passmark.

Here is how to convert it to a VHD file which is suitable for loading via your Zalman\IODD device.

Note: For medicat.20.06.1.img - from here - I used BitTorrent and then just copied the .img file to my IODD\Zalman and renamed it to medicat.20.06.1.vhd. You can then mount it as a virtual drive.

Instructions for medicat 20.05  .bin file