'eBook #1 - Getting started with Easy2Boot' - v2.18 is now available

 I have made some minor revisions to eBook #1.

If you have already purchased it, you can get the new version by using the download link that was emailed to you previously.

If you are interested in agFM and UEFI-booting, the eBook #4 has also been recently updated to v1.15.

E2B eBooks are listed here.

P.S. Subscribe to get the latest news.

E2B v2.05 and agFM v1.57 released

 

To update, click the Make_E2B.exe - Update E2B button.

Then check that you have E2B 2.05 and agFM 1.57 by MBR and UEFI-booting.

To add Ventoy, download the latest version of Ventoy .ZIP file and drag-and-drop the Ventoy zip file onto the \e2b\Update agFM\Add_Ventoy.cmd file on the 2nd agFM partition.

Ventoy does not require the ISO files to be contiguous.

# Change Logs

E2B 2.05 2020-09-09

1. Change sort code so E2B menu system can now work on systems with just 64MB RAM.
2. Bugfix in Make_E2B.exe for Chinese language not working
3. Enhancement - alphabetically sort files in LstFExt.g4b - so now \_ISO\WINDOWS\XP ISO files are sorted alphabetically.
4. Add_Ventoy.cmd added - \_ISO\docs\MAKE_E2B-USB_DRIVE\Add_Ventoy.cmd can be used with Ventoy.xx.xx.xx.zip to add or update Ventoy onto 2nd agFM Partition.
5. Windows Install menu will display 'HDD1=GPT' if it detects that the first internal hard disk has GPT partitions.

agFM v1.57 2020-09-09

1. Bugfix for MBR\Legacy install of Windows Setup not allowing Internal hard disk to be selected
2. Update agFM version
3. Ventoy support - F5 now will boot to Ventoy if present on Partition 2
4. \e2b\Update agFM\Add_Ventoy.cmd added (drag and drop Ventoy zip file onto Add_Ventoy.cmd to add Ventoy MBR+UEFI64).

Note: I have also updated eBook #4 and eBook #1. You can obtain the updates by using the link in the confirmation that was email sent to you by Payhip when you first purchased it.

P.S. Don't forget to subscribe to this blog for more news!

E2B v2.05d Beta now includes Add_Ventoy.cmd batch file

E2B v2.05d Beta now includes \_ISO\docs\Make_E2B_USB_Drive\Add_Ventoy.cmd. 

Just download the latest Ventoy .zip file and drop the Ventoy .zip file onto the Add_Ventoy.cmd file on your E2B USB drive (Windows 10 only).

Let me know if you see any see issues.

P.S. agFM v1.57Beta3 also includes the Add_Ventoy.cmd file in the \e2b\Update agFM folder. This means that Windows 7/8 users can first switch to the 2nd partition (using Switch_E2B.exe - Access partition 2 on Removable drive button) and then drag-and-drop the downloaded Ventoy .zip file onto the Add_Ventoy.cmd file. Don't forget to switch back partitions 1 and 2 afterwards!

Get ready for a second Corona wave!

Will there be a second wave? 

In the UK and probably many other countries, the schools, colleges and universities are starting to open again. Also we are being asked to go back into our offices and shops. However, if we are not careful, this could lead to the start of a second wave of the epidemic.

It has been estimated that over 40% of grandparents are 'carers' for their grandchildren. Since Corona has a more severe effect on older people and those with health problems, it makes sense to continue to avoid contact and close proximity to ALL other people (even those in the same household). The grandparents should try to keep their distance from the kids (somehow!).

The larger the 'dose' - the more severe the symptoms? 

agFM v1.57 Beta2 with full F5 VENTOY support

I have now added a patch into agFM and recompiled it since a1ive has not yet made the change to the f5.sh file in the github master.

The F5 key will now boot to Ventoy once you update partition 2 with the new v1.57Beta2 version.

Follow the previous blog article for instructions on how to add Ventoy to your E2B USB drive.

Here are three useful FREE text tools I use every day

Here are my three favourite utilities for text file maintenance.

If you work with scripts, batch files, source code, etc. you probably use them already but I will list them here just in case...

SwiftSearch

Searches for files on all NTFS drives in seconds! Can use multiple wildcards in the search string e.g. *win*.iso or abd*def.j*.

Note: Does not work on exFAT, FAT32 or other non-NTFS file systems - but it is super fast!

Tip: If you add a drive (e.g. NTFS USB drive or change a drives contents), then you must press F5 to reload the NTFS filesystem indexes before searching again.

WinMerge

Compare two files or two folders. Side-by-side view lets you easily copy over portions of a file with just a click. This makes it very easy to compare two versions and make changes.

FNR

Find and Replace - find any string in all matching files and can then replace all occurrences with a different string in all those files.

This is useful when I want to find out which files contain a particular string. I can then double-click to load up the file or I can replace the string with a different string throughout all files.

agFM v1.57 Beta1 with VENTOY support

 These new versions are experimental and they allow you to add any Ventoy release to your E2B+AgFM USB drive.

Background

a1ive's latest grubfm allows the F5 function key to boot Ventoy or AIOBOOT from a separate partition which contains those files. However, it is not very useful as we cannot use the same FAT32 partition that E2B+agFM already uses and Ventoy requires a particular fixed partition order!

If Ventoy is detected, then pressing F5 will boot from efi/boot/bootx64.efi on the Ventoy partition or MBR\Legacy boot from the grub2 boot sector (which is actually grub4dos on an E2B drive). The Ventoy files cannot therefore be on the same FAT32 partition as the agFM files.

AIOBOOT can be present on any partition and F5 will boot from the /efi/boot/bootx64.efi file or the /AIO/grub/i386-pc/core.img file (for MBR\Legacy booting). The AIOBOOT files cannot therefore be on the same FAT32 partition as the agFM files.

So the current Ventoy\AIOBOOT F5 function is not suitable for E2B+agFM!

New Betas

5000+ free magazines

Just signed up to Readly (first month free - cancel if you don't like it!). It's the Spotify of mags! Not only can I view 1000s of mags for free, but I have access to back copies and I can search ALL of the mags for any mention of a key word or phrase (such as "easy2boot") and see all the pages which mention E2B in all mags! I am seriously considering cancelling all my current paper mag subscriptions! This is cheaper, faster and gives me access to way more mags. Only problem is that I might have to buy an iPad or Chromebook now...

P.S. I bought an Amazon Fire HD 10" (#ad). It is cheap and ideal for reading the mags/newspapers on. I installed Google Play store and then the Readly app.

agFM v1.56 now available

Anwar has discovered a bug where agFM (MBR grub2 only) can report a contiguous file as being non-contiguous.

agFM v1.56 - changes from v1.55 are...

1. SAMPLE_startup_menu.txt revised - now only shows 'Restore E2B Partitions' menu entry when the backup partition is a valid MBR.
2. Bugfix in agFM MBR code (grubfm.iso) to fix issue of some files reported as not contiguous (thanks to Anwar for reporting bug).
3. Latest agFM build with various bug-fixes.
4. Variable 'hires' (set hires=1) can now be set in your menu so that WinPE runs at highest screen resolution available (e.g. set in in startup_menu.txt). Setting this may cause virtual machines to default to their highest resolution but it should be OK to set the hires variable when booting from real systems.
5. The wimboot code has changed - do not specify bcd, boot.sdi or bootmgr files in wimboot command list as they are not needed. MBR\Legacy also uses the wimboot command now.
6. Ventoy modules have been removed by a1ive from agFM..

The new v1.56 version of E2B agFM can be found here. Just unzip the file directly onto the second FAT32 partition to update from v1.55.

The Update download is still 1.55 and will be updated in a few days to 1.56.

UEFI Secure Boot is in chaos!

As you may be aware, the agFM grub2 boot files which are added to the second FAT32 partition when you make an Easy2Boot v2 USB drive uses a Kaspersky shim to load the a1ive grub2 kernel.

Because the Kaspersky shim is signed, it means  that it can load the grub2 kernel which can then effectively disable Secure Boot!

This allows us to boot an insecure grub2 kernel and we can do pretty much anything we like to the system, including booting to non-secure OS's!

This loophole was reported to Microsoft last year (if not before!) and Microsoft tried to fix it using a Windows Update KB which was rolled out to all Windows 10 systems earlier this year. The 'hotfix' added an entry into the UEFI firmware dbx 'blacklist' of the BIOS. Thus the signed Kaspersky shim file was blacklisted by the UEFI BIOS.

Unfortunately, the KB hotfix caused problems with many systems because the same signed Kaspersky shim was used by some OEMs as standard - so these systems suddenly refused to Secure UEFI-boot after the Microsoft Update was applied!

So Microsoft quickly reversed the KB Kaspersky hotfix part in the next hotfix removed the blacklist dbx entry from the UEFI BIOS again. So - assuming you could get your system to non-secure boot by disabling Secure Boot in the BIOS, you could do a Windows Update and then re-enable Secure Boot again. Of course, your system would still be vulnerable though.

Since then it seems Microsoft, Linux developers and grub2 developers have actually bothered to look at and analyse the shims and grub2 code which they are getting signed and have found a large number of other vulnerabilities too!  To me this raises a number of questions about the Microsoft Secure Boot signing process:

1. What did Microsoft actually do when they signed Secure Boot files - just accept a huge amount of $$$ and sign any old boot file without bothering to fully analyse it?
2. Why does everyone insist that Open Source code is so desirable when there has been gaping security holes in grub2 for years?

A recent number of these vulnerabilities have now been fixed in grub2, but updating systems is not going to be easy! We cannot simply blacklist all current and older versions of grub2 by adding entries to the UEFI dbx blacklist. This would prevent any OS on older drives, backups, old install media, USB drives, PXE servers, etc. from Secure Booting because they would still contain the old, blacklisted, grub2 signed UEFI boot files. See the 'mitigation' section of this article for more details.

For the complete picture, read the whole article here.

Note also that very new linux/grub2 OS's (install ISOs and updates) may have these new 'fixes' added and it may prevent them from UEFI Secure booting and in some cases even non-Secure UEFI booting then fails!...

July 30 Important Update

Some of the Linux distribution updates appear to be leading to unsuccessful reboots. The developers and distribution maintainers are working to provide new updates. The maintainers are recommending to avoid installing updates for grub2, shim, and other bootloader-related applications until new packages are available. Some of the issues to watch are listed below:

• https://access.redhat.com/security/vulnerabilities/grub2bootloader
• https://bugzilla.redhat.com/show_bug.cgi?id=1862045
• https://bugzilla.redhat.com/show_bug.cgi?id=1861977
• https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1889556
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966554
• https://status.cloud.google.com/incident/compute/20009#20009005