Tiny Core Base > Corepure64

loading Corepure64 with GRUB2 and shim under secure boot UEFI

(1/2) > >>

shuly:
Hi,
I couldn't find concrete answer to whether it is possible or not to load Corepure64 with GRUB2 and shim under secure boot enabled UEFI system.
Also, I would like your help to understand if there's an option to load it "out-of-the-box" without self-signing the kernel?

Thx

pek:
Hi,
Short answer:
1. Loading Corepure64 with GRUB2 works under UEFI without signature check.
2. Loading any OS with GRUB2 does not work under UEFI with signature check.

I don't know the explanation behind it. I just observed through my experiences.
So, I booted many different PCs, Macs, Chromebooks, Surfaces etc over the years and I noticed NO OS can be booted when the secure boot is set to on.
Some not even allow to read the USB stick.

But when I change the secure boot setting, to "allow untrusted devices" everything works. Still in the UEFI mode.

Sorry I'm not familiar with the terms.. But you know there are UEFI settings, to enable secure boot and disable it, but still using UEFI.

Juanito:
I believe it should be possible, but I’ve never tried.

aus9:
some members may have a bios that does not allow them to turn off secure boot.

shuly
Is that the issue for you?

BTW UEFI is not the virtuous saviour  some users might think. malware has been discovered in the EFI/UEFI system example link
https://www.tomshardware.com/news/moonbounce-malware-hides-in-your-bios-chip-persists-after-drive-formats

--- Quote ---Kaspersky has observed the growth of Unified Extensible Firmware Interface (UEFI) firmware malware threats since 2019, with most storing malware on the EFI System Partition of the PC's storage device
--- End quote ---

I have a W10 drive and still use MBR and W10 installs fine on it without complaining of needing an EFI partition. In case you are interested in preventing EFI/UEFI based malware firmware. I bought a key from some well known companies that do deals for legit keys that other companies no longer need etc

or you can leave W10 un-activated?

patrikg:
When installing Win11 you can disable the need of tpm and so on.
You can install this reg file if you can make some floppy or cd/dvd drive to get the reg file when installing.
You have to press <SHIFT><F10> to get to the command line in windows setup.
And then type in regedit D:\regfile.reg to import the keys.
File content:

--- Code: (ini) ---Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
"BypassTPMCheck"=dword:00000001
"BypassSecureBootCheck"=dword:00000001
"BypassRAMCheck"=dword:00000001
"BypassStorageCheck"=dword:00000001
--- End code ---

Navigation

[0] Message Index

[#] Next page

Go to full version