Comments (7)
I'm not sure what you mean by this. SetFirmwareEnvironmentVariableEx
can be used to read from/write to arbitrary kernel mode addresses (via EfiGuardDxe's SetVariable
hook), but it does not write to or replace existing files, you have to do this yourself.
What exactly is it that you are trying to do?
from efiguard.
I mean, code it be deploy your Loader without USB stick boot by replacing the Windows's bootx64.efi
from efiguard.
Ah, I see what you mean now. The answer is probably yes, but the way to do this depends somewhat on the target machine, especially whether it is real or virtual, as most VM hosts do not seem to have working persistent NVRAM emulation.
On a real machine or a VM with persistent NVRAM, you don't want to overwrite bootx64.efi
. The reason for this is that during installation, Windows adds a UEFI boot entry named Windows Boot Manager which boots /EFI/Microsoft/Boot/bootmgfw.efi
. This is the file that is booted by the firmware boot manager. bootx64.efi
(a safety copy of bootmgfw.efi
in case the boot entry is lost) is ignored. You also don't want to replace bootmgfw.efi
with the loader, because the loader will refuse to recursively boot itself. (I've never seen what happens if you do this, I should try it out some day...)
Try the following:
- In Windows, run
mountvol X: /S
to mount the EFI System Partition atX:
. - Copy
EfiGuardDxe.efi
andLoader.efi
toX:\EFI\Boot
, next tobootx64.efi
. - Boot to the UEFI Shell from the BIOS or a USB stick (see README).
cd
tofsX:\EFI\Boot
, whereX
is the Windows EFI partition.- View the current boot options with
bcfg boot dump
. - Take
N = last entry+1
, and runbcfg boot add <N> Loader.efi "EfiGuard"
. - (Optional) To set EfiGuard as the default boot option, run
bcfg boot mv <N> 0
If you have a reasonably compliant BIOS, there should now be a boot menu entry to boot EfiGuard which will find and start Windows. Do not remove the Windows Boot Manager entry, the loader needs this to find the correct bootmgfw.efi
to boot.
If you don't have compliant BIOS, or if bcfg
commands do not persist due to poor NVRAM emulation (my experience with VMs - VMware could be an exception but I don't use it), it gets trickier. On these types of systems you will need to place the loader at /EFI/Boot/bootx64.efi
on some volume and make this the default boot option. In this case the loader must be on a different disk (disk, not partition!) from Windows. The reason for this is that while it is theoretically possible to have multiple EFI System Partitions on a non-removable disk, in practice it is poorly supported by both firmware and OS vendors, including Microsoft.
from efiguard.
Thanks for the detailed explanation, Let me check it out
from efiguard.
Update: I tried this on a Dell XPS and an MSI Z270. It worked on the Dell but not on the MSI. The MSI has an AMI BIOS that seems to get confused by having multiple boot entries for the same disk, because its boot entry granularity stops at 'hard disk', with a separate menu to set the hard disk boot order. This means there is no one-to-one mapping between bcfg
entries and what is actually booted.
I did manage to set EfiGuard as the first 'hard disk' in the Z270 BIOS, but this resulted in a black screen. I'm not sure if the boot order peculiarity is related to this, but it seems likely since booting EfiGuard from a USB stick works fine. So the conclusion seems to be that whether this will work is dependent on the machine's firmware. There is still the workaround of using a second hard disk, but this is of course more cumbersome.
Second update: after some trial and error I found a solution to get booting on the MSI motherboard to work: it simply needed a full shutdown. Resets didn't do the trick. So booting from the Windows EFI partition works on both machines I tested.
from efiguard.
Maybe setting Driver#### variable to load EfiGuardDxe driver will work.
from efiguard.
Closing this as the original question has been answered.
from efiguard.
Related Issues (20)
- I need some help on a project I'm currently working on HOT 1
- macbook white 13" late 2009 HOT 3
- USB dependency HOT 1
- Backdooring bootmgfw.efi HOT 3
- NtSetSystemEnvironmentValueEx error 0xC0000022 HOT 2
- it's me again lol HOT 2
- Error Boot HOT 2
- Patch SeValidateImageHeader when disabling DSE at boot HOT 1
- "LoadImage error 800000000000000E (Not Found)" on VirtualBox starting from release 1.4 HOT 5
- Error while building
- EAC error: Patched Windows boot loader detected. [Kernel Patch Protection disabled] HOT 3
- Failed to boot anything. HOT 1
- Legacy (non_UEFI) Windows Installations HOT 3
- Startup Error HOT 1
- EfiGuard Error : 0xC000000E HOT 1
- Source can't compile on latest EDK because gEfiLegacyBiosProtocolGuid removed HOT 2
- Files patched but unsigned driver not work HOT 3
- How configure EfiGuard to disable DSE at boot time?
- EfiGuard boot stuck at (parentImageHandle==), if i force restart and hit F12 to boot from bios , it can boot normally.
- EfiGuardDxe.efi hung HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from efiguard.