Elmo Voice Changer,
Jim Jordan Short Height,
Roger Torrey Actor Cause Of Death,
Articles V
Turned out archlinux-2021.06.01-x86_64 is not compatible. unsigned kernel still can not be booted. chromeos_14816.99.0_reven_recovery_stable-channel_mp-v2.bin fails to boot on BIOS & UEFI. Joined Jul 18, 2020 Messages 4 Trophies 0 . Although a .efi file with valid signature is not equivalent to a trusted system. BIOS Mode Both Partition Style GPT Disk . all give ERROR on HP Laptop : The text was updated successfully, but these errors were encountered: tails-amd64-4.5.iso Legacy tested with VM The easiest thing to do if you don't have a UEFI-bootable Memtest86 ISO is to extract the \EFI\BOOT\BOOTX64.efi file and just copy that to your Ventoy drive. Yes, at this point you have the same exact image as I have. Tried with archlinux-2021.05.01-x86_64 which is listed as compatible and it is working flawlessly. Minor one: when you try to start unsigned .efi executable, error message is shown for a very brief time and quickly disappears. Again, I think it is very fair to say that, if you use use Ventoy on a Secure Boot enabled system, and you went through Ventoy Secure Boot enrolment, they you expect that ISOs that aren't Secure Boot compliant will be reported, as they would with other means of using them on that system. Can you add the exactly iso file size and test environment information? @steve6375 1.0.84 AA64 www.ventoy.net ===>
Sign in The injection is just like that I extract the ubuntu.iso and change/add some script and create an new ISO file. You need to make the ISO UEFI64 bootable. This solution is only for Legacy BIOS, not UEFI. . Google for how to make an iso uefi bootable for more info. No. 1. for the suggestions. Go ahead and download Rufus from here. Which is why you want to have as many of these enabled in parallel when they exist (such as TPM + Secure Boot, i.e. (I updated to the latest version of Ventoy). But i have added ISO file by Rufus. @pbatard Error message: The only thing that changed is that the " No bootfile found for UEFI!" Follow the urls bellow to clone the git repository. @ventoy I can confirm this, using the exact same iso. Please follow About file checksum to checksum the file. Will there be any? So, yeah, if you have access to to the hardware, then Secure Boot, TPM or whatever security measure you currently have on consumer-grade products, is pretty much useless because, as long as you can swap hardware components around, or even touch the hardware (to glitch the RAM for instance), then unless the TPM comes with an X-Ray machine that can scan and compare hardware components, you're going to have a very hard time plugging all the many holes through which a dedicated attacker can gain access to your data. And IMO, anything that attempts to push the idea that, maybe, allowing silent boot of unsigned bootloaders is not that bad, is actually doing a major disservice to users, as it does weaken the security of their system and, if this is really what a user wants, they can and should disable Secure Boot. Intel Sunrise Point-LP, Intel Kaby Lake-R, @chromer030 Your favorite, APorteus was done with legacy & UEFI Have you tried grub mode before loading the ISO? https://abf.openmandriva.org/platforms/cooker/products/4/product_build_lists/3250 Then Ventoy will load without issue if the secure boot is enabled in the BIOS. Any kind of solution? Freebsd has some linux compatibility and also has proprietary nvidia drivers. By clicking Sign up for GitHub, you agree to our terms of service and In this case you must take care about the list and make sure to select the right disk. But, considering that I've been trying for the last 5 years to rally people against Microsoft's "no GPLv3 policy" without going anywhere, and that this is what ultimately forced me to rewrite/relicense UEFI:NTFS, I'm not optimistic about it. Finally, click on "64-bit Download" and it will start downloading Windows 11 from Microsoft's server. ***> wrote: Windows 7 32-bit does not support UEFI32 - you must use Win7 64-bit.. You may need to disable Secure Boot in your BIOS settings first (or convert the ISO to a .imgPTN23 file using the MPI Tool Kit). same here on ThinkPad x13 as for @rderooy This disk, after being installed on a USB flash drive and booted from, effectively disables Secure Boot protection features and temporary allows to perform almost all actions with the PC as if Secure Boot is disabled. Menu. pentoo-full-amd64-hardened-2020.0_p20200527.iso - 4 GB, avg_arl_cdi_all_120_160420a12074.iso - 178 MB, Fedora-Security-Live-x86_64-Rawhide-20200419.n.0.iso - 1.80 GB Ventoy does not always work under VBox with some payloads. I'll try looking into the changelog on the deb package and see if This seem to be disabled in Ventoy's custom GRUB). and leave it up to the user. https://www.youtube.com/watch?v=-mv6Cbew_y8&t=1m13s. No! Vmware) with UEFI mode and to confirm that the ISO file does support UEFI mode. https://abf.openmandriva.org/product_build_lists. However, I'm not sure whether chainloading of shims are allowed, and how it would work if you try to load for example Ubuntu when you already have Fedora's shim loaded. Just right-click on "This PC" on the desktop, select "Manage", and click on "Disk Management . Sorry for my ignorance. Now Rufus has achieved support for secure boot as now NTFS:UEFI Driver is signed for secure boot by Microsoft. You can reformat it with FAT32/NTFS/UDF/XFS/Ext2/Ext3/Ext4 filesystem, the only request is that Cluster Size must greater than or equal to 2048. Have a question about this project? As Ventoy itself is not signed with Microsoft key. Which brings us nicely to what this is all about: Mitigation. If the ISO file name is too long to displayed completely. Well, that's pretty much exactly what I suggested in points 1-4 from the original post, with point 4 altered from "an error should be returned to the user and bootx64.efi should not be launched" to "an error should be returned to the user who can then decide if they still want to launch bootx64.efi". Yep, the Rescuezilla v2.4 thing is not a problem with Ventoy. Ventoy is open-source software that allows users to create ISO, WIM, IMG, VHS(x), and EFI files onto a bootable USB drive. I have the same error with EndeavorOS_Atlantis_neo_21_5.iso using ventoy 1.0.70. the EndeavorOS iso boots with no issues when on it's on usb, but not through ventoy. I'll think about it and try to add it to ventoy. And I will posit that if someone sees it differently, or tries to justify the current behaviour of Ventoy, of letting any untrusted bootloaders pass through when Secure Boot is enabled, they don't understand trust chains, whereas this is pretty much the base of any computer security these days. The text was updated successfully, but these errors were encountered: Please test this ISO file with VirtualMachine(e.g. So by default, you need to disabled secure boot in BIOS before boot Ventoy in UEFI mode. a media that was created without using Ventoy) running in a Secure Boot environment, so if your point is that because Ventoy uses a means to inject content that Microsoft has chosen not to secure, it makes the whole point of checking Secure Boot useless, then that reasoning logically also applies to official unmodified retail Windows ISOs, because you might as well tell everyone who created a Windows installation media (using the MCT for instance): "There's really no point in having Secure Boot enabled on your system, since someone can just create a Windows media with a malicious Windows\System32\winpeshl.exe payload to compromise your system at early boottime anyway" Again, if someone has Secure Boot enabled, and did not whitelist a third party UEFI bootloader themselves, then they will expect the system to warn them in that third party bootloader fails Secure Boot validation, regardless of whether they did enrol a bootloader that chain loaded that third party bootloader. 3. However, some ISO files dont support UEFI mode so booting those files in UEFI will not work. (The 32 bit images have got the 32 bit UEFI). These WinPE have different user scripts inside the ISO files. Main Edition Support. I will test it in a realmachine later. So that means that Ventoy will need to use a different key indeed. All the .efi files may not be booted. Windows 11 21h2 x64 Hebrew - Successfully tested on UFEI. Please refer: About Fuzzy Screen When Booting Window/WinPE. That's theoretically feasible but is clearly banned by the shim/MS. Ventoy version and details of options chosen when making it (Legacy\MBR\reserved space) In other words, that there might exist other software that might be used to force the door open is irrelevant. Aporteus which is Arch Linux based version of Porteus , is best , fastest and greatest distro i ever met , it's fully modular , supports bleeding edge techs like zstd , have a tool to very easily compile and use latest version of released or RC kernel directly from kernel.org ( Kernel Builder ) , have a tool to generate daily fresh ISO so all the packages are daily and fresh ( Aporteus ISO Builder ) , you can have multi desktops on a ISO and on boot select whatever you like , it has naturally Copy to RAM feature with flag to copy specific modules only so linux run at huge speed , a lot of tools and softwares along side mini size ISO , and it use very very low ram and ISO size, You can generate ISO with whatever language you like to distro have. Yes. You can grab latest ISO files here : Only in 2019 the signature validation was enforced. In Windows, Ventoy2Disk.exe will only list the device removable and in USB interface type by default. Test these ISO files with Vmware firstly. If someone has physical access to a system then Secure Boot is useless period. Maybe the image does not support X64 UEFI. Is there any progress about secure boot support? This ISO file doesn't change the secure boot policy. accomodate this. If you pull the USB drive out immediately after finish copy a big ISO file, most probably the file in the USB will be corrupted. bionicpup64-8.0-uefi.iso Legacy+UEFI tested with VM, ZeroShell-3.9.3-X86.iso Legacy tested with VM, slax-64bit-9.11.0.iso Legacy tested with VM. unsigned .efi file still can not be chainloaded. It's a bug I introduced with Rescuezilla v2.4. Ventoy up to 1.0.12 used the /dev/mapper/ventoy approach to boot. When user whitelist Venoy that means they trust Ventoy (e.g. Besides, you can try a linux iso file, for example ubuntu-20.04-desktop-amd64.iso, I have the same for Memtest86-4.3.7.iso and ipxe.iso but works fine with netboot.xyz-efi.iso (v2.0.17), manjaro-gnome-20.0.3-200606-linux56.iso, Windows10_PLx64_2004.iso and HBCD_PE_x64.iso (v1.0.1) Lenovo Ideapad Z580. Is it possible to make a UEFI bootable arch USB? to be used in Super GRUB2 Disk. When Secure Boot is enabled, BIOS boot (CSM) should not work at all, since it would completely defeat the purpose of only allowing signed executables to boot. Now there's no need to format the disk again and again or to extract anything-- with Ventoy simply copy the ISO file to the USB drive and boot it. What's going on here? Tested on ASUS K40IN https://github.com/ventoy/Ventoy/releases/tag/v1.0.33, https://www.youtube.com/watch?v=F5NFuDCZQ00, http://tinycorelinux.net/13.x/x86_64/release/. Reply to this email directly, view it on GitHub, or unsubscribe. edited edited edited edited Sign up for free . Option 2: Only boot .efi file with valid signature. I'll test it on a real hardware a bit later. Many thousands of people use Ventoy, the website has a list of tested ISOs. Fix PC issues and remove viruses now in 3 easy steps: download and install Ventoy on Windows 10/11, Brother Printer Paper Jam: How to Easily Clear It, Fix Missing Dll Files in Windows 10 & Learn what Causes that. , ctrl+alt+del . Ventoy is a free and open-source tool used to create bootable USB disks. I have some systems which won't offer legacy boot option if UEFI is present at the same time. Just some of my thoughts: Go to This PC in the File Explorer, then open the drive where you installed Ventoy. By default, the ISO partition can not be mounted after boot Linux (will show device busy when you mount). So maybe Ventoy also need a shim as fedora/ubuntu does. Win10_1909_Chinese(Simplified)_x64.iso: Works fine, all hard drive can be properly detected. GRUB2, from my experiences does this automatically. Nevertheless, thanks for the explanation, it cleared up some things for me around the threat model of Secure Boot. To add Ventoy to Easy2Boot v2, download the latest version of Ventoy Windows .ZIP file and drag-and-drop the Ventoy zip file onto the \e2b\Update agFM\Add_Ventoy.cmd file on the 2nd agFM partition. Some modern systems are not compatible with Windows 7 UEFI64 (may hang) I'm not sure whether Ventoy should try to boot Linux kernel without any verification in this case (. Are you using an grub2 External Menu (F6)? These WinPE have different user scripts inside the ISO files. Maybe the image does not suport IA32 UEFI! No bootfile found for UEFI with Ventoy, But OK witth rufus. In Windows, Ventoy2Disk.exe will only list the device removable and in USB interface type by default. Maybe the image does not support X64 UEFI! V4 is legacy version. Do NOT put the file to the 32MB VTOYEFI partition. debes activar modo uefi en el bios Getting the same error with Arch Linux. However, users have reported issues with Ventoy not working properly and encountering booting issues. The main issue is that users should at least get some warning that a bootloader failed SB validation when SB is enabled, instead of just letting everything go through. How did you get it to be listed by Ventoy? Follow the guide below to quickly find a solution. snallinux-.6-x86_64.iso - 1.40 GB Astra Linux , supports UEFI , booting successfully. https://forum.porteus.org/viewtopic.php?t=4997. But it shouldn't be to the user to do that. For the two bugs. Must hardreset the System. Topics in this forum are automatically closed 6 months after creation. Questions about Grub, UEFI,the liveCD and the installer. You were able to use TPM for disk encryption long before Secure Boot, and rightfully so, since the process of storing and using data encryption keys is completely different from the process of storing and using trust chain keys to validate binary executables (being able to decrypt something is very different from being able to trust something). @BxOxSxS Please test these ISO files in Virtual Machine (e.g. Already have an account? It does not contain efi boot files. What system are you booting from? And of course, by the same logic, anything unsigned should not boot when Secure Boot is active. Remove Ventoy secure boot key. @ventoy, I've tested it only in qemu and it worked fine. It looks like that version https://github.com/ventoy/Ventoy/releases/tag/v1.0.33 fixes issue with my thinkpad. Menu Option-->Secure Boot Support for Ventoy2Disk.exe and -s option for Ventoy2Disk.sh However, because no additional validation is performed after that, this leaves system wild open to malicious ISOs. Fix them with this tool: If the advices above haven't solved your issue, your PC may experience deeper Windows problems. But this time I get The firmware encountered an unexpected exception. Many thanks! Nierewa Junior Member. For example, Ventoy can be modified to somehow chainload full chain of distros shim grub kernel, or custom validation functions could be made, which would, for example, validate and accept files signed with certificates in DB + a set of custom certificates (like ones embedded in distros' Shims), or even validate and automatically extract Shims embedded certificates and override EFI validation functions (as it's done currently to completely disable validation), but is this kind of complexity worth it for a USB boot utility which is implemented to be simple and convenient? So thanks a ton, @steve6375! Official FAQ I have checked the official FAQ. However, after adding firmware packages Ventoy complains Bootfile not found. BUT with Ventoy 1.0.74 legacy boot from the same ISO I get a black square in centre of menu (USB LED is flashing so appears to load). Personally, I don't have much of an issue with Ventoy using the current approach as a stopgap solution, as long as it is agreed that this is only a stopgap, since it comes with a huge drawback, and that a better solution (validation of that the UEFI bootloaders chain loaded from GRUB pass Secure Boot validation when Secure Boot has been enabled by the user) needs to be implemented in the long run. Try updating it and see if that fixes the issue. Ventoy 1.0.55 is available already for download. If Secure Boot is enabled, signature validation of any chain loaded, If the signature validation fails (i.e. Could you please also try via BIOS/Legacy mode? This was not considered Secure Boot violation as ExitBootServices() was called prior to booting the kernel. Hi, Hiren's Boot CD can be booted by Ventoy in Memdisk mode, you try Ventoy 1.0.08 beta2. its existence because of the context of the error message. Yes. When install Ventoy, maybe an option for user to choose. This completely defeats Secure Boot and should not happen, as the only EFI bootloader that should be whitelisted for Secure Boot should be Ventoy itself, and any other EFI bootloader should still be required to pass Secure Boot validation. Thank you! Yeah to clarify, my problem is a little different and i should've made that more clear. When user check the Secure boot support option then only run .efi file with valid signature is select. Vmware) with UEFI mode and to confirm that the ISO file does support UEFI mode. It should be specially noted that, no matter USB drive or local disk, all the data will be lost after install Ventoy, please be very careful. You can put a file with name .ventoyignore in the specific directory. With ventoy, you don't need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD (x)/EFI. Getting the same error as @rderooy. So use ctrl+w before selecting the ISO. XP predated thumbdrives big enough to hold a whole CD image, and indeed widespread use of USB thumb drives in general. Did you test using real system and UEFI64 boot? I tested it but trying to boot it will fail with an I/O error. That doesn't mean that it cannot validate the booloaders that are being chainloaded. Ventoy doesn't load the kernel directly inside the ISO file(e.g. @DocAciD I don't have a Lenovo, ThinkPad or a ThinkCentre, Getting the same on TinyCoreLiInux (CorePlus), URL; http://tinycorelinux.net/downloads.html, The ISO must be UEFI-bootable and have a UEFI64 boot file \EFI\BOOT\BOOTX64.EFI I'm not sure how Ventoy can make use of that boot process, because, in a Secure Boot enabled environment, all UEFI:NTFS accomplishes is that it allows you to chain load a Secure Boot signed UEFI boot loader from an NTFS partition, and that's it. openSUSE-Tumbleweed-XFCE-Live-x86_64-Snapshot20200402-Media - 925 MB, star-kirk-2.1.0-xfce-amd64-live.iso - 518 MB, Porteus-CINNAMON-v5.0rc1-x86_64.iso - 300 MB As Ventoy itself is not signed with Microsoft key, it uses Shim from Fedora (or, more precisely, from Super UEFIinSecureBoot Disk). This means current is 32bit UEFI mode. I didn't expect this folder to be an issue. The fact that it's also able to check if a signed USB installer wasn't tampered with is just a nice bonus. (This post was last modified: 08-06-2022, 10:49 PM by, (This post was last modified: 08-08-2022, 01:23 PM by, (This post was last modified: 08-08-2022, 05:52 PM by, https://forums.ventoy.net/showthread.phpt=minitool, https://rmprepusb.blogspot.com/2018/11/art-to.html. can u fix now ? Delete the Ventoy secure boot key to fix this issue. Still having issues? Yes, Ventoy does work within UEFI mode and offers a default secure boot feature. Hiren's BootCD I rarely get any problems with other menu systems based on grub2\grub4dos\syslinux\isolinux, just Ventoy gives problems. However what currently happens is that people who do have Secure Boot enabled will currently not be alerted to these at all. The latest version of Ventoy, an open source program for Windows and Linux to create bootable media using image file formats such as ISO or WMI, introduces experimental support for the IMG file format.. Ventoy distinguishes itself from other programs of its kind, e.g. Ventoy should only allow the execution of Secure Boot signed executables when Secure Boot is enabled, Microsoft's official Secure Boot signing requirements. md5sum 6b6daf649ca44fadbd7081fa0f2f9177 Win10_21H2_BrazilianPortuguese_x64.iso also boots fine in Legacy mode on IdeaPad 300 with Ventoy 1.0.57. But even the user answer "YES, I don't care, just boot it." On my other Laptop from other Manufacturer is booting without error. https://download.freebsd.org/releases/arm64/aarch64/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-arm64-aarch64-disc1.iso. @ventoy VentoyU allows users to update and install ISO files on the USB drive. Format NTFS in Windows: format x: /fs:ntfs /q
Users have been encountering issues with Ventoy not working or experiencing booting issues. No bootfile found for UEFI! Another issue about Porteus and Aporteus : if we copy ISO via dd or other tools or copy ISO contents to EFI partition of USB work perfectly in UEFI. Please refer github issue/1975, x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, ARM64 UEFI and MIPS64EL UEFI. Google for how to make an iso uefi bootable for more info. MD5: f424a52153e6e5ed4c0d44235cf545d5 Rufus or WoeUSB, in several meaningful ways.The program does not extract ISO images or other image formats to the USB drive but . Try updating it and see if that fixes the issue. @blackcrack KANOTIX uses a hybrid ISO layout, it definitely has X64 UEFI in ISO9660 and FAT12 (usually 1MiB offset). It is designed to protect a system against malicious code being loaded and executed early in the boot process, before the operating system has been loaded. But when I try to boot it with ventoy it does not boot and says the message "No bootfile found for UEFI". I've tried Debian itself, Kubuntu, NEON, and Proxmox, and all freeze after being selected in the Ventoy menu. Okay, I installed linux mint 64 bit on this laptop before. Would disabling Secure Boot in Ventoy help? ventoy.json should be placed at the 1st partition which has the larger capacity (The partition to store ISO files). Yes. DokanMounter
I see your point, this CorePlus ISO is indeed missing that EFI file. Thanks! I have this same problem. Keeping Ventoy and ISO files updated can help avoid any future booting issues with Ventoy. No bootfile found for UEFI! EndeavourOS_Atlantis_neo-21_5.iso boots OK using UEFI64 on Ventoy and grubfm. 2. I would say that it probably makes sense to first see what LoadImage()/StarImage() let through in an SB enabled environment (provided that this is what Ventoy/GRUB uses behind the scenes, which I'm not too sure about), and then decide if it's worth/possible to let users choose to run unsigned bootloaders. Well occasionally send you account related emails. Using Ventoy-1.0.08, ubuntudde-20.04-amd64-desktop.iso is still unable to boot under uefi. Tried the same ISOs in Easy2Boot and they worked for me. In Linux, you need to specify the device to install Ventoy which can be a USB drive or local disk. This option is enabled by default since 1.0.76. Ventoy is an open source tool that lets you create a bootable USB drive for ISO files. Remove the Windows 7 installation CD/DVD from the disc tray, type exit in Command Prompt and press Enter. 1: The Windows 7 USB/DVD Download Tool is not compatible with USB 3.0. Thank you for your suggestions! I will not release 1.1.0 until a relatively perfect secure boot solution. Both are good. For Hiren's BootCD HBCD_PE_x64.iso has been tested in UEFI mode. to your account, Hi ! But, currently, that is not the case at all, which means that, independently of the merits of Secure Boot for this or that type of media (which is a completely different debate altogether), there is a breach of the security contract that the user expects to see enforced and therefore something that needs to be addressed. Does the iso boot from s VM as a virtual DVD? I have used OSFMount to convert the img file of memtest v8 to iso but I have encountered the same issue. @steve6375 Openbsd is based. Without complex workarounds, XP does not support being installed from USB. That's an improvement, I guess? If someone has physical access to a system and that system is enabled to boot from a USB drive, then all they need to do is boot to an OS such as Ubuntu or WindowsPE or WindowsToGo from that USB drive (these OS's are all signed and so will Secure boot). It woks only with fallback graphic mode. Just like what is the case with Ventoy, I don't have much of an issue with having some leeway, on account that implementing proper signature validation requires some effort, during which unsigned bootloaders may be accepted, so as not inconvenience users too much. Ventoy can boot any wim file and inject any user code into it. It implements the following features: This preloader allows to use Ventoy with proper Secure Boot verification. https://osdn.net/projects/manjaro/storage/kde/, manjaro-kde-20.0-rc3-200422-linux56.iso BOOT /s. It says that no bootfile found for uefi. For example, how to get Ventoy's grub signed with MS key. Yes, I already understood my mistake. You can put the iso file any where of the first partition. Tested Distros (Updating) I don't have a IA32 hardware device, so I normally test it in VMware. Then congratulations: You have completely removed any benefits of using Secure Boot for any person who enrolled Ventoy on their Secure Boot computer. Point 4 from Microsoft's official Secure Boot signing requirements states: Code submitted for UEFI signing must not be subject to GPLv3 or any license that purports to give someone the right to demand authorization keys to be able to install modified forms of the code on a device. EFI Blocked !!!!!!! eficompress infile outfile. Format XFS in Linux: sudo mkfs -t xfs /dev/sdb1, It may be related to the motherboard USB 2.0/3.0 port. @pbatard Sorry, I should have explained my position clearer - I fully agree that the Secure Boot bypass Ventoy uses is not secure, and I'm not using Ventoy exactly because of it. size 5580453888 bytes (5,58 GB) if this issue was addressed), it could probably be Secure Boot signed, in the same manner as UEFI:NTFS was itself Secure Boot signed. And, unfortunately, with Ventoy as it stands, this whole trust mechanism is indeed broken, because you can take an official Windows installation ISO, insert a super malicious UEFI bootloader (that performs a Windows installation while also installing malware) and, even if users have Secure Boot enabled (and added Ventoy in Mok manager), they will not be alerted at all that they are running a malicious bootloader, whereas this is the whole point of Secure Boot! Ventoy2Disk.exe always failed to update ? Download Debian net installer. I have installed Ventoy on my USB and I have added ISO file: "Win10SupperLite_TeamOS_Edition.iso" Hi, HDClone can be booted by Ventoy in Memdisk mode for legacy BIOS, you try Ventoy 1.0.08 beta2. EDIT: - . It means that the secure boot solution doesn't work with your machine, so you need to turn off the option, and disable secure boot in the BIOS. ISO: GeckoLinux_STATIC_Plasma.x86_64-152.200719..iso (size: 1,316MB) . Do I still need to display a warning message? It means that the secure boot solution doesn't work with your machine, so you need to turn off the option, and disable secure boot in the BIOS. I've already disabled secure boot. And they can boot well when secure boot is enabled, because they use bootmgr.efi directly from Windows iso. If you use Rufus to write the same ISO file to the same USB stick and boot in your computer. I downloaded filename Win10_21H2_BrazilianPortuguese_x64.iso DSAService.exe (Intel Driver & Support Assistant).