Topic: Win10PESE with Bios +UEFI  (Read 1738 times)

0 Members and 1 Guest are viewing this topic.

Win10PESE with Bios +UEFI
« on: August 10, 2016, 08:06:19 PM »

Goodwin

  • Jr. Chef
  • **
  • Date Registered: Jan 2013
  • Posts: 10
Forgive me if this has been answered but I haven't tried to get this to work in a long time and I'm not sure I found a solution when I was trying to get it to work. Has anyone been successful in getting a Win8.1pese or 10pese to boot while also offering to boot to a grub2 or grub4dos menu yet? The problem I have is on a secure boot system my PE boots fine but it bypasses the grub options I've added, like bootable imaging apps and some other images for diagnostics. I'm just struggling to understand the language in order to get my project completed. Back when I was using ezboot(before UEFI and secure boot garbage) I had no issues getting anything to work but I am at a loss here.
Goal- Win10pese to boot via uefi or bios but also have the option during boot to jump to my grub menu to load other images. I've downloaded UEFI-Multi but don't completely understand what the process entails to get it done correctly for my purposes because it seems the documentation only deals with parted magic and a win8 pe and not a thorough list of options like Ive seen here and in the past reboot.pro before you guys moved here.

Any assistance appreciated.

Sorry little tired and have had a few to drink. My son started kindergarten today among other things we are dealing with so a bit on the stressed side lol.

Cheers,

Goodwin

Re: Win10PESE with Bios +UEFI
« Reply #1 on: August 10, 2016, 11:25:27 PM »

anshad

  • Chef
  • ***
  • Date Registered: Apr 2012
  • Posts: 323
Quote
The problem I have is on a secure boot system my PE boots fine but it bypasses the grub options I've added, like bootable imaging apps and some other images for diagnostics.


Hi

It looks like you are installing/using Grub2 in legacy mode (installed to MBR). UEFI works differently and never executes any code written on sector 0 aka MBR of a hard drive.

Legacy BIOS boot process >

1. Complete power on self test (POST).

2. Check the boot order and if HDD is listed as first, check for MBR magic number AA55 on LBA 0 (first logical sector).

3. If MBR magic number is present, execute the assembly language instructions written on the MBR. This code will be different for each boot loader/boot manager. For example, Windows NT5 compatible MBR code will look for a partition marked as Active and if one found, execute the code written on VBR (Volume Boot Record) of the partition. This VBR code will then look for and load ntldr (NT loader) and it's the responsibility of the ntldr to proceed with OS loading process. Grub4dos MBR code will usually search for and load "grldr".

UEFI BIOS boot process>

UEFI BIOS is written in high level languages like "C" (instead of Assembly) and has much more capabilities like reading a file system directly (ie FAT16/32 and/or NTFS in some cases). This allows the UEFI firmware to directly read and load the OS boot loader without the need to read and execute any RAW assembly code written on LBA 0 of the disk.

Here is how the general UEFI boot process works :

1. Complete the POST process.

2. Identify the "EFI System Partition" via checking the GUID (in case of GPT style partitioning).

3.Directly read the file system and check for the presence of \EFI\BOOT\BOOTX64.EFI file (UEFI x64 boot loader ) and chain-load it.BOOTX64.EFI proceed with loading the respective OS (Windows/Linux) .If the firmware is capable of "SecureBoot" and if it's enabled, the boot loader should be a signed one. This will make sure that the boot process is free from any boot viruses.

Hope that now you will have a basic idea of how a UEFI boot process is different from legacy/mbr BIOS mode. Since the UEFI boot process completely ignores the MBR, executing grub4dos or Grub2 legacy code is not possible. If the UEFI firmware supports legacy/CSM mode, you can enable it to boot from a grub4dos based bootable USB stick.

Grub2 has a UEFI version and one can actually create a multi-boot USB stick using it. However you need UEFI based bootable images and the Grub2 menu should be manually edited to chain-load the respective UEFI boot loader of each utilities. That's certainly not an easy task.


« Last Edit: August 10, 2016, 11:28:45 PM by anshad »

Re: Win10PESE with Bios +UEFI
« Reply #2 on: August 10, 2016, 11:49:34 PM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
VERY interesting info, anshad!! As luck would have it, I was just trying to learn about this stuff as well, I am trying to understand the UEFI boot process, to learn what all the different files do, so maybe you could continue your explanation a few more steps?

- After bootx64.efi loads, what happens, and which of the other files are needed (specifically for USB boot only?) Let's use an enUS standard ADK PE as an example:
-- In EFI\Boot\ there is the bootx64.efi you mentioned, but in my case, the other files are in EFI\Microsoft\ ('BCD'). Is that location always the same, why is it not in \EFI\Boot\ ?
-- It seems a lot of the other files are not always needed? Can you explain about why and when they are needed?
(starting in the root folder):

bootmgr.efi (why is this there, when UEFI is looking in EFI\Boot ?)

EFI\Boot\en-us\bootx64.efi.mui (is this optional, or only needed when using a different language?)

EFI\Microsoft\Boot\BCD (why is it in de \Microsoft folder, not in plain \EFI folder?)

EFI\Microsoft\Boot\Fonts\malgun_boot.ttf (and other fonts, are they optional/ when are they used?)

EFI\Microsoft\Boot\Resources\bootres.dll (another confusing file, what does it do and why does it seem to be optional)?

Sorry to seem like a total noob, but I did try to read up on these, there's just so much confusing info, and you seem to have the "gift" of being able to explain this so well!!!  :thumbsup:

Thanks for any and all info on this!

Re: Win10PESE with Bios +UEFI
« Reply #3 on: August 11, 2016, 01:08:04 AM »

anshad

  • Chef
  • ***
  • Date Registered: Apr 2012
  • Posts: 323
Quote
- After bootx64.efi loads, what happens, and which of the other files are needed (specifically for USB boot only?) Let's use an enUS standard ADK PE as an example:

"bootx64.efi" and Bootmgr both will usually try to read and populate BCD and load the "Windows\system32\winload.exe" (or Winload.efi) file of the default Windows boot entry. Winload.exe or Winload.efi then load the ntoskrnl.exe (NT Kernel) which will take command of the boot process and OS initialization.

Quote
bootmgr.efi (why is this there, when UEFI is looking in EFI\Boot ?)

"bootmgr.efi" is certainly not needed for booting from USB/HDD. I have read that it may be needed for CD/DVD booting but unable to verify it since i stopped using optical discs. May be later experiment with virtual machines.

"UEFI\Boot" is the default location the firmware will look for the boot loader file (bootx64.efi or bootx86.efi) if the boot mode is set to UEFI (and not CSM). The path and names are standardized by "UEFI consortium" - http://www.uefi.org/. But it may be possible to alter the default path and name by altering UEFI NVRAM data. More details can be found at  http://www.rodsbooks.com/efi-bootloaders/installation.html

Quote
EFI\Boot\en-us\bootx64.efi.mui (is this optional, or only needed when using a different language?)

Certainly optional at least for en-US version. UEFI seems to boot and display boot menu without the mui file but i am not sure about other languages.

Quote
EFI\Microsoft\Boot\Fonts\malgun_boot.ttf (and other fonts, are they optional/ when are they used?)

As far as i know, the fonts are for foreign languages.

Quote
EFI\Microsoft\Boot\BCD (why is it in de \Microsoft folder, not in plain \EFI folder?)


Quote
EFI\Microsoft\Boot\Resources\bootres.dll (another confusing file, what does it do and why does it seem to be optional)?

I don't know either the exact reasons why they choose to use "EFI\Microsoft" folder. My best guess is to keep the "EFI\boot" folder clean and simple. Linux distros like "Ubuntu" also follows the same convention. In an Ubuntu CD, you will only find "BOOTx64.efi" and "grubx64.efi" files inside the "efi\boot" folder. However grub2 resources are located at "\boot\grub" folder (grub2 won't boot without them).

bootres.dll traditionally contains a compressed animation of Windows boot time logo. If you open the dll with resource hacker, you will find the boot time logo data under "RCData" section. Right click on the "1:1033" resource and select "Save Resource to a bin" option. You can open the saved file using 7-zip and view the boot logo screen bmp files inside it.   
« Last Edit: August 11, 2016, 01:14:31 AM by anshad »

Re: Win10PESE with Bios +UEFI
« Reply #4 on: August 11, 2016, 01:58:21 AM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
Anshad, thank you VERY much for your reply. I hope Goodwin doesn't mind that I stole this thread, I think he's probably very happy with your first reply, any other info you want to share is just an added bonus!  :thumbsup:

There are two even more unrelated issues that I always wanted to ask, I know I'm on really thin ice now, but maybe you don't mind shedding some light on these as well:

(1) Do you have any idea why there are two different 'BOOTMGR' files on a Windows iso (I wonder which one to pick for my usb boot files):

'bootmgr' (in the root of my Windows 10 iso)
size: 386.976 bytes
date: 20160717 00:52:59

'bootmgr' (in \sources\install.wim\1\Windows\Boot\PCAT\)
size: 384.322 bytes
date: 20160716 13:43:00

It seems PESE is just taking the one from the root folder, while SIW/CEW's script takes it from the install.wim\Windows\Boot\PCAT.

(2) So once I have these two minimal sets (for BIOS and UEFI) of boot files on my USB, I'm ready to boot any PE boot.wim I like: All standard ADK PE's (7, 8, 8.1, 10240, 10586, 14393) and all WinPESE projects. I'm doing some experiments on those standard "ADK" WinPE wims as well (always fun to learn stuff), and I even managed to add the Acronis drivers so I can run True Image on standard PE, which works perfectly on all "BIOS" systems I have (dozens of them).
But when I tried to boot a "standard PE with Acronis drivers" (just fltsrv.sys and snapman.sys) on an UEFI system, I got a boot error, telling me there was an error with "fltsrv.sys". I don't have any UEFI systems at the moment, so I can't reproduce it at the moment, but I seem to recall somebody else on TheOven has experienced this error as well.
This seems strange to me, because booting WinPESE on this same USB (same boot files and everything, same Acronis files), works fine.

From what I've learned over the past few days, could this be as simple as turning off test signing in BCD, or do you know of other things that could influence loading these drivers? (Remember, the error is on UEFI system only!!)

Sorry again for going off-topic, but it's still about "BIOS vs UEFI", I guess... Thanks again!
« Last Edit: August 11, 2016, 02:00:45 AM by Atari800xl »

Re: Win10PESE with Bios +UEFI
« Reply #5 on: August 11, 2016, 03:06:47 AM »

anshad

  • Chef
  • ***
  • Date Registered: Apr 2012
  • Posts: 323
Hi

Honestly, i have no clue about the difference between the two flavors of bootmgr. The Acronis issue  sounds like a driver signing problem indeed. Easiest way of course is to replace the standard BCD with the modified one from SE.

Btw, the below links contain some useful info about the boot process.


https://neosmart.net/wiki/mbr-boot-process/

https://technet.microsoft.com/en-us/library/bb457123.aspx
 

Re: Win10PESE with Bios +UEFI
« Reply #6 on: August 11, 2016, 05:34:27 AM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
Thank you!!
 :thumbsup:

Re: Win10PESE with Bios +UEFI
« Reply #7 on: August 11, 2016, 08:14:22 AM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
The Acronis issue  sounds like a driver signing problem indeed. Easiest way of course is to replace the standard BCD with the modified one from SE.

After googling for disable_integrity_checks, I came across two very familiar people discussing this last year:

http://theoven.org/index.php?topic=1134.msg13239#msg13239

It is all coming together now!! Now I understand why I needed the boot.sdi then, and re-reading your replies from that topic, it has become pretty clear now... Quite a coincidence we "meet" again on the same topic.  :grin:

Re: Win10PESE with Bios +UEFI
« Reply #8 on: August 11, 2016, 08:50:16 PM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
The Acronis issue  sounds like a driver signing problem indeed. Easiest way of course is to replace the standard BCD with the modified one from SE.

Looking at the PESE scripts again, it looks like the Winload.exe patching isn't even done anymore?!
(Build\1- Copy files\Patch winload to bypass driver signing) - this is not selected by default?

That would mean winload.exe isn't patched, and Acronis fltsrv.sys isn't causing any problems in normal cases.

So that still doesn't explain it. Never mind, I will have to cross that bridge when I have UEFI hardware to test, it could even be an ASUS-specific thing, who knows...

As long as 10PESE is working (as it is), everything's fine...

Re: Win10PESE with Bios +UEFI
« Reply #9 on: August 11, 2016, 09:02:03 PM »

anshad

  • Chef
  • ***
  • Date Registered: Apr 2012
  • Posts: 323
Quote
I will have to cross that bridge when I have UEFI hardware to test, it could even be an ASUS-specific thing, who knows...

Easiest way to test UEFI booting without hardware is to use "Hyper-V" (which is available with 8.1/10 Pro). It even supports SecureBoot - make sure to select the "Generation 2" virtual machine.

Considering that "Acronis" drivers are usually signed by an authorized CA, the error might be something else than the "signature" issue.

Re: Win10PESE with Bios +UEFI
« Reply #10 on: August 11, 2016, 10:26:09 PM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
Sounds like a nice project  :wink:

Thanks for all your help, when (if?) I get a Hyper-V UEFI setup going, I hope to isolate the issue.
I do remember (and documented) the problem on the Asus: If a added the Acronis driver (self made PE) I would get the error, when I removed the driver, no error.
And of course, PESE would run great, with or without my Acronis script. (Grmmpfff).

Re: Win10PESE with Bios +UEFI
« Reply #11 on: August 12, 2016, 04:10:27 AM »

ntd

  • Jr. Chef
  • **
  • Date Registered: Nov 2015
  • Posts: 20
Hi all,

I know that someone created a good tool using Grub2 to multiboot WinPE, Linux, Antivirus... iso files.
You can search with phrase "AIO Boot - Grub2/Grub4dos/Syslinux/Clover/rEFInd, UEFI-GPT/Legacy-MBR, USB/HDD/DVD, LAN (PXE)". However, this tool was written in Vietnamese, so you can use Google Translation to translate into English.

Hope that you can enjoy the tool.

Re: Win10PESE with Bios +UEFI
« Reply #12 on: August 12, 2016, 08:33:25 AM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
Anshad, I got the Hyper-V stuff working!! UEFI emulation on BIOS hardware!
I could NEVER have done this without your help! Lots of new stuff to learn and experiment with, but I wanted to thank you first!
 :thumbsup:
(more later...)

Re: Win10PESE with Bios +UEFI
« Reply #13 on: August 14, 2016, 01:30:37 AM »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 754
Anshad, just a little follow-up to prove I have done something with your suggestions!
I installed the brand new W10ent-ltsb-1607x64, first I added Hyper-V as standard in the wim (using Dism /enable-feature), so it is always available on clean install. It took a little getting used to, for example it doesn't support external usb, so I had to figure out how to get my PE usb stuff working. I like how *everything* can be scripted, so I made these diskpart scripts to prepare my vhd's:
HD1 (acting as "main harddisk"):
create vdisk file=d:\vm\hd1.vhdx maximum=40960 type=expandable - attach vdisk - clean - convert gpt - create partition efi size=100 - format quick fs=fat32 label="System" - create partition primary - format quick fs=ntfs label="Windows" - assign - detach vdisk
HD2 (acting as "pseudo usb drive"):
create vdisk file=d:\vm\hd2.vhdx maximum=32768 type=expandable - attach vdisk - create partition primary - format quick fs=fat32 label="PE" - assign - detach vdisk

After that, I put all my normal PE usb stuff on HD2

Creating and running the VM:
powershell
set-executionpolicy remotesigned
remove-vm UefiPC -force

powershell .\make-and-start-vm.ps1

make-and-start-vm.ps1:
New-VM -Name "UefiPC" -MemoryStartupBytes 1073741824 -Generation 2 -VHDPath "D:\VM\hd1.vhdx" -Path "D:\VM"
Add-VMHardDiskDrive -VMName UefiPC -Path D:\vm\hd2.vhdx
set-vmfirmware -vmname UefiPC -EnableSecureBoot On (this is the default, it seems)
start-vm -name "UefiPC"
vmconnect localhost "UefiPC"

All of this is turning an old BIOS notebook into a UEFI test rig, in no time flat.
Thanks again for your help!  :thumbsup:
« Last Edit: August 14, 2016, 01:31:55 AM by Atari800xl »

Re: Win10PESE with Bios +UEFI
« Reply #14 on: August 14, 2016, 03:10:16 AM »

anshad

  • Chef
  • ***
  • Date Registered: Apr 2012
  • Posts: 323
Good luck with your UEFI experiments  :thumbsup:.

 

Powered by EzPortal