Topic: How I make an NTFS UEFI Bootable USB with No Rufus = Works with Secure Boot  (Read 1088 times)

0 Members and 1 Guest are viewing this topic.

gizmoshq

  • Jr. Chef
  • **
  • Date Registered: Oct 2014
  • Posts: 23
  Here is how I make NTFS UEFI/MBR Dual Bootable sticks, that work with Secure Boot.  Not possible with Rufus and it's NTFS driver (Under Secure  Boot).
Background:

I have a need for a USB stick that has NTFS (I use very large WIM files, and multiple versions of different Windows  Installers that use junction points to pont to a common WIM source). I also need to store files larger then 4gb, and use compression to get DriverPacks Network folder to fit efficiently on the stick. 
Many UEFI BIOS's will work with NTFS, (Aftermarket mainboards and such), but TRUE UEFI complaint machines are notably stubborn.  To boot UEFI, the spec requries:

1)   GPT Partition Table
2)  Fat32 Boot Partition

  Windows 10 has an annoying feature that will only see the first partiton on most USB sticks.  They are recognized differently then USB hard drives, but since I shop in the bargin bin my sticks, I am unlikely to find a real Windows to Go stick, which enumerates as an external drive supporting multi partitions.  But, the UEFI firmware has no problem with the number of partitions.  So what we need to do is create a nice Fat32 partition on a MBR USB stick, put our boot files and WIM images on that partition, then shrink it, and shove it to the end of the disk, make it active (So MBR bioses will boot from it).  By creating the drive with Rufus, it creates a hybrid MBR/GPT table that seems to boot fine on both types of firmware.   Once the boot partition is how we want it, we create a Fat32 partition with Partition Guru, as opposed to Diskpart, because Diskpart wrecks the Hybrid MBR, and creating an NTFS partition in Partition Guru wrecks the Hybrid MBR.  We then convert this new Fat32 partition to NTFS, and voila, we are ready.   Once this partition is created, the bootable Fat32 partition is still there but becomes invisible in Windows (But fine in other OS's, or Windows with the disk.sys hack, which is untidy and I don't like it). 



Prepare UEFI stick with RUFUS.  I use version 2-11.  Press Alt-E to enable dual boot EFI and MBR.  Choose Fat32 for format.  Don't apply the image, just prep the stick.
Use DIskpart and make the new Fat32 partition active.

Apply a Bootsector to new partition.  If new partition is drive "G", for example,  then open command promt as admin and go "Bootsect /nt60 g: /force" (Assuming you are working on a Vista or newer machine).  It should, after the above, say bootcode was successfully updated. At this point, drop your PE WIM files, boot files (Both Bootmgr, and bootmgr.efi and associated directories), BCD files and such onto this new partition.   There are several howtos on how to make these.   Make sure you have X64 for UEFI, and X86 as well because it boots a bit faster as it is smaller, and works on older processors.   If you don't know how to do this, just use X64 PE.

After this, at this point, do a test boot.   I have found that 2 out of 10 sticks just do not work for this.   This step will rule that out.

Now, open Partition Guru Free 4.9.0.   You need to "shrink" the partititon down to about 2GB, and move it to the end of the stick.  This step is important!   Partition Guru does not wreck the hybrid MBR, so if you use another util and it does not boot on UEFI, you will know why.

 Now, in the free space you created at the "front" of the USB stick, create a Fat32 partition with partition Guru, reinsert the stick, and Windows will assign it a drive letter.  Convert this to NTFS, and copy your goodies onto it (Anything else not in your boot.wim file for PE).  This inlucdes windows installation WIM files (Mine are 29GB), and anything bigger then 4GB that you never carried around on your trusty tech stick..

At this point, you have a hybrid MBR/GPT stick, with an active Fat32 partition that an MBR bios will pick up and boot, wtih a Fat32 partition that will also boot on a true regulation UEFI Secure boot system via the hyrbid MBR/GPT partition.  These partition schemes are nothing new, and have been around as long as Boot Camp for OSX :) . 

If it doesn't work, try a different stick, and for whatever reason, keep the boot partition at 2GB even if your images are only half that. 

I have several of these in the field with my staff, as we work on a lot of hardware that doesn't allow us to enable CSM, and they work great on both UEFI/Secure Boot, and older systems so long as they support PAE, which is required for 8/10PE.   That way each guy only needs one stick, instead of 3 (MBR/UEFI/NTFS for larger WIM images).

Enjoy.

unavailable

  • Apprentice
  • *
  • Date Registered: Jun 2017
  • Posts: 1
I followed the instructions but I got stuck on the part where I have to "drop your PE WIM files, boot files (Both Bootmgr, and bootmgr.efi and associated directories), BCD files and such onto this new partition." Could you point me to a guide step by step on this? Thanks for the post! This is exactly what I have been trying to do!

 

Powered by EzPortal