iPXE Security Assurance Review
The iPXE Anywhere software suite, manufactured by 2Pint, uses the open source network boot loader iPXE. In order for 2Pint to offer Secure Boot as a feature to this product suite, 2Pint had asked Microsoft to sign an image of iPXE. This review covers a code audit of the iPXE source that is to be included as part of the signed image, as well as a partial review of the iPXE Anywhere product suite.
Accidentally booted ASUS laptop from Surface Hub 2S Recovery USB, now can't boot/reinstall Windows
*This post is not about troubleshooting a Surface Hub device, it's about troubleshooting my personal ASUS GU604VI laptop that a Surface Hub 2S Recovery Image on USB has altered and potentially destroyed* đ Backstory: I had a task at work to reset a Surface Hub 2S device. I followed Microsoft's instructions (here: https://learn.microsoft.com/en-us/surface-hub/surface-hub-recover-reset) to create a Windows 10 Team 2022 Update recovery image on a USB device. I then accidentally booted my own personal laptop from the USB drive - I was trying to put a couple of files on it and put it in my laptop before turning the laptop on (I should not have used my personal laptop for this in hindsight). The laptop booted automatically from the recovery flash drive instead of my internal SSD. I then realized I what was happening and shut it down. After that point NO Windows OS or other Windows install media will boot on my device. It appears that simply booting from the Surface Hub 2S recovery media made firmware-level changes to my laptop and is preventing me from booting into any non-Surface 2S Windows installation or even reinstalling Windows via boot from any Windows install media. I can boot Linux. Here is what I've tried to resolve it myself: Confirmed boot order and all the basics within the BIOS/UEFI firmware Reset BIOS to defaults Reflashed my BIOS (tried multiple different BIOS version levels) Disabled Secure Boot Wiped Secure Boot keys (returned to Setup Mode + restored default keys) Wiped my hard drive and tried to reinstall Windows (can't boot from Win11 or Win10 install media - I've tried created it using the Windows Media Creation tool and Rufus from the latest official Win11 and Win10 ISOs. None will boot into Windows setup, all return me directly to the boot device selection screen. Tried to boot to Windows Recovery Drive made from another Win11 system - same situation, returns me directly to the boot device selection screen Tried to boot Hiren's Boot CD on USB (based on WinPE) - same situation as above Tried multiple USB ports Tried multiple USB flash drive brands Tried disconnecting my laptop battery and letting it sit (CMOS reset type-of-thing) Tried booting directly from the various Windows .EFI files using shell.efi from UEFI - none will boot, they do nothing. Launching Linux .EFI files boots them just fine My laptop is a UEFI-only device. I cannot boot it into CSM/BIOS mode. I have to use UEFI boot. Power cycle/hard reset procedure with holding the power button for 1 minute Removed my SSD and tried to get the laptop just to boot to a Windows setup USB stick - same situation, returns me directly to the boot device selection screen Called ASUS, they want me to send them the laptop for an $85 diagnosis. It's out of warranty by 4 months. They will likely have to replace this motherboard, and this will cost big bucks. Tried to follow Microsoft's documentation on how to 'Migrate to Windows 10/11 Pro or Enterprise on Surface Hub 2S' (https://learn.microsoft.com/en-us/surface-hub/surface-hub-2s-migrate-os#update-uefi-on-surface-hub-2s-to-enable-os-migration) thinking that this may hold the key to being able to unlock the boot capabilities to allow my laptop to boot to normal non-Surface Windows again. I can get to the 'Update UEFI on Surface Hub 2S to enable OS Migration' step but cannot complete it since I don't have the Surface-specific UEFI options to install the DfciUpdate.dfi management settings file from USB. I finally installed decided all was so screwed up that I might as well actually fully install the Surface Hub 2S Windows 10 Team 2022 Update on my laptop and go from there - so I did. It booted and fully installed successfully and now I have a Surface Hub 2S laptop. It boots, but not to what I want it to, of course! I want to be back at normal Windows 11. I found one or two others having similar issues online (but not many people!): These three posts are from the same person - I tried but cannot use his solution because I cannot get Shift+F10, Windows+R, Ctrl+Shift+Esc or any other combo to give me the ability to launch a cmd.exe window. I think this is because the Surface Hub 2S is running in Windows S mode. https://forums.tomshardware.com/threads/unable-to-boot-uefi-from-sata-or-usb-after-connecting-surface-hub-ssd.3757053/ https://answers.microsoft.com/en-us/windows/forum/all/unable-to-boot-to-uefi-via-sata-or-usb-device/655da88e-e5fe-4077-a9ce-5915e918cc90 https://www.reddit.com/r/WindowsHelp/comments/tt4d8v/unable_to_boot_to_uefi_sata_or_usb_installer/?rdt=57727 This post is extremely close to my situation, probably the exact same root issue https://answers.microsoft.com/en-us/surface/forum/all/i-have-interesting-situation-please-read-carefully/3470d7eb-b62d-48db-afda-b7c85c3991c0 Could you please help me get my laptop back, Microsoft engineers? (and/or anyone else!) Thank you!UPDATED: UEFI Signing Requirements
While Microsoft reserves the right to sign or not sign submissions at its discretion, you should adhere to these requirements. Doing so will help you achieve faster turnaround times for getting a submission signed and help avoid revocation. Microsoft may conduct follow-up reviews, including but not limited to questionnaires, package testing, and other security testing of these requirements before signing. The following list contains the latest requirements for the UEFI signing process. These requirements are to ensure the security promise of secure boot, and to help expedite the turnaround of signing submissions.
Failed to enter windows
Hi everyone, After installing ubuntu, I can not get into the windows and struggle with a bios loop, and failed to repair it with iso or other startup disks. Gently ask if there is any possiblility I can repair the Windows reserving documents in C. System information : MB : B350M MORTAR (MS-7A37) CPU: AMD RYZEN 7 1700X EIGHT CORE PROCESSOR RAM 32768MB BIOS E7A37AMS.170NX Exception for SHIM Community
Due to the complexity of the Linux boot process, the number of active releases from different distributions with compatibility challenges, and the support and serviceability timelines of in-market products, a limited exception to the NX signing requirements has been granted. This limited exception is granted for shims serving in-market products.⯠This exception will be reviewed regularly, and once component versions are identified that meet the compatibility requirements, new shim signing requests for products targeting the identified components will no longer be exempt.âŻAdditionally, when shim functionality is developed to provide compatibility for older, non-compliant boot components, new shim signings will no longer be exempt.⯠Please reach out to: uefisign@microsoft.com with any questions on this policy.
Error P2V with UEFI Secure Boot to Hyper-V
NEED YOUR HELP! We are failing to convert a few physical machine to Hyper-V (W2012 R2) due to UEFI Secure Boot on the physical machine. The physical machines are running Windows 2008 R2 Server or Windows 2012 Server. During the conversion process, we got the error showed in the attached image. -- Could someone help us to resolve this issue? -- How can the secure boot be disabled? -- How can we convert the physical machines to Hyper-V based on Generation 2? -- Any converter tool that support the convertion to Hyper-V on Windows 2012 R2 or 2016?
