[issue]: Unable to boot on ventoy (no ventoy image selection menu)

[esp13]

Official FAQ

• I have checked the official FAQ.

Ventoy Version

1.0.88 and 1.0.78

What about latest release

Yes. I have tried the latest release, but the bug still exist.

Try alternative boot mode

No. I didn't try these alternative boot modes.

BIOS Mode

UEFI Mode

Partition Style

GPT

Disk Capacity

32GB

Disk Manufacturer

Verbatim and Imation

Image file checksum (if applicable)

Yes.

Image file download link (if applicable)

https://github.com/ventoy/Ventoy/releases/download/v1.0.88/ventoy-1.0.88-linux.tar.gz

What happened?

Hi,

On a recent computer (Lenovo Thinkpad P16) I can't get the ventoy menu.

I enter the uefi boot menu (F12) and select the usb key, the screen switch to black for 2-3 seconds then came back to the uefi boot menu. The MOK enroll popup never shows.

Secure boot is activated and I can't disable it (supervisor password is set and I don't have it)

After some investigation I think the blacklist DBX table is the main cause of this behavior, some hash are blacklisted see photos I joined (I can't remove this entries) :

• https://wtf.roflcopter.fr/pics/1Bgaw8p4/4qOA1lnp.jpg
• https://wtf.roflcopter.fr/pics/AOTi5Tkz/D1lISzx7.jpg
• https://wtf.roflcopter.fr/pics/Vgweez1h/z4PzC4q0.jpg
• https://wtf.roflcopter.fr/pics/I5M7VGhu/Le4SZ35O.jpg
• https://wtf.roflcopter.fr/pics/ay2mySKQ/8h5561s0.jpg

Some other issues seem going the same way:

• [issue]: Secure Boot - Ventoy update process doesn't update EFI files #1933
• [issue]: Can't boot Ventoy on my DELL XPS 9510 #1899
• [issue]: 在小米笔记本15.6pro 2020款上面无法uefi启动 #1267
• [issue]: Secure Boot: Your shim isn't properly signed. #1243 (comment)
• [issue]: Failed to secure boot #1024
• Ventoy with secure boot enabled once worked well. But now it doesn't work. #676

I tried on 3 other computers (just a little older, Dell and Lenovo Thinkpad) and I always get the MOK enroll popup, and once it's enrolled, I successfully get the ventoy menu.

Is there some other BOOTX64.EFI file with different hash that could work with ventoy?

I tried this one (with ventoy 1.0.78) but get the same issue : #1666 (comment)

Thank you for your help.

[AnomSanjaya]

Lenovo ThinkPad was applied different BIOS type & security, since there use AMI for long time (not Insyde like IdeaPad series) we may diffcultly disable any security options (include secure boot)

Did u find the SGX menu and disable it? IDK if this menu enable by default or not

[esp13]

Lenovo ThinkPad was applied different BIOS type & security, since there use AMI for long time (not Insyde like IdeaPad series) we may diffcultly disable any security options (include secure boot)

Hi,

Thank you for your answer.

As I said before, on this computers the uefi supervisor password is set and I don't have it (corporate rules). (system management password isn't set)
It wasn't a problem until now, I only had to enroll the MOK key and it worked on previous computers.

So I can't remove a key from the DBX list nor temporary deactivate secure boot.

Did u find the SGX menu and disable it? IDK if this menu enable by default or not

I don't have any SGX / Software Guard Extensions menu, I have several secure boot / key management options but I can't modify it without the password I don't have.
"Flash bios updating by end-users", "secure rollback prevention" and "windows UEFI firmware update" option are set on "on" but I guess I will need the supervisor password to use it from the OS.
"allow microsoft 3rd party UEFI CA" option is set to "OFF"

But with this new DBX that blacklist BOOTX64.EFI hash I can't anymore access to ventoy MOK enroll popup nor to the ventoy menu..
Is there a way to use an other BOOTX64.EFI hash that isn't blacklisted?

[AnomSanjaya]

But with this new DBX that blacklist BOOTX64.EFI hash I can't anymore access to ventoy MOK enroll popup nor to the ventoy menu.. Is there a way to use an other BOOTX64.EFI hash that isn't blacklisted?

Since BOOTX64.EFI that Ventoy used from SHIM, so the SHIM maker must update signature link