Will it work on bare metal and everything? It depends, does everything let you enroll the key? If no, then the answer is no. I don’t even know if my sister’s laptop will let me do that.
I’ll just try, it’ll work or not. I will buy another flash drive though, therefore I can put Linux and then Windows on that flash drive, and do it that way. Since I don’t want to wipe this flash drive and copy everything back over, too slow.
Apparently you have to use woeusb, or something similar, apparently using just dd does not work. I might have knew that, but I clearly forgot. Well, I had woeusb installed, so yeah, I probably knew at some point for some reason.
The command for that I used woeusb –partition /path/to/win.iso /dev/sdj3. Might work with a loop device, no idea if Grub will be able to boot that though. Yes, you can boot raw img files, but with Windows? I don’t know. The installer boots, but does it fully work? I don’t know if the way I’m doing it that either. All I know, is the installer won’t actually work.
I could test it on one of my computer’s, but I spent plenty of energy, trying to make this work, even after I thought it must not be possible. Well, when you search the internet, if you don’t search right, you don’t find what you want.
Also, then I might spend a shit ton of time making it work bare metal. Doesn’t seem like a good use of energy. Opening a VM or rebooting the VM, is not only faster, easier as well. Well, maybe easier, cause you don’t have to wait as long. The HP laptop actually might be slower then this desktop as well when rebooting. Cause of all the “security”.
How secure does anybody actually think anything is? iPhones have malware, Android and so on. If somebody really wants to hack something, they are likely going to succeed eventually. But I guess “peace of mind” might mean something to some people. Got bigger things to worry about then “peace of mind”.
And yes, Apple is a liar, and their privacy, security, environment, those are at least three of their lies. Hmm, if Apple was lying, now Google is lying, and Microsoft might require Secure Boot for Windows 11, they are most likely lying as well.
The shim-install command I used is shim-install –removable –no-nvram –bootloader-id=Grub –efi-directory=/path/to/efi/partition –config-file=/path/to/grub.cfg. And if not using openSUSE Tumbleweed, you might not have shim-install. If using Arch Linux, they might have a command that’ll work. Or just run grub2-install with correct options, and don’t use disable-shim-lock, and then copy the shim to it manually, and make sure the Grub efi isn’t boot whatever efi. If it is, well you need to know what the shim is looking for, in openSUSE Tumbleweed, I think it’s grub.efi maybe.
And I probably signed that file and nothing else with sbctl sign /path/to/boot.efi. Or did I sign the shim and the grub? And does the Shim even need to be signed?
Looks like I signed three files, according to the history command, grub.efi, bootx64.efi, MokManager.efi.
And you can export the sbctl keys, and I’d copy the entire folder to the EFI partition. I might have more then one key installed, and you might only need one. If I get that far when I try fixing her laptop, well I’ll find out. You probably need to export them for them to be in the right format. Otherwise, you might get a nice error trying to enroll them.
And to boot Windows 11 installer that’s on a partition on my flash drive, I use the below:
menuentry "Windows 11" { insmod chain insmod exfat insmod part_gpt search --no-floppy --fs-uuid --set=root 3759-E978 chainloader /efi/boot/bootx64.efi }
You can get the correct UUID with blkid /dev/partition. And not sure the insmod exfat is needed, probably not, as it’s using FAT32 I’m pretty sure.
Also, I tried with NTFS, thought it had the module, but it just said unknown partition, and couldn’t do much. So I’d just use FAT32. Does Windows 11 use FAT32 itself for the EFI crap? Well, probably. Otherwise, a lot of computers wouldn’t be able to boot it. I think I read that not all computers support booting NTFS.
Also, thought I read the chainloader didn’t work with shim, well it does in a VM. Well, probably didn’t read everything, or click the link. Somebody also said something about the chainloader shim and Linux. So you can’t boot Grub from Secure Boot Grub? Well, I can’t seem to get that to work, well Ventoy isn’t exactly Grub. I got it to say unofficial once. Then I got an error once, saying unsupported or something. Unsupported and they put code in to block you? Hmm, well the people that are doing that, can all likely find a way around it. If all the source code is available, then they can just remove the blocks as well. Also, I don’t know much of what I’m doing, I do know Ventoy seems to have grub.cfg files though. And somehow, I got it to say unofficial. And show a menu, but probably the wrong menu.
I wonder if those module things, work in Grub. Or if you get their thing in unofficial mode, and it’s loading your menu, and you try loading using the same stuff in the “official” config.
Well, that might be a good way, to get people to try harder to boot it. But I do know, that it won’t even boot my Linux ISOs on my laptop. Some memory error. Older version though. Might be out of memory, which clearly isn’t true. So it doesn’t even fully work, just was messing with it, if I couldn’t get Grub to boot Windows 11, don’t know if it can boot a Windows 11 ISO or not. Well, looks like you might just need Windows 11 installer on a partition, and use the right tool for the job.
Well, in that case, it may not be possible then. If you want to do the above bare metal. Easier to disable Secure Boot, but Windows 11 most likely requires it. And it’s not my laptop. Oh wait, I could disable Secure Boot, boot Linux, backup data she wants, then put Windows 11 on the flash drive I buy. And turn Secure Boot back on, and reinstall Windows.
Assuming it lets me disable Secure Boot. Oh and apparently there’s some other “secure” BS thing, that my flash drive might not work at all with, and if I can’t turn that off. Well, that’ll make this a big pain in the ass. Probably won’t be doing it at home, so I’ll have to use somebody’s computer. Guess if what I think is happening, they won’t care. But still annoying. If it can be disabled, then my flash drive might work. But don’t know shit about what that thing is, can’t remember what it’s called either. Just remember something, about something not working with it. Maybe the shim doesn’t work at all with it.
Well, I don’t think I’ll ever “upgrade” my computer. It’s bad enough that it has all this BS crap, that I can’t view the source code, nor can anyone else, like somebody that would understand it better then me. But better hope they aren’t a shill for somebody.
Better to understand all code yourself, and only rely on yourself with computers. But security doesn’t exist, so better to ditch tech.
Also why do I have a bunch of medicine ready? Well, better call my mom back, before I forgot again to tell her. And before I look at the CVS app, as then I might forget again. I thought only one thing was ordered, and don’t recognize all three or how ever many it is. One of them might be the heart burn, but wtf are the other two? Did my blood work come back already? Hmm, well need to tell her somebody called too. But no message left, couldn’t answer the phone, either in the bathroom or shower most likely. Don’t feel like looking number up. And also, not the right area code. Might just be my health care yet again.
I shouldn’t have answered the health care call once though. Then a day or so later, they call again. Then I have to say hello multiple times, I think now their phone doesn’t work, cuase then they asked something, didn’t hear what they asked, tried asking what they said, and apparently somebody hanged up or call dropped. Maybe they called back finally. Possibly from a different number as well. Not sure a VoIP service would solve this problem, as it might be on their end. Also, the “easy” way to get a VoIP, would be to port this number to it. And then Ultra Mobile will cancel my service. I’d have to ask them if I can port this number and get a new number, might cost money as well to do so, if I can. And I don’t really want a different service, or to have to resignup. Tello is cheaper, but I don’t really care.
I can’t even remember the exact reason for switching from Tello. Don’t really care though either. Probably should have just kept it actually. Lose my number if I kept Tello? Oh well. Well, they aren’t supposed to be able to do that, but this FCC or whoever’s is in charge of that, likely wouldn’t care. Unless it happens to a rich enough person. And they might own the cell service they’re using, so unlikely.