Ventoy icon indicating copy to clipboard operation
Ventoy copied to clipboard

Published 20 hours ago verified publisher icon ventoy

[issue]: Unable to delete Ventoy secure boot key

Open LeonXu260 opened this issue 1 year ago • 10 comments

Official FAQ

  • [X] I have checked the official FAQ.

Ventoy Version

1.0.91, 1.0.81

What about latest release

Yes. I have tried the latest release, but the bug still exist.

Try alternative boot mode

Yes. I have tried them, but the bug still exist.

BIOS Mode

UEFI Mode

Partition Style

MBR

Disk Capacity

32GB

Disk Manufacturer

SanDisk

Image file checksum (if applicable)

None

Image file download link (if applicable)

https://github.com/ventoy/Ventoy/releases/tag/v1.0.91

What happened?

When I tried to reinstall other OS with other bootkey (Rufus) on my HP Elitebook laptop, when I plugged in the new key and boot into the key, it said "Security Violation", so I did re-insert the Ventoy bootkey to Enroll Key into the BIOS. However, when I tried to remove the secure boot key found in this documentation How to delete Ventoy secure boot key, it said that secure boot is not turned on when run the ventoy-delete-key.iso file, I did went ahead and check in my BIOS settings and make sure that the secure boot is check and it is. Now I wanted to remove the enrolled keys, so it won't prevent me from using other bootkeys to install other operating system. I even tried to downgrade from v.1.0.91 to v.1.0.89, did not work either. Any suggestion for the next step?

LeonXu260 avatar Apr 13 '23 23:04 LeonXu260

I had the same issue and this solution from @Choum28 worked for me!

Boot with Super UEFIinSecureBoot Disk (https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk) Select efi tool Select keytool.efi Edit keys Select The mahcine owner key list (MokList) Go to mok Key you want to remove Select delete. reboot.

You can actually copy the img file to the Ventoy USB and it'll still work. 😀

(img file is inside the "Super-UEFIinSecureBoot-Disk_v3-4.zip" file in the releases page).

dbugdan avatar Apr 19 '23 23:04 dbugdan

I've tried the steps you mentioned earlier today, after I remove the key, I still receive the same Blue Screen said that I need to re-enroll my MOK when trying to boot to a different boot key.

LeonXu260 avatar May 16 '23 19:05 LeonXu260

Hm, that's odd. Ventoy never prevented me from booting from a different USB. I can still boot from a separate Rufus USB regardless of Ventoy's key being enrolled or not.

What OS are you trying to boot from the Rufus USB? And did you try turning off secure boot?

dbugdan avatar May 16 '23 23:05 dbugdan

Hm, that's odd. Ventoy never prevented me from booting from a different USB. I can still boot from a separate Rufus USB regardless of Ventoy's key being enrolled or not.

What OS are you trying to boot from the Rufus USB? And did you try turning off secure boot?

Hi, I am trying to boot Ubuntu 20 or Ubuntu 22 with Rufus. I believe it only shows that screen when I tried to boot into Ubuntu, I've tried it on Windows, it has not show me that screen. I have not yet tried to turned off Secure Boot since Ubuntu requires them to use it anyways.

LeonXu260 avatar May 19 '23 02:05 LeonXu260

I found this: https://askubuntu.com/questions/1456460/verification-failed-0x1a-security-violation-while-installing-ubuntu

And the accepted answer says

Downloading and booting from the 22.04.2 version solved the problem for me.

It could be that you have an earlier version. Maybe the one you have is 22.04.1?

dbugdan avatar May 19 '23 05:05 dbugdan

Could be, I believe that mines is 22.04. Should I try the latest version?

LeonXu260 avatar May 19 '23 05:05 LeonXu260

Yes, try and see if the latest version works.

dbugdan avatar May 19 '23 05:05 dbugdan

Yes, try and see if the latest version works.

What if I want to stick with the current version? Is there a way to fix that?

LeonXu260 avatar May 19 '23 05:05 LeonXu260

One of the answers suggested to disable Secure Boot, boot the 22.04 ISO, install, update, and then enable Secure Boot again.

But I think the easiest solution is to simply copy the ISO onto the Ventoy USB and boot from it so that it bypasses Ubuntu's own keys (you'll have to enroll the Ventoy key again).

I've been wondering, is there a reason you're using a separate USB for Ubuntu rather than just copying the ISO onto the Ventoy USB?

dbugdan avatar May 19 '23 09:05 dbugdan

One of the answers suggested to disable Secure Boot, boot the 22.04 ISO, install, update, and then enable Secure Boot again.

But I think the easiest solution is to simply copy the ISO onto the Ventoy USB and boot from it so that it bypasses Ubuntu's own keys (you'll have to enroll the Ventoy key again).

I've been wondering, is there a reason you're using a separate USB for Ubuntu rather than just copying the ISO onto the Ventoy USB?

Thanks for letting me know, I'll try that. I just wanted to test out the Linux OS on a different USB. But I'll give that option a try.

LeonXu260 avatar May 19 '23 14:05 LeonXu260

FWIW, this might be the same issue as ventoy/DeleteVentoySecureBootKey#1.

SpecLad avatar Sep 14 '23 12:09 SpecLad