You are not logged in.
So my desktop PC has two SSDs in it. One is my main Linux drive that only has two partitions, /boot and /, which is just a simple full disk dm-crypt LUKS encryption setup, using systemd-boot. The other drive is a Windows 10 installation also fully encrypted with VeraCrypt.
Since the VeraCrypt bootloader resides on another drive, I followed the wiki, specifically https://wiki.archlinux.org/title/System … other_disk. I installed edk2-shell, booted off of it, took note of the FS alias and full path of the EFI file on the drive (dev/sdb2) using map then exited back to Linux. Then I created windows.nsh in /boot.
/boot/windows.nsh
HD0c65535a2:EFI\VeraCrypt\DcsBoot.efi
Then I created Win10.conf in /boot/loader/entries.
/boot/loader/entries/Win10.conf
title Windows 10
efi /EFI/shellx64.efi
options -nointerrupt -noconsolein -noconsoleout windows.nsh
My esp is mounted at /boot. So naturally I put shellx64.efi in /boot/EFI and that's why Win10.conf says /EFI/shellx64.efi. However after configuring all this, when I select Windows 10 on the systemd-boot screen, nothing happens, there is only a single non-blinking cursor top left of the screen and it is stuck there.
What am I missing? I know if both operating systems were on the same drive everything would be much easier as I could just point to the EFI that is on the same drive, but they're not so how do I make this work?
Offline
Anyone able to help with this? I was using linux-hardened when I initially posted this, but have moved to the regular linux kernel for other reasons. I thought it might also fix this problem so I came back to trying it again, but no luck. Same problem, single non-blinking cursor at the top left of the screen and it is stuck there when I select Windows 10 entry. I also placed shellx64.efi in /boot instead of /boot/EFI/ and edited Win10.conf accordingly, same problem.
I would really like a fix for this as it is annoying having to enter the bios every time I want to boot into Windows.
Offline
Is "Secure Boot" enabled? The EFI shell binary is unsigned.
Offline
Is "Secure Boot" enabled? The EFI shell binary is unsigned.
Nope, fully disabled. Fast Boot is also disabled both in Windows and BIOS.
Offline
What happens if you remove or disable the "options" in Win10.conf? Does booting the shell itself work?
Can you manually start "windows.nsh"?
Last edited by -thc (2023-04-06 19:38:25)
Offline
What happens if you remove or disable the "options" in Win10.conf? Does booting the shell itself work?
Can you manually start "windows.nsh"?
So after removing the -nointerrupt -noconsolein -noconsoleout options I can boot into the shell, but nothing happens, it doesn't execute windows.nsh. I have to manually type windows.nsh and press enter. Once I do, I'm prompted for the VeraCrypt password and PIM, but this happens inside the shell, not like the regular VeraCrypt boot which is a fullscreen different looking boot screen. When I enter the password and PIM inside the shell, it says success but nothing happens. It is stuck there, doesn't boot into Windows.
Offline
So after removing the -nointerrupt -noconsolein -noconsoleout options I can boot into the shell, but nothing happens, it doesn't execute windows.nsh. I have to manually type windows.nsh and press enter.
That's as it should be.
Once I do, I'm prompted for the VeraCrypt password and PIM, but this happens inside the shell, not like the regular VeraCrypt boot which is a fullscreen different looking boot screen. When I enter the password and PIM inside the shell, it says success but nothing happens. It is stuck there, doesn't boot into Windows.
O.K. - one last test: When you boot into the UEFI shell as above don't start windows.nsh. Issue the command "map" and look for the correct file system (FS[0-9]:) of your EFI partition. In most cases this should be "FS0:". Issue those commands:
FS0:
cd EFI\VeraCrypt
DcsBoot.efi
Offline
O.K. - one last test: When you boot into the UEFI shell as above don't start windows.nsh. Issue the command "map" and look for the correct file system (FS[0-9]:) of your EFI partition. In most cases this should be "FS0:". Issue those commands:
FS0: cd EFI\VeraCrypt DcsBoot.efi
I did that, it was FS3 for me. Same result, asks for the VeraCrypt password and PIM inside the shell, and once I enter both it says success but nothing happens. Doesn't switch to Windows, it is stuck there.
What I would like is for systemd-boot to instantly show me the fullscreen VeraCrypt password and PIM prompt (the same one I get when I select VeraCrypt bootloader from the BIOS) when I select the Windows 10 entry in systemd-boot. But this just doesn't happen.
Last edited by LarryDave (2023-04-08 08:38:13)
Offline
As I am neither a developer nor a specialist on EFI executables I can only guess what's the problem here: The VeraCrypt EFI executable (DcsBoot.efi) can not be called from the EFI shell and must be called by the EFI Boot Manager inside the BIOS to provide the functionality that you require.
Last edited by -thc (2023-04-08 12:48:52)
Offline
As I am neither a developer nor a specialist on EFI executables I can only guess what's the problem here: The VeraCrypt EFI executable (DcsBoot.efi) can not be called from the EFI shell and must be called by the EFI Boot Manager inside the BIOS to provide the functionality that you require.
In that case maybe create a working uefi boot entry for windows/veracrypt and boot through the boot menu provided by your uefi implementation.
If that works you can try to add a menu item to systemd-boot that sets the BootNext UEFI variable to that entry (if the shell has soemthing like that, maybe you can find some efi program you can compile?) and then perform a warm reboot (reset -w)
Last edited by progandy (2023-04-08 19:11:59)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline