You are not logged in.
So my desktop PC has two SSDs in it. One is my main Linux drive that only has two partitions, /boot and /, which is just a simple full disk dm-crypt LUKS encryption setup, using systemd-boot. The other drive is a Windows 10 installation also fully encrypted with VeraCrypt.
Since the VeraCrypt bootloader resides on another drive, I followed the wiki, specifically https://wiki.archlinux.org/title/System … other_disk. I installed edk2-shell, booted off of it, took note of the FS alias and full path of the EFI file on the drive (dev/sdb2) using map then exited back to Linux. Then I created windows.nsh in /boot.
/boot/windows.nsh
HD0c65535a2:EFI\VeraCrypt\DcsBoot.efi
Then I created Win10.conf in /boot/loader/entries.
/boot/loader/entries/Win10.conf
title Windows 10
efi /EFI/shellx64.efi
options -nointerrupt -noconsolein -noconsoleout windows.nsh
My esp is mounted at /boot. So naturally I put shellx64.efi in /boot/EFI and that's why Win10.conf says /EFI/shellx64.efi. However after configuring all this, when I select Windows 10 on the systemd-boot screen, nothing happens, there is only a single non-blinking cursor top left of the screen and it is stuck there.
What am I missing? I know if both operating systems were on the same drive everything would be much easier as I could just point to the EFI that is on the same drive, but they're not so how do I make this work?
Offline
Anyone able to help with this? I was using linux-hardened when I initially posted this, but have moved to the regular linux kernel for other reasons. I thought it might also fix this problem so I came back to trying it again, but no luck. Same problem, single non-blinking cursor at the top left of the screen and it is stuck there when I select Windows 10 entry. I also placed shellx64.efi in /boot instead of /boot/EFI/ and edited Win10.conf accordingly, same problem.
I would really like a fix for this as it is annoying having to enter the bios every time I want to boot into Windows.
Offline
Is "Secure Boot" enabled? The EFI shell binary is unsigned.
Offline
Is "Secure Boot" enabled? The EFI shell binary is unsigned.
Nope, fully disabled. Fast Boot is also disabled both in Windows and BIOS.
Offline
What happens if you remove or disable the "options" in Win10.conf? Does booting the shell itself work?
Can you manually start "windows.nsh"?
Last edited by -thc (2023-04-06 19:38:25)
Offline
What happens if you remove or disable the "options" in Win10.conf? Does booting the shell itself work?
Can you manually start "windows.nsh"?
So after removing the -nointerrupt -noconsolein -noconsoleout options I can boot into the shell, but nothing happens, it doesn't execute windows.nsh. I have to manually type windows.nsh and press enter. Once I do, I'm prompted for the VeraCrypt password and PIM, but this happens inside the shell, not like the regular VeraCrypt boot which is a fullscreen different looking boot screen. When I enter the password and PIM inside the shell, it says success but nothing happens. It is stuck there, doesn't boot into Windows.
Offline
So after removing the -nointerrupt -noconsolein -noconsoleout options I can boot into the shell, but nothing happens, it doesn't execute windows.nsh. I have to manually type windows.nsh and press enter.
That's as it should be.
Once I do, I'm prompted for the VeraCrypt password and PIM, but this happens inside the shell, not like the regular VeraCrypt boot which is a fullscreen different looking boot screen. When I enter the password and PIM inside the shell, it says success but nothing happens. It is stuck there, doesn't boot into Windows.
O.K. - one last test: When you boot into the UEFI shell as above don't start windows.nsh. Issue the command "map" and look for the correct file system (FS[0-9]:) of your EFI partition. In most cases this should be "FS0:". Issue those commands:
FS0:
cd EFI\VeraCrypt
DcsBoot.efi
Offline
O.K. - one last test: When you boot into the UEFI shell as above don't start windows.nsh. Issue the command "map" and look for the correct file system (FS[0-9]:) of your EFI partition. In most cases this should be "FS0:". Issue those commands:
FS0: cd EFI\VeraCrypt DcsBoot.efi
I did that, it was FS3 for me. Same result, asks for the VeraCrypt password and PIM inside the shell, and once I enter both it says success but nothing happens. Doesn't switch to Windows, it is stuck there.
What I would like is for systemd-boot to instantly show me the fullscreen VeraCrypt password and PIM prompt (the same one I get when I select VeraCrypt bootloader from the BIOS) when I select the Windows 10 entry in systemd-boot. But this just doesn't happen.
Last edited by LarryDave (2023-04-08 08:38:13)
Offline
As I am neither a developer nor a specialist on EFI executables I can only guess what's the problem here: The VeraCrypt EFI executable (DcsBoot.efi) can not be called from the EFI shell and must be called by the EFI Boot Manager inside the BIOS to provide the functionality that you require.
Last edited by -thc (2023-04-08 12:48:52)
Offline
As I am neither a developer nor a specialist on EFI executables I can only guess what's the problem here: The VeraCrypt EFI executable (DcsBoot.efi) can not be called from the EFI shell and must be called by the EFI Boot Manager inside the BIOS to provide the functionality that you require.
In that case maybe create a working uefi boot entry for windows/veracrypt and boot through the boot menu provided by your uefi implementation.
If that works you can try to add a menu item to systemd-boot that sets the BootNext UEFI variable to that entry (if the shell has soemthing like that, maybe you can find some efi program you can compile?) and then perform a warm reboot (reset -w)
Last edited by progandy (2023-04-08 19:11:59)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
I had almost exact same problem, the only difference beeing I have Windows and Linux dualboot installed on 1 drive.
First, how my drive partitioning looks:
Device Start End Sectors Size Type
/dev/nvme0n1p1 2048 206847 204800 100M EFI System
/dev/nvme0n1p2 206848 239615 32768 16M Microsoft reserved
/dev/nvme0n1p3 239616 283570175 283330560 135.1G Microsoft basic data
/dev/nvme0n1p4 283570176 287764479 4194304 2G EFI System
/dev/nvme0n1p5 287764480 1000214527 712450048 339.7G Linux filesystem
nvme0n1p1, p2 and p3 were default partitions created by Windows. (I installed Windows first, then installed Arch). I installed Arch in a way, that my /boot is on a separate partition, NOT on the existing EFI partition created by Windows.. So have that in mind, beacuse I think more people install their /boot partition to existing one created by Microsoft.
Now the 2 things I did, was first to mount the /dev/nvme0n1p1 partition to somewhere, for example:
sudo mount /dev/nvme0n1p1 /mnt/myMountPoint
(make sure to create myMountPoint directory earlier).
Inside that mounted partition was single "EFI" directory, and inside that "EFI" directory there were 3 directories: "Boot", "Microsoft" and "VeraCrypt".
And then copy all of the contents of the mounted "EFI" directory to (in my case) /boot/EFI.
And that's actually all. I DID NOT HAVE TO create any entries in /boot/loader/entries, because somehow they were picked up by the systemd-boot. One problem with my solution is, I copied all contents of "EFI" partition, and I'm sure there is only certain files needed to be copied, because if all of them will get copied like I showed, in the systemd-boot menu, many entries will show up, and in my case all point to the same Windows with working VeraCrypt.
So to improve that solution, you need to find what minimal files needs to be copied, not to have such bloated boot menu.
But for me it works, it's better than entering the UEFI/BIOS menu to boot to Windows, and I'm lazy, so I left it as it is xD.
Offline