You are not logged in.

#1 2023-01-27 12:09:55

LarryDave
Member
Registered: 2022-05-03
Posts: 19

Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

So my desktop PC has two SSDs in it. One is my main Linux drive that only has two partitions, /boot and /, which is just a simple full disk dm-crypt LUKS encryption setup, using systemd-boot. The other drive is a Windows 10 installation also fully encrypted with VeraCrypt.

Since the VeraCrypt bootloader resides on another drive, I followed the wiki, specifically https://wiki.archlinux.org/title/System … other_disk. I installed edk2-shell, booted off of it, took note of the FS alias and full path of the EFI file on the drive (dev/sdb2) using map then exited back to Linux. Then I created windows.nsh in /boot.

/boot/windows.nsh

HD0c65535a2:EFI\VeraCrypt\DcsBoot.efi

Then I created Win10.conf in /boot/loader/entries.

/boot/loader/entries/Win10.conf

title           Windows 10
efi             /EFI/shellx64.efi
options         -nointerrupt -noconsolein -noconsoleout windows.nsh

My esp is mounted at /boot. So naturally I put shellx64.efi in /boot/EFI and that's why Win10.conf says /EFI/shellx64.efi. However after configuring all this, when I select Windows 10 on the systemd-boot screen, nothing happens, there is only a single non-blinking cursor top left of the screen and it is stuck there.

What am I missing? I know if both operating systems were on the same drive everything would be much easier as I could just point to the EFI that is on the same drive, but they're not so how do I make this work?

Offline

#2 2023-04-06 06:39:38

LarryDave
Member
Registered: 2022-05-03
Posts: 19

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

Anyone able to help with this? I was using linux-hardened when I initially posted this, but have moved to the regular linux kernel for other reasons. I thought it might also fix this problem so I came back to trying it again, but no luck. Same problem, single non-blinking cursor at the top left of the screen and it is stuck there when I select Windows 10 entry. I also placed shellx64.efi in /boot instead of /boot/EFI/ and edited Win10.conf accordingly, same problem.

I would really like a fix for this as it is annoying having to enter the bios every time I want to boot into Windows.

Offline

#3 2023-04-06 15:49:34

-thc
Member
Registered: 2017-03-15
Posts: 544

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

Is "Secure Boot" enabled? The EFI shell binary is unsigned.

Offline

#4 2023-04-06 19:22:06

LarryDave
Member
Registered: 2022-05-03
Posts: 19

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

-thc wrote:

Is "Secure Boot" enabled? The EFI shell binary is unsigned.

Nope, fully disabled. Fast Boot is also disabled both in Windows and BIOS.

Offline

#5 2023-04-06 19:36:23

-thc
Member
Registered: 2017-03-15
Posts: 544

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

What happens if you remove or disable the "options" in Win10.conf? Does booting the shell itself work?
Can you manually start "windows.nsh"?

Last edited by -thc (2023-04-06 19:38:25)

Offline

#6 2023-04-07 09:19:06

LarryDave
Member
Registered: 2022-05-03
Posts: 19

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

-thc wrote:

What happens if you remove or disable the "options" in Win10.conf? Does booting the shell itself work?
Can you manually start "windows.nsh"?

So after removing the -nointerrupt -noconsolein -noconsoleout options I can boot into the shell, but nothing happens, it doesn't execute windows.nsh. I have to manually type windows.nsh and press enter. Once I do, I'm prompted for the VeraCrypt password and PIM, but this happens inside the shell, not like the regular VeraCrypt boot which is a fullscreen different looking boot screen. When I enter the password and PIM inside the shell, it says success but nothing happens. It is stuck there, doesn't boot into Windows.

Offline

#7 2023-04-07 09:42:31

-thc
Member
Registered: 2017-03-15
Posts: 544

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

LarryDave wrote:

So after removing the -nointerrupt -noconsolein -noconsoleout options I can boot into the shell, but nothing happens, it doesn't execute windows.nsh. I have to manually type windows.nsh and press enter.

That's as it should be.

LarryDave wrote:

Once I do, I'm prompted for the VeraCrypt password and PIM, but this happens inside the shell, not like the regular VeraCrypt boot which is a fullscreen different looking boot screen. When I enter the password and PIM inside the shell, it says success but nothing happens. It is stuck there, doesn't boot into Windows.

O.K. - one last test: When you boot into the UEFI shell as above don't start windows.nsh. Issue the command "map" and look for the correct file system (FS[0-9]:) of your EFI partition. In most cases this should be "FS0:". Issue those commands:

FS0:
cd EFI\VeraCrypt
DcsBoot.efi

Offline

#8 2023-04-08 08:34:12

LarryDave
Member
Registered: 2022-05-03
Posts: 19

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

-thc wrote:

O.K. - one last test: When you boot into the UEFI shell as above don't start windows.nsh. Issue the command "map" and look for the correct file system (FS[0-9]:) of your EFI partition. In most cases this should be "FS0:". Issue those commands:

FS0:
cd EFI\VeraCrypt
DcsBoot.efi

I did that, it was FS3 for me. Same result, asks for the VeraCrypt password and PIM inside the shell, and once I enter both it says success but nothing happens. Doesn't switch to Windows, it is stuck there.

What I would like is for systemd-boot to instantly show me the fullscreen VeraCrypt password and PIM prompt (the same one I get when I select VeraCrypt bootloader from the BIOS) when I select the Windows 10 entry in systemd-boot. But this just doesn't happen.

Last edited by LarryDave (2023-04-08 08:38:13)

Offline

#9 2023-04-08 12:41:14

-thc
Member
Registered: 2017-03-15
Posts: 544

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

As I am neither a developer nor a specialist on EFI executables I can only guess what's the problem here: The VeraCrypt EFI executable (DcsBoot.efi) can not be called from the EFI shell and must be called by the EFI Boot Manager inside the BIOS to provide the functionality that you require.

Last edited by -thc (2023-04-08 12:48:52)

Offline

#10 2023-04-08 15:41:53

progandy
Member
Registered: 2012-05-17
Posts: 5,215

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

-thc wrote:

As I am neither a developer nor a specialist on EFI executables I can only guess what's the problem here: The VeraCrypt EFI executable (DcsBoot.efi) can not be called from the EFI shell and must be called by the EFI Boot Manager inside the BIOS to provide the functionality that you require.

In that case maybe create a working uefi boot entry for windows/veracrypt  and boot through the boot menu provided by your uefi implementation.
If that works you can try to add a menu item to systemd-boot that sets the BootNext UEFI variable to that entry (if the shell has soemthing like that, maybe you can find some efi program you can compile?) and then perform a warm reboot (reset -w)

Last edited by progandy (2023-04-08 19:11:59)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#11 2024-06-17 12:47:22

Klusio19
Member
Registered: 2021-09-13
Posts: 3

Re: Can't boot off of VeraCrypt Windows 10 EFI through systemd-boot

I had almost exact same problem, the only difference beeing I have Windows and Linux dualboot installed on 1 drive.
First, how my drive partitioning looks:

Device             Start        End   Sectors   Size Type
/dev/nvme0n1p1      2048     206847    204800   100M EFI System
/dev/nvme0n1p2    206848     239615     32768    16M Microsoft reserved
/dev/nvme0n1p3    239616  283570175 283330560 135.1G Microsoft basic data
/dev/nvme0n1p4 283570176  287764479   4194304     2G EFI System
/dev/nvme0n1p5 287764480 1000214527 712450048 339.7G Linux filesystem

nvme0n1p1, p2 and p3 were default partitions created by Windows. (I installed Windows first, then installed Arch). I installed Arch in a way, that my /boot is on a separate partition, NOT on the existing EFI partition created by Windows.. So have that in mind, beacuse I think more people install their /boot partition to existing one created by Microsoft.

Now the 2 things I did, was first to mount the /dev/nvme0n1p1 partition to somewhere, for example:

sudo mount /dev/nvme0n1p1 /mnt/myMountPoint

(make sure to create myMountPoint directory earlier).
Inside that mounted partition was single "EFI" directory, and inside that "EFI" directory there were 3 directories: "Boot", "Microsoft" and "VeraCrypt".
And then copy all of the contents of the mounted "EFI" directory to (in my case) /boot/EFI.
And that's actually all. I DID NOT HAVE TO create any entries in /boot/loader/entries, because somehow they were picked up by the systemd-boot. One problem with my solution is, I copied all contents of "EFI" partition, and I'm sure there is only certain files needed to be copied, because if all of them will get copied like I showed, in the systemd-boot menu, many entries will show up, and in my case all point to the same Windows with working VeraCrypt.
So to improve that solution, you need to find what minimal files needs to be copied, not to have such bloated boot menu.
But for me it works, it's better than entering the UEFI/BIOS menu to boot to Windows, and I'm lazy, so I left it as it is xD.

Offline

Board footer

Powered by FluxBB