Secure Boot

Use agFM for UEFI64 Secure Boot

You can directly Secure UEFI64-Boot to the agFM grub2 boot files on the FAT32 Partition 2. Simply use your BIOS Boot Selection function key (e.g. F8 or F12, etc.) to select the USB HDD EFI boot option for Partition 2 of the USB drive.

The initial UEFI 64-bit boot file is actually a special signed Kaspersky shim file which allows us to load an unsigned version of a1ive grub2.

If you see a security-related error message, this may be due to the Kaspersky shim being specifically blocked by a database entry which has been installed into your UEFI BIOS settings (typically by recent Windows update). In this case you have three choices:

  1. Go into the BIOS settings and disable Secure Boot
  2. Go into the BIOS settings and clear the DBx UEFI database blacklist to allow the Kaspersky shim to load
  3. Convert your Secure Boot signed payload files (e.g. Windows Install ISOs, Ubuntu ISOs, Red Hat ISOs, etc.) to Partition Image files (.imgPTN23 files).

Note: Directly Secure UEFI32-booting to the agFM menu is not supported.

Note: If you have successfully Secure-booted to the agFM menu system, then you can boot to any secure or insecure payload or load the Ventoy menu system.

Secure Boot using Partition Images

You can convert an ISO or folder containing Secure-bootable files to a Partition Image using the Windows script MakePartImage.cmd (typically drag-and-drop onto the MPI_FAT32 Desktop shortcut).

Add the resultant .imgPTN23 file to your E2B USB drive. This file can be used to completely replace Partition #1 of the E2B USB drive.

You can ‘switch-in’ the .imgPTN23 file in a number of ways:

  1. Run \_ISO\SWITCH_E2B,exe
  2. Legacy\MBR boot to the E2B menu and select the .imgPTN23 file
  3. UEFI-boot to agFM Partition 2 (on another system) and select the .imgPTN23 file
  4. Add a FAT32 Partition #3 to your E2B USB drive and place a bootable copy of WinPE on it. You can then Secure Boot to WinPE on the 3rd partition and run SWITCH_E2B.exe to switch in the desired .imgPTN23 image file.

Once the new partition image is ‘switched-in’, you can Secure UEFI-boot to Partition #1.

Note that not all ISOs contain signed secure boot files.

Multi-buy discount 10%

eBooks (in PDF format)

Easy-to-read eBooks are available in PDF format (each eBook is over 100 pages) – rated 4.5/5 stars.
Learn the secrets of Legacy and UEFI USB booting and then make your perfect multiboot USB drive.
E2B eBook #1 includes instructions on how to remove the E2B 5-second start-up delay blue screen.

E2B is unique in that it uses partition images which allows you to directly boot from Secure Boot images (no need to disable Secure Boot or run MOK manager or modify your UEFI BIOS).

Most eBooks are over 100 pages long, contain original content (not AI generated!) and step-by-step exercises which are suitable for both the beginner or the more experienced user.
Customer reviews are located at bottom of each eBook product page and multi-buy discounts are available when you buy more than one eBook. Please also visit RMPrepUSB.com and the E2B Forum.
Subscribe to my blog for the latest news, tips, USB boot articles and free eBook updates.