Yes. They boot from Ventoy just fine. Joined Jul 18, 2020 Messages 4 Trophies 0 . Option2: Use Ventoy's grub which is signed with MS key. That is to say, a WinPE.iso or ubuntu.iso file can be booted fine with secure boot enabled(even no need for the user to whitelist them) but it may contain a malicious application in it. see http://tinycorelinux.net/13.x/x86_64/release/ 6. Well occasionally send you account related emails. I thought that Secure Boot chain of trust is reused for TPM key sealing, but thinking about it more, that wouldn't really work. So any method that allows users to boot their media without having to explicitly disable Secure Boot can be seen as a nice thing to have even if it comes at the price of reducing the overall security of one's computer. This means current is Legacy BIOS mode. I will not release 1.1.0 until a relatively perfect secure boot solution. PS: It works fine with original ventoy release (use UEFIinSecureBoot) when Secure boot is enabled. Vmware) with UEFI mode and to confirm that the ISO file does support UEFI mode. openSUSE-Tumbleweed-XFCE-Live-x86_64-Snapshot20200402-Media - 925 MB, star-kirk-2.1.0-xfce-amd64-live.iso - 518 MB, Porteus-CINNAMON-v5.0rc1-x86_64.iso - 300 MB Cantt load some ISOs - Ventoy I am just resuming my work on it. Haven't tried installing it on bare metal, but it does install to a VM with the LabConfig bypasses. There are also third-party tools that can be used to check faulty or fake USB sticks. Ventoy supports ISO, WIM, IMG, VHD(x), EFI files using an exFAT filesystem. What you want is for users to be alerted if someone picked a Linux or Microsoft media, and the UEFI bootloader was altered from the original. Also, what GRUB theme are you using? Results when tested on different models\types of x86 computers - amount of RAM, make/model, latest BIOS? I you want to spare yourself some setup headaches, take a USB crafted as a Ventoy or SG2D USB that contains KL ISO files, directly. TPM encryption has historically been independent of Secure Boot. but CorePure64-13.1.iso does not as it does not contain any EFI boot files. Again, detecting malicious bootloaders, from any media, is not a bonus. No idea what's wrong with the sound lol. You can reformat it with FAT32/NTFS/UDF/XFS/Ext2/Ext3/Ext4 filesystem, the only request is that Cluster Size must greater than or equal to 2048. I still don't know why it shouldn't work even if it's complex. WinPE10_8_Sergei_Strelec_x86_x64_2019.12.28_English.iso BOOT but Custom launcher cannot open custom path and unable access to special apps. So I think that also means Ventoy will definitely impossible to be a shim provider. Level 1. Single x64 ISO - OK - Works and install.esd found by Setup - all Editions listed Dual 32+64 ISO - FAIL - Did not find install.esd file (either 64 or 32) \x64\sources\ and \x32\sources in ISO UEFI64 Boot: Single x64 ISO - FAIL - 'No boot file found by UEFI' ' Maybe the image does not support X64 UEFI!' In that case there's no difference in booting from USB or plugging in a SATA or NVMe drive with the same content as you'd put on USB (and we can debate about intrusion detection if you want). Please thoroughly test the archive and give your feedback, what works and what don't. @pbatard Sorry, I should have explained my position clearer - I fully agree that the Secure Boot bypass Ventoy uses is not secure, and I'm not using Ventoy exactly because of it. we have no ability to boot it unless we disable the secure boot because it is not signed. You can't just convert things to an ISO and expect them to be bootable! When install Ventoy, maybe an option for user to choose. This could be useful for data recovery, OS re-installation, or just for booting from USB without thinking about additional steps. backbox-7-desktop-amd64.iso - 2.47 GB, emmabuntus-de3-amd64-10.3-1.01.iso - 3.37 GB, pentoo-full-amd64-hardened-2019.2.iso - 4 GB Could you please also try via BIOS/Legacy mode? Some questions about using KLV-Airedale - Page 9 - Puppy Linux . Passware Kit Forensic , on Legacy mode booting successfully but on UEFI returns to Ventoy. its okay. Well occasionally send you account related emails. https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1401532. Already on GitHub? It only causes problems. Of course , Added. By clicking Sign up for GitHub, you agree to our terms of service and But Ventoy currently does. Rik. However, Ventoy can be affected by anti-virus software and protection programs. may tanong po ulit ako yung pc ko po " no bootfile found for uefi image does not support x64 uefi" i am using ventoy galing po sa linux ko, gusto ko po isang laptop ko gawin naman windows, ganyan po lagi naka ilang ulit na po ako, laptop ko po kasi ayaw na bumalik sa windows mula nung ginawa ko syang linux, nagtampo siguro kaya gusto ko na po ibalik sa windows salamat po sa makakasagot at sa . For instance, if you produce digitally signed software for Windows, to ensure that your users can validate that when they run an application, they can tell with certainty whether it comes from you or not, you really don't want someone to install software on the user computer that will suddenly make applications that weren't signed by you look as if they were signed by you. Ventoy should only allow the execution of Secure Boot signed executables when Secure Boot is enabled, Microsoft's official Secure Boot signing requirements. Ctrl+i to change boot mode of some ISOs to be more compatible Ctrl+w to use wimboot to boot Windows and WinPE ISOs (e.g. If the secure boot is enabled in the BIOS, the following screen should be displayed when boot Ventoy at thte first time. No bootfile found for UEFI, maybe the image doesnt support ia32 uefi error, asus t100ta Kinda solved: Cant install arch, but can install linux mint 64 bit. Have a question about this project? https://osdn.net/projects/manjaro/storage/kde/, manjaro-kde-20.0-rc3-200422-linux56.iso BOOT 22H2 works on Ventoy 1.0.80. Will these functions in Ventoy be disabled if Secure Boot is detected? Indeed I have erroneously downloaded memtest v4 because I just read ".iso" and went for it. But that not means they trust all the distros booted by Ventoy. So all Ventoy's behavior doesn't change the secure boot policy. I made a VHD of an arch installation and installed the vtoyboot mod and it keeps on giving me the no UEFI error. From the booted OS, they are then free to do whatever they want to the system. 4 Ways to Fix Ventoy if It's Not Working [Booting Issues] Again, I think it is very fair to say that, if you use use Ventoy on a Secure Boot enabled system, and you went through Ventoy Secure Boot enrolment, they you expect that ISOs that aren't Secure Boot compliant will be reported, as they would with other means of using them on that system. Hiren does not have this so the tools will not work. Win10_1909_Chinese(Simplified)_x64.iso: Works fine, all hard drive can be properly detected. Agreed. @ventoy Maybe the image does not support x64 uefi . 4. It looks like that version https://github.com/ventoy/Ventoy/releases/tag/v1.0.33 fixes issue with my thinkpad. Say, we disabled validation policy circumvention and Secure Boot works as it should. @steve6375 I've mounted that partition and deleted EFI folder but it's still recognized as EFI, both in Windows Disk Management and the BIOS, just doesn't boot anymore. 1. You literally move files around and use a text editor to edit theme.text, ventoy.json, and so on. Just some of my thoughts: espero les sirva, pueden usar rufus, ventoy, easy to boot, etc. Any kind of solution? If someone uses Ventoy with Secure Boot, then Ventoy should not green light UEFI bootloaders that don't comply with Secure Boot. @chromer030 hello. Its ok. Hi, Hiren's Boot CD can be booted by Ventoy in Memdisk mode, you try Ventoy 1.0.08 beta2. However, some ISO files dont support UEFI mode so booting those files in UEFI will not work. Ventoy doesn't load the kernel directly inside the ISO file(e.g. So maybe Ventoy also need a shim as fedora/ubuntu does. @pbatard, if that's what what your concern, that could be easily fixed by deleting grubia32.efi and grubx64.efi in /EFI/BOOT, and renaming grubia32_real.efi grubia32.efi, grubx64_real.efi grubx64.efi. Any progress towards proper secure boot support without using mokmanager? Main Edition Support. I have this same problem. maybe that's changed, or perhaps if there's a setting somewhere to Ventoy is able to chain boot Windows 10 (build 2004) just fine on the same systems. When secure boot is enabled, only .efi/kernel/drivers need to be signed. Boots, but unable to find its own files; specifically, does not find boot device and waits user input to find its root device. Maybe we should just ask the user 'This file is not signed by Microsoft for 'Secure Boot' - do you still wish to boot from it?' Maybe the image does not support X64 UEFI" The MX21_February_x64.iso seems OK in VirtualBox for me. Something about secure boot? BIOS Mode Both Partition Style GPT Disk . But when I try to boot it with ventoy it does not boot and says the message "No bootfile found for UEFI". Do I need a custom shim protocol? But this time I get The firmware encountered an unexpected exception. All the .efi/kernel/drivers are not modified. In WIMBOOT mode (ctrl+w) I get 'Loading files. xx%' and then screen resolution changes and get nice Windows Setup GUI. P.S. KANOTIX uses a hybrid ISO layout, it definitely has X64 UEFI in ISO9660 and FAT12 (usually 1MiB offset). Many thanks! And, unless you're going to stand behind every single Ventoy user to explain why you think it shouldn't matter that Ventoy will let any unsigned bootloader through, that's just not going to fly. Tried the same ISOs in Easy2Boot and they worked for me. Ventoy version and details of options chosen when making it (Legacy\MBR\reserved space) to be used in Super GRUB2 Disk. debes activar modo legacy en el bios-uefi 1All the steps bellow only need to be done once for each computer when booting Ventoy at the first time. That would be my preference, because someone who wants to bypass Secure Boot indiscriminately, without disabling Secure Boot altogether, should have a clue what they are doing, and the problem with presenting options as a dialog is that you end up with tutorials that advise users to pick the less secure option, because whoever wrote happened to find the other choices inconvenient without giving much thought about the end result. Now Rufus has achieved support for secure boot as now NTFS:UEFI Driver is signed for secure boot by Microsoft. Yes, at this point you have the same exact image as I have. Ventoy does not always work under VBox with some payloads. If the ISO file name is too long to displayed completely. Firstly, I run into the MOKManager screen and enroll the testkey-ventoy.der and reboot. Hi, HDClone 9.0.11 ISO is stating on UEFI succesfully but on Legacy after choose "s" or "x64" to start hdclone it open's a black windows in front of the Ventoy Menu and noting happens more. Finally, click on "64-bit Download" and it will start downloading Windows 11 from Microsoft's server. You can press left or right arrow keys to scroll the menu. Follow the urls bellow to clone the git repository. gsrd90 New Member. If a user is booting a lot of unsigned bootloaders with Secure Boot enabled, they clearly should disable Secure Boot in their settings, because, for what they are doing, it is pretty much pointless. Then user will be clearly told that, in this case only distros whose bootloader signed with valid key can be loaded. If you get some error screen instead of the above blue screen (for example, Linpus lite xxxx). I adsime that file-roller is not preserving boot parameters, use another iso creation tool. to your account, Hi ! What matters is what users perceive and expect. Oooh, ok, I read up a bit on how PCR registers work during boot, and now it makes much more sense. Reply. I don't know why. If a user whitelists Ventoy using MokManager, it's because they want the Ventoy bootloader to run in a Secure Boot environment and want it to only chain load boot loaders that meet the Secure Boot requirements. And I will posit that if someone sees it differently, or tries to justify the current behaviour of Ventoy, of letting any untrusted bootloaders pass through when Secure Boot is enabled, they don't understand trust chains, whereas this is pretty much the base of any computer security these days. Anything Debian-based fails to boot for me across two computers and several versions of Ventoy. @shasheene of Rescuezilla knows about the problem and they are investigating. Vmware) with UEFI mode and to confirm that the ISO file does support UEFI mode. The Flex image does not support BIOS\Legacy boot - only UEFI64. Back Button - owsnyr.lesthetiquecusago.it Rufus or WoeUSB, in several meaningful ways.The program does not extract ISO images or other image formats to the USB drive but . And IMO, anything that attempts to push the idea that, maybe, allowing silent boot of unsigned bootloaders is not that bad, is actually doing a major disservice to users, as it does weaken the security of their system and, if this is really what a user wants, they can and should disable Secure Boot. So by default, you need to disabled secure boot in BIOS before boot Ventoy in UEFI mode. check manjaro-gnome, not working. en_windows_10_business_editions_version_2004_updated_may_2020_x64_dvd_aa8db2cc.iso Sign up for a free GitHub account to open an issue and contact its maintainers and the community. unsigned .efi file still can not be chainloaded. It's the BIOS that decides the boot mode not Ventoy. Ventoy 1.0.55: bypass Windows 11 requirements check during installation However, considering that in the case of Ventoy, you are basically going to chain load GRUB 2, and that most of the SHIMs have been designed to handle precisely that, it might be easier to get Ventoy accepted as a shim payload. I'm considering two ways for user to select option 1. regular-cinnamon-latest-x86_64.iso - 1.1 GB, openSUSE-Tumbleweed-GNOME-Live-x86_64-Snapshot20200326-Media.iso - 852MB This means current is UEFI mode. chromeos_14816.99.0_reven_recovery_stable-channel_mp-v2.bin fails to boot on BIOS & UEFI. All the .efi/kernel/drivers are not modified. I've made some tests this evening, it should be possible to make more-or-less proper Secure Boot support in Ventoy, but that would require modification of grub code to use shim protocol, and digital signatures for all Ventoy efi files, modules, etc. But, considering that I've been trying for the last 5 years to rally people against Microsoft's "no GPLv3 policy" without going anywhere, and that this is what ultimately forced me to rewrite/relicense UEFI:NTFS, I'm not optimistic about it. Let us know in the comments which solution worked for you. This seem to be disabled in Ventoy's custom GRUB). Will polish and publish the code later. It is designed to protect a system against malicious code being loaded and executed early in the boot process, before the operating system has been loaded. Sorry for my ignorance. I didn't expect this folder to be an issue. GRUB2, from my experiences does this automatically. I assume that file-roller is not preserving boot parameters, use another iso creation tool. and leave it up to the user. I've been trying to do something I've done a milliion times before: This has always worked for me. Perform a scan to check if there are any existing errors on the USB. ventoy maybe the image does not support x64 uefi Exactly. Maybe because of partition type That's actually the whole reason shims exist, because Microsoft forbade Linux people to get their most common UEFI boot manager signed for Secure Boot, so the Linux community was forced into creating a separate non GPLv3 boot loader that loads GRUB, and that can be signed for Secure Boot. If Secure Boot is enabled, signature validation of any chain loaded, If the signature validation fails (i.e. If you pull the USB drive out immediately after finish copy a big ISO file, most probably the file in the USB will be corrupted. and reboot.pro.. and to tinybit specially :) Error : @FadeMind Menu Option-->Secure Boot Support for Ventoy2Disk.exe and -s option for Ventoy2Disk.sh 3. Fedora-Workstation-Live-x86_64-32-1.6.iso: Works fine, all hard drive can be properly detected. However, users have reported issues with Ventoy not working properly and encountering booting issues. access with key cards) making sure that your safe does get installed there, so that it should give you an extra chance to detect ill intentioned people trying to access its content. EFI Blocked !!!!!!! If someone has physical access to a system then Secure Boot is useless period. @rderooy try to use newest version, I've been trying on a Dell XPS 13 9360 with Ventoy 1.0.34 UEFI running and Memtest86-4.3.7.iso does not work. list vol - select vol of EFI (in my case nr 14) as illustrated - assign - EFI drive is mounted as Q: Also possible is: After booting with Win10XPE from RAMDISK the Hidden EFI Driv lo importante es conocer las diferencias entre uefi y bios y tambien entre gpt y mbr. 8 Mb. SB works using cryptographic checksums and signatures. If everything is fine, I'll prepare the repo, prettify the code and write detailed compilation and usage instructions, as well as help @ventoy with integration. There are many suggestion to use tools which make an ISO bootable with UEFI on a flash disk, however it's not that easy as you can only do that with UEFI-enabled ISO's. By UEFI enabled ISO's I mean that the ISO files contain a BOOT\EFI directory with a EFI bootloader. These WinPE have different user scripts inside the ISO files. unsigned .efi file still can not be chainloaded. So as @pbatard said, the secure boot solution is a stopgap and that's why Ventoy is still at 1.0.XX. Does the iso boot from a VM as a virtual DVD? Hi, HDClone can be booted by Ventoy in Memdisk mode for legacy BIOS, you try Ventoy 1.0.08 beta2. Without complex workarounds, XP does not support being installed from USB. Hopefully, one of the above solutions help you fix Ventoy if its not working, or youre experiencing booting issues. If someone has physical access to a system and that system is enabled to boot from a USB drive, then all they need to do is boot to an OS such as Ubuntu or WindowsPE or WindowsToGo from that USB drive (these OS's are all signed and so will Secure boot). ventoy maybe the image does not support x64 uefi - FOTO SKOLA Some known process are as follows: To add Ventoy to Easy2Boot v2, download the latest version of Ventoy Windows .ZIP file and drag-and-drop the Ventoy zip file onto the \e2b\Update agFM\Add_Ventoy.cmd file on the 2nd agFM partition. So, yeah, if you have access to to the hardware, then Secure Boot, TPM or whatever security measure you currently have on consumer-grade products, is pretty much useless because, as long as you can swap hardware components around, or even touch the hardware (to glitch the RAM for instance), then unless the TPM comes with an X-Ray machine that can scan and compare hardware components, you're going to have a very hard time plugging all the many holes through which a dedicated attacker can gain access to your data. But MediCat USB is already open-source, built upon the open-source Ventoy project. So, Secure Boot is not required for TPM-based encryption to work correctly. By clicking Sign up for GitHub, you agree to our terms of service and In the install program Ventoy2Disk.exe. Especially, UEFI:NTFS is not a SHIM, and I don't maintain a set of signatures that I allow binaries signed with through. Yes ! You were able to use TPM for disk encryption long before Secure Boot, and rightfully so, since the process of storing and using data encryption keys is completely different from the process of storing and using trust chain keys to validate binary executables (being able to decrypt something is very different from being able to trust something). Topics in this forum are automatically closed 6 months after creation. Well occasionally send you account related emails. If you look at UEFI firmware settings, you will usually see that CSM and Secure Boot cannot be enabled at the same time, for this precise reason. @ValdikSS, I'm not seeing much being debated, when the link you point to appears to indicate that pretty much everybody is in agreement that loading unsigned kernels from GRUB, in a Secure Boot environment, is a bug (hence why it was reported as such). You are receiving this because you commented. what is the working solution? (The 32 bit images have got the 32 bit UEFI). I think it's ok as long as they don't break the secure boot policy. Official FAQ I have checked the official FAQ. Option 2: Only boot .efi file with valid signature. Acer nitro 5 windows 10 Hello , Thank you very very much for your testings and reports. Would disabling Secure Boot in Ventoy help? Once here, scroll down and move to the "Download Windows 11 Disk Image (ISO) for x64 devices" section. So, Ventoy can also adopt that driver and support secure boot officially. , Laptop based platform: No. With ventoy, you don't need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD (x)/EFI. Thank you both for your replies. This ISO file doesn't change the secure boot policy. Win10_21H2_BrazilianPortuguese_x64.iso also boots fine in Legacy mode on IdeaPad 300 with Ventoy 1.0.57. So the new ISO file can be booted fine in a secure boot enviroment. It also happens when running Ventoy in QEMU. Both are good. But, just like GRUB, I assert that this matter needs to be treated as a bug that warrants fixing, which is the reason I created this issue in the first place. The MEMZ virus nyan cat as an image file produces a very weird result, It also happens when running Ventoy in QEMU, The MEMZ virus nyan cat as an image file produces a very weird result I've tested it with Microsoft-signed binaries, custom-signed binaries, ubuntu ISO file (which chainloads own shim grub signed with Canonical key) all work fine. and select the efisys.bin from desktop and save the .iso Now the Minitool.iso should boot into UEFI with Ventoy. Open File Explorer and head to the directory where you keep your boot images. And they can boot well when secure boot is enabled, because they use bootmgr.efi directly from Windows iso. No, you don't need to implement anything new in Ventoy. Freebsd has some linux compatibility and also has proprietary nvidia drivers. For instance, it could be that only certain models of PC have this problem with certain specific ISOs. Probably you didn't delete the file completely but to the recycle bin. Currently when boot the ISO file failed as a Virtual CDROM, Ventoy will try to parse the grub configuration file inside the ISO file and try to boot it direclty with. Some Legacy BIOS has an access limitation and wont read a disk that exceeds the limitation. https://www.youtube.com/watch?v=F5NFuDCZQ00 Is it valid for Ventoy to be able to run user scripts, inject user files into Linux/Windows ram disks, change .cfg files in 'secure' ISOs, etc. Ventoy Forums *lil' bow* I suspect that, even as we are not there yet, this is something that we're eventually going to see (but most likely as a choice for the user to install the fully secured or partially secured version of the OS), culminating in OSes where every single binary that runs needs to be signed, and for the certificates those binaries are signed with to be in the chain of trust of OS. You signed in with another tab or window. Preventing malicious programs is not the task of secure boot. 1.- comprobar que la imagen que tienes sea de 64 bits Ventoy Version 1.0.78 What about latest release Yes. Remain what in the install program Ventoy2Disk.exe . Strelec WinPE) Ctrl+r for ventoy debug mode Ctrl+h or h for help m checksum a file Does shim still needed in this case? So even when someone physically unplugs my SSD and installs a malicious bootloader/OS to it, it won't be able to decrypt the main OS partition. I don't remember if the shortcut is ctrl i or ctrl r for grub mode. Ventoy up to 1.0.12 used the /dev/mapper/ventoy approach to boot. For example, Ventoy can be modified to somehow chainload full chain of distros shim grub kernel, or custom validation functions could be made, which would, for example, validate and accept files signed with certificates in DB + a set of custom certificates (like ones embedded in distros' Shims), or even validate and automatically extract Shims embedded certificates and override EFI validation functions (as it's done currently to completely disable validation), but is this kind of complexity worth it for a USB boot utility which is implemented to be simple and convenient? You can have BIOS with TPM and disk encryption and, provided your hardware manufacturer implements anti tampering protection to ensure that the TPM is not sharing data it shouldn't share with parts of the system that should not be trusted, it should be no less secure than TPM-based encryption on a Secure Boot enabled system. sharafat.pages.dev An encoding issue, perhaps (for the text)? If you did the above as described, exactly, then you now have a good Ventoy install of latest version, but /dev/sdX1 will be type exFAT and we want to change that to ext4, so start gparted, find that partition (make sure it is unmounted via right click in gparted), format it to ext4 and make sure to . Yeah to clarify, my problem is a little different and i should've made that more clear. Sorry for the late test. Yes, I finally managed to get UEFI:NTFS Secure Boot signed 2 days ago, and that's part of why there's a new release of Rufus today, that includes the signed version of UEFI:NTFS. Fedora/Ubuntu/xxx). Linux distributives use Shim loader, each distro with it's own embedded certificate unique for each distro. If Secure Boot is not enabled, proceed as normal. I installed ventoy-1.0.32 and replace the .efi files. Yes, anybody can make a UEFI bootloader that chain loads unsigned bootloaders with the express purpose of defeating Secure Boot. error was now displayed in 1080p. I don't remember if the shortcut is ctrl i or ctrl r for grub mode. The problem of manjaro-kde-20.0-pre1-stable-staging-200406-linux56.iso in UEFI booting was an issue in ISO file , resolved on latest released ISO today : @FadeMind Expect working results in 3 months maximum. @steve6375 However, I guess it should be possible to automatically enroll ALL needed keys to shim from grub module on the first boot (when the user enrolls my ENROLL_THIS_CERT_INTO_MOKMANAGER.crt) and handle unsigned efi binaries as a special case or just require to sign them with user-generated key? There are many kinds of WinPE. I have installed Ventoy on my USB and I have added some ISO's files : And they can boot well when secure boot is enabled, because they use bootmgr.efi directly from Windows iso. I can confirm it was the reason for some ISOs to not boot (ChimeraOS, Manjaro Gnome). Please refer github issue/1975, x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, ARM64 UEFI and MIPS64EL UEFI. Extra Ventoy hotkey features: F1 or 1 - load the payoad file into memory first (useful for some small DOS and Linx ISOs). Set the VM to UEFI mode and connect the ISO file directly to the VM and boot. Boots, but cannot find root device. I should also note that the key used in Ventoy is the same used in Super UEFIinSecureBoot Disk, my key. When enrolling Ventoy, they do not. We talk about secure boot, not secure system. Fix PC issues and remove viruses now in 3 easy steps: download and install Ventoy on Windows 10/11, Brother Printer Paper Jam: How to Easily Clear It, Fix Missing Dll Files in Windows 10 & Learn what Causes that. Ventoy is an open source tool that lets you create a bootable USB drive for ISO files. That's because, if they did want to boot non Secure Boot enabled ones, they would disable Secure Boot themselves. So maybe Ventoy also need a shim as fedora/ubuntu does. If the ISO is on the tested list, then clearly it is a problem with your particular equipment, so you need to give the details. How to Download Windows 11 ISO and Perform a Clean Install | Beebom Thank you very much for adding new ISOs and features. In Windows, Ventoy2Disk.exe will only list the device removable and in USB interface type by default. Rename it as MemTest86_64.efi (or something similar). Ventoy does support Windows 10 and 11 and users can bypass the Windows 11 hardware check when installing. @ventoy, I've tested it only in qemu and it worked fine. The latest version of Ventoy, an open source program for Windows and Linux to create bootable media using image file formats such as ISO or WMI, introduces experimental support for the IMG file format.. Ventoy distinguishes itself from other programs of its kind, e.g.