18

I have a DELL machine that use Phoenix SecureCore Tiano as its UEFI/BIOS However, it is totally not configurable as its UEFI shell & menus are hidden in BIOS Setup.

I'm wondering if there were tools that can modify the UEFI settings(such as Boot Items) in user mode? such as "efibootmgr" in linux.

btw, because it is not configurable, I think the boot process is in legacy mode so that's to say OSes can not detect the UEFI exist, am i right?

so, that's the paradox: I must be boot in non-legacy mode to enable UEFI tools to modify boot items in user mode? but I must enable UEFI tools to modify boot items first to enable non-legacy boot?

Hennes
  • 65,804
  • 7
  • 115
  • 169
marstone
  • 281

6 Answers6

4

EFI implementations must provide some way to control the boot mode (EFI vs. BIOS), except of course for EFI-only implementations without BIOS support. Too often, though, the firmware gives the user little or no explicit control of the matter; instead, the firmware attempts to infer the correct boot mode based on the state of the hard disk -- for instance, it might use EFI mode if a GPT is detected and BIOS mode if an MBR is found; or it might use EFI mode if an EFI System Partition (ESP) is found and BIOS mode if not. You may be able to find a clue about what your firmware is doing by reading the manual. If not, you'll just have to experiment.

When booting removable media, the rules may be different, but you can often give it a kick in the right direction by providing just one boot mode. This may require re-mastering a CD or (more easily) carefully selecting a CD. If you're trying to force an EFI-mode boot, my rEFInd, and in particular its bootable CD version, may be helpful; it boots only in EFI mode, and as configured, it will act as a boot manager for other EFI-based boots, but not for BIOS-mode boots.

Rod Smith
  • 41
1

Michael Niehaus recently released a powershell module for modifying UEFI variables on Windows.

It provides the following functions:

  • Get-UEFIVariable
  • Set-UEFIVariable
  • Set-LHSTokenPrivilege
  • Get-UEFISecureBootCerts
silico-biomancer
  • 518
1

I've just bought a Dell XPS 17 (l702x) and I'm interested in multi-booting a variety of OSes. If what I've understood is correct, the Dell has some form of locked-down Phoenix SecureCore Tiano UEFI 'BIOS'. From what I've read, UEFI isn't directly usable (possibly via a hidden menu etc., which might require a BIOS mod).

It does seem possible to use/access a Phoenix compatible EFI shell, using the open-source (BSD) TianoCore edk2/ShellPkg (source) and edk2/ShellBinPkg (binary) packages (GIT Repo).

I recommend the newer ShellBinPkg, using the "full shell" profile of UEFI Shell 2.0 (supports the most commands). You can also rebuild a custom shell using the ShellPkg (build standalone or include it in the OVMF package to generate a x64 version) - Inclusion of UEFI shell in Linux distro iso.

The [U]EFI shell binary is compiled to run independent of the firmware. This can be tested by putting the shell on a FAT32 file system (USB stick, hard drive partition), renamed as /efi/boot/bootx64.efi and then booting to it, from your [UEFI] BIOS.

Help text for the shell is accessed by typing help utilname. Just using help produces a list of all available shell commands.

Note: If you are unable to launch UEFI Shell from the firmware directly, create a FAT32 USB pen drive with Shell.efi copied as (USB)/efi/boot/bootx64.efi . This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you. - Arch Linux's take on UEFI

Pro Backup
  • 559
Big Rich
  • 113
  • 5
0

In my experiments, I concluded as follows:

If you wish to use an U/EFI multi-boot USB key, you MUST:

  1. clear all partitions/wipe drive entirely;
  2. convert it to GPT;
  3. create a primary partition and format it as Fat32;
  4. make a dir called EFI (not case sensitive) in the root of the drive;
  5. create a subdir in previous dir called boot (not case sensitive, too)
  6. put your desired .efi file in there and rename it to match the system's architecture: bootx64.efi if x64, bootia32.efi if x86 or bootaa64.efi if ARM64.

Tried it in a Dell Inspiron 5437 touchscreen and worked perfectly.

One last thing: if the .efi file isn't signed with Microsoft's digital signature, must disable only secure boot mode under fw settings. Leave the UEFI boot and fast boot mode enabled.

For tests, find multi-boot key of your OEM machine before to install it permanently and select uefi: <your usb key> from the presented list.

Overmind
  • 10,308
Thiago Postio
  • 1
0

I just release my utility if anyone is interested. It edits UEFI variable in windows.

https://gist.github.com/Zibri/19f9838ffd12349bb2c6c3afddc9388f/

Updated on 25/02/2020 to version 1.2.
No internet connection needed.
Virus total reports 6 (false positives) over 96 because the code is obfuscated.

Zibri
  • 291
0

Editing EFI vars from LINUX CLI:

As stated in this other answer, the simple procedure to modify UEFI variables is to use a bootable USB with Linux (like ArchLinux ISO), and simply navigate to EFIvars as a normal system directory (cd /sys/firmware/efi/efivars/), where you can:

  • remove them (with rm),
  • create new ones (with printf)
  • or even disable file immutability (with chattr)
DavidTaubmann
  • 180