Ventoy is a popular tool for creating multiboot USB drives, offering great compatibility and ease of use. However, in the past, Ventoy drives couldn’t boot on systems with secure boot enabled. In this guide, we will explain how to enable secure boot support for Ventoy, allowing you to create bootable drives that work seamlessly on secure boot-enabled systems.
Enroll Key from Disk
When encountering the “Verification failed:(01XA) Security Violation” error on boot, press Enter.
On the Shim UEFI key management screen, press any key.
Select “Enroll key from disk” and press Enter.
Choose “VTOYEFI” from the list and press Enter.
Select “ENROLL_THIS_KEY_IN_MOKMANAGER.cer” and press Enter.
Continue to the Enroll MOK screen and press Enter.
Confirm the enrollment by selecting “Yes” and pressing Enter.
Finally, select “Reboot” and press Enter. Your Ventoy drive should now boot successfully with secure boot enabled.
Enroll Hash from Disk
Follow Steps 1 and 2 from the previous section to reach the “Perform MOK management” screen.
Select “Enroll hash from disk” and press Enter.
Choose “VTOYEFI” and press Enter to select the binary.
Navigate to the EFI directory by selecting “EFI/” and pressing Enter.
Enter the “BOOT/” directory by selecting “BOOT/” and pressing Enter.
Choose “grubx64.efi” and press Enter.
Proceed to the Enroll MOK screen and press Enter.
Confirm the enrollment by selecting “Yes” and rebooting your system.
Disabling Secure Boot
By default, secure boot support is enabled since Ventoy 1.0.76. If using an older version, enable it manually.
If you created a Ventoy drive without enabling secure boot support, run Ventoy again, enable the option and update the drive to ensure compatibility.
To disable secure boot entirely, follow these steps:
Power up your PC and access the firmware settings by pressing the BIOS Setup key(usually Function keys or Del).
If required, switch to Advanced Mode(usually F7).
Navigate to the Security tab and set Secure Boot Control to Disabled.
Save the changes and exit by pressing the key shown on the screen(usually F10).
After rebooting, you should be able to boot from the Ventoy drive, as secure boot is now disabled.
Conclusion
With the latest versions of Ventoy, enabling secure boot support has become easier. By enrolling Ventoy’s key or hash, or by disabling secure boot, you can ensure smooth booting of Ventoy drives on secure boot-enabled systems. Follow the steps outlined in this guide to enable secure boot support for Ventoy and enjoy it’s multiboot capabilities without any compatibility issues.
Experiencing difficulties with your Device, check out our “How To” page on how to resolve some of these issues.