Build and use the Hirens BootCD PE USB

Build the USB

  1. Download the Hirens BootCD PE BootPE image link
  2. Download ISO2USB to your computer link
  3. Follow the instructions on the Hiren’s BootCD PE website

Enroll Key from Disk

On the newest computers, secure boot may be enabled. In short, this means that the computer will not boot from the device unless it’s been “Enrolled” by adding a Machine Owner Key (MOK) into a hidden, secure record in your UEFI datastore.

One of the ways Ventoy can work with secure boot now is by adding Ventoy’s key as a trusted key to the Machine Owner Key (MOK) database. To add secure boot support with this method,

Instructions

Here’s a pictorial step-by-step:

  1. Press Enter on the Verification failed screen.
    verification-failed-0x1a-security-violation
  2. Press any key on the Shim UEFI key management screen.
    shim-uefi-key-management
  3. Select Enroll key from disk and press Enter.
    enroll-key-from-disk
  4. Select VTOYEFI and press Enter.
    vtoyefi-enroll-key
  5. Select ENROLL_THIS_KEY_IN_MOKMANAGER.cer and press Enter.
    enroll-this-key-in-mokmanager
  6. Select Continue and press Enter in the Enroll MOK screen.
    continue-to-enroll-mok
  7. Select Yes and press Enter to enroll the keys.
    enroll-mok-keys-confirm
  8. Finally, select Reboot and press Enter. You should be able to boot with the Ventoy drive now.
    reboot-mok-management

Quick step-by-step

Displayed Screen Action to perform
Error Click “OK”
Shim UEFI Key Management Press any key to continue
Perform MOK management Click “Enroll key from disk”
Select Key Click “VTOYFI”
Select Key (again) Click “ENROLL_THIS_KEY_IN_MOKMANAGER.cer”
[Enroll MOK] Click “Continue”
Enroll the key(s)? Click “Yes”
Perform MOK management Click “Reboot”