Secure Bootloader for FydeOS and Surface Pro 4
This is a working secure bootloader for FydeOS on the Surface Pro 4, based off this guide with a few caveats:
- Need to mount this
Super-UEFIinSecureBoot-Disk_minimal.imgimage with Linux using the offset (found using parted) via this command:sudo mount -o loop,ro,offset=1048576 Super-UEFIinSecureBoot-Disk_minimal.img /path/to/mount/, as it can't simply be extracted like described in that guide.
You should be able to copy/replace the entire contents of the EFI folder on your EFI Partition with the contents from this repo, but keep the original Microsoft folder in place.
Also ensure to copy the ENROLL_THIS_KEY_IN_MOKMANAGER.cer certifiate to the root of your EFI partition, and follow the original guide or next section to enroll the key.
Reboot and enable Secure Boot in the BIOS, and boot from the /EFI/BOOT/BOOTX64.EFI image (add a boot entry to your bios using EasyUEFI or some other tool if not present)
You now get a blue screen with the Access Denied error. Follow these instructions:
- At the error page press OK
- Press any key to perform MOK management
- Select Enroll key from disk
- Select Continue
- Select the disk where you put the .cer file
- Select Yes and then Reboot
You should now be able to boot into FydeOS with Secure Boot enabled!