Start a Conversation

Solved!

Go to Solution

1882

April 5th, 2019 12:00

Latitude 5590 - 3rd Party Boot Manager Support?

I'm trying to install a 3rd party FDE Program on my Dell Latitude 5590s.

This requires adding a new Boot Manager and setting it to default.

However, on my Dell Latitude 5590s, the 3rd Party Boot Manager is not being added.

Often there is a security setting in the BIOS/UEFI that needs to be set to allow for the addition of 3rd party Credential providers.

Does the Dell 5590 support the addition of 3rd Party Boot Managers?

I see they support Ubuntu, which uses another Credential Provider...but it appears that in most cases it is "Pre-Loaded", meaning the UEFI/BIOS for the Ubuntu models may be hard coded with that support not available to the Windows versions.

9 Legend

 • 

14K Posts

April 5th, 2019 14:00


@BoonieBoy wrote:
Yes, the Boot Loader Supports Secure Boot via UEFI. The issue is that the Boot Loader is that BCDEDIT commands are not successfully adding the Boot Manager. Works on Other Dell Laptops and most other Dell Models. I've seen issues before when certain Systems have BIOS/UEFI settings disabling the changing of Boot Manangers for security reasons. But I can't find any way to Select, Add, etc... Boot Managers. Often there is a UI to add a Boot Manager.... See An Example here for the Inspiron... https://i.stack.imgur.com/dj6qV.jpg Normally these values can be modified via BCDEdit or the UEFI. However, if the UEFI does not support modifying these or has security restricting their changes, the BCDedit commands are ignored... So while the Bootloader is properyl signed.....BCDEdit commands are failing to add any entries on the Latitude 5590.

@BoonieBoy, BCDEdit doesn't touch the system's BIOS/UEFI settings.  It only affects the Windows BCD, which is an environment entirely contained in the Windows Boot Manager system bootloader.  So for example if you have a dual boot Windows setup on a UEFI system, the system firmware will still only have a single entry for Windows Boot Manager, which will point to a bootloader file.  At a system level, it always loads that one bootloader -- but that Windows Boot Manager bootloader environment then has two BCD entries that you can select from.  The boot menu presented at that point has nothing to do with system BIOS/UEFI boot settings.  This design allows you to choose which OS you want to boot without having to manually rearrange your system-level boot order or press F12 to invoke the one-time boot menu every time you want to boot the non-default OS.

The Windows Boot Manager boot option is added to the UEFI firmware by Windows Setup when the OS is installed.  The reason is that whereas BIOS/Legacy options always pointed to a device, like your internal hard drive, UEFI boot options for local storage point to a specific bootloader file on a specific partition of a specific device.  That type of path has to be registered into the UEFI firmware, and again Windows Setup does this in the background by running the BCDBoot command, which is completely separate from BCDEdit.  Are you maybe confusing those two?

If the system's UEFI firmware didn't allow modifying the boot managers, it wouldn't be possible to install a new hard drive or even wipe an existing disk and reinstall an OS, because either of those actions would require a new boot entry to be registered into the UEFI firmware.

9 Legend

 • 

14K Posts

April 5th, 2019 12:00

The Latitude xx90 models only support BIOS/Legacy booting from external devices.  They will only boot in UEFI mode from internal storage, so your third-party bootloader would need to support UEFI booting.  You will almost certainly need to disable Secure Boot, however, which IS still possible and allows unsigned third-party UEFI bootloaders.  Ubuntu works even with Secure Boot enabled because they got Microsoft to sign their bootloader, as explained here, and Microsoft's certificates are embedded by default in the system's UEFI firmware.  But again, third-party UEFI bootloaders are allowed with Secure Boot disabled.  However, BIOS/Legacy bootloaders are not.

3 Posts

April 5th, 2019 14:00

Yes, the Boot Loader Supports Secure Boot via UEFI. The issue is that the Boot Loader is that BCDEDIT commands are not successfully adding the Boot Manager. Works on Other Dell Laptops and most other Dell Models. I've seen issues before when certain Systems have BIOS/UEFI settings disabling the changing of Boot Manangers for security reasons. But I can't find any way to Select, Add, etc... Boot Managers. Often there is a UI to add a Boot Manager.... See An Example here for the Inspiron... https://i.stack.imgur.com/dj6qV.jpg Normally these values can be modified via BCDEdit or the UEFI. However, if the UEFI does not support modifying these or has security restricting their changes, the BCDedit commands are ignored... So while the Bootloader is properyl signed.....BCDEdit commands are failing to add any entries on the Latitude 5590.

3 Posts

April 8th, 2019 13:00

Figured out the Issue....Seems the New Dell 5590s shipped with Bitlocker already enabled and for some reason, they were being deployed w/o someone re-applying our Image.

Once we disabled bitlocker and decrypted the drives, our Boot Manager then added and set itself primary.  The installer has built-in protection to abort altering the BootManager setup if it detects the device is encrpyted with Bitlocker.

No Events found!

Top