my roommate's new Microsoft Surface Hub is running a wacky version of Windows 10 that popped up a "You need to download something from the store to support this file!" message when I tried to run a win64 exe.
-
also the Surface IT Tool verifies _something_ (I wasn't able to confirm what) with the microsoft servers before it'll write you an image, even if you have the image already downloaded.
So I highly suspect this method will break in the future
I should just make an image of the final recovery drive it creates, and stick that on the internet archive. DD it to your own 32gb drive and bypass all the nonsense
-
I should just make an image of the final recovery drive it creates, and stick that on the internet archive. DD it to your own 32gb drive and bypass all the nonsense
BTW this is one of my favorite kinds of projects.
You pick a shiny computer out of the garbage saying "why would anyone throw away this expensive fancy new computer?" and then slowly over the course of multiple days you Learn Why -
BTW this is one of my favorite kinds of projects.
You pick a shiny computer out of the garbage saying "why would anyone throw away this expensive fancy new computer?" and then slowly over the course of multiple days you Learn WhyI don't think I ever really explained why this is such a pain: The boot is locked down, and it's a real idiot-light kind of system. By default the UEFI does not allow changing the OS. It boots off the internal HD or not at all (although I think if you have an external drive the right signatures that's running the same OS, it doesn't consider it a problem and will boot it? No way to check that)
-
I don't think I ever really explained why this is such a pain: The boot is locked down, and it's a real idiot-light kind of system. By default the UEFI does not allow changing the OS. It boots off the internal HD or not at all (although I think if you have an external drive the right signatures that's running the same OS, it doesn't consider it a problem and will boot it? No way to check that)
You can use the Surface IT Tool (on a different machine) to make a special USB key that will reconfigure the system, based on a private key you generate, and this enables "AllowOSMigration" in the EUFI config. Basically all other UEFI options are locked down even in the special SEMM mode tool.
-
You can use the Surface IT Tool (on a different machine) to make a special USB key that will reconfigure the system, based on a private key you generate, and this enables "AllowOSMigration" in the EUFI config. Basically all other UEFI options are locked down even in the special SEMM mode tool.
And once you've got SEMM mode (I don't remember what it stands for, I'm too tired to look it up, and I'm pretty sure the last M is "mode" anyway so this is a case of RAS Syndrome) it supposedly will boot from USB devices
-
And once you've got SEMM mode (I don't remember what it stands for, I'm too tired to look it up, and I'm pretty sure the last M is "mode" anyway so this is a case of RAS Syndrome) it supposedly will boot from USB devices
however I was only able to find two images that it would boot from, despite what the doc pages say.
Those two recovery images are the Win10 Teams Edition image and the Win 11 IoT Microsoft Teams For Rooms "Skype for Business" abomination. -
however I was only able to find two images that it would boot from, despite what the doc pages say.
Those two recovery images are the Win10 Teams Edition image and the Win 11 IoT Microsoft Teams For Rooms "Skype for Business" abomination.I tried a bunch of other images, linux installers and such, regular windows 10/11 installation media, nothing happens. It won't boot them, it doesn't say why, there is no way to override.
Secure Boot is an open in the UEFI but it's locked, and the SEMM tool cannot change it. -
I tried a bunch of other images, linux installers and such, regular windows 10/11 installation media, nothing happens. It won't boot them, it doesn't say why, there is no way to override.
Secure Boot is an open in the UEFI but it's locked, and the SEMM tool cannot change it.So I'm REALLY limited in what I can run on this thing.
To get a Linux to boot I think I'd need to do some UEFI hacking (like enrolling other certificates somehow) or maybe boot hacking (load grub/ubuntu install using a chainloaded NTLDR?) -
So I'm REALLY limited in what I can run on this thing.
To get a Linux to boot I think I'd need to do some UEFI hacking (like enrolling other certificates somehow) or maybe boot hacking (load grub/ubuntu install using a chainloaded NTLDR?)but for now we're probably leaving it on Windows 11 and declaring victory. It works enough for what we plan to do with it (Draw with the Surface Pen and make House Billboards/Grocery Lists) and it means we can declare victory here
-
So I'm REALLY limited in what I can run on this thing.
To get a Linux to boot I think I'd need to do some UEFI hacking (like enrolling other certificates somehow) or maybe boot hacking (load grub/ubuntu install using a chainloaded NTLDR?)I know I'm way out of date on this - the last time I installed Linux on a Windows machine was probably 2001 or so - but there were Windows programs you could fire up to start the installation of some major distros from within Windows. I don't remember what they were called, but I think they were either official tools of those distros, or at least officially blessed.
IIRC, they fiddled the MBR and did other stuff. I'm wondering, does anything like this still exist, and does it maybe do things like installing keys in the UEFI partition or other magic to deal with secure boot?
-
but for now we're probably leaving it on Windows 11 and declaring victory. It works enough for what we plan to do with it (Draw with the Surface Pen and make House Billboards/Grocery Lists) and it means we can declare victory here
Krita seems to support the pens well if you uninstall Microsoft Teams Rooms and then assign all the buttons to "Nothing".
Krita can then use the pen, with pressure sensitivity, the side button, and the eraser button. You do have to switch it to the other Touch API, though, in settings -
Krita seems to support the pens well if you uninstall Microsoft Teams Rooms and then assign all the buttons to "Nothing".
Krita can then use the pen, with pressure sensitivity, the side button, and the eraser button. You do have to switch it to the other Touch API, though, in settingsalso I accidentally Doomrolled my roommate: She was trying to use Krita and accidentally launched Doom II fullscreen
-
also I accidentally Doomrolled my roommate: She was trying to use Krita and accidentally launched Doom II fullscreen
because I had configured the eraser-button to launch Doom if you tapped it, then got distracted away before I could test or reset that
-
because I had configured the eraser-button to launch Doom if you tapped it, then got distracted away before I could test or reset that
Doom II at 320x240 opening on a 3840x2560 50" display that you're half a meter from is a sight to see.
pixels the size of hams
-
I know I'm way out of date on this - the last time I installed Linux on a Windows machine was probably 2001 or so - but there were Windows programs you could fire up to start the installation of some major distros from within Windows. I don't remember what they were called, but I think they were either official tools of those distros, or at least officially blessed.
IIRC, they fiddled the MBR and did other stuff. I'm wondering, does anything like this still exist, and does it maybe do things like installing keys in the UEFI partition or other magic to deal with secure boot?
@cazabon yeah, Wubi from Ubuntu used to do that. I used it for a while back in the day. It's not going to bypass Secure Boot, though (which it seems Foone's Surface doesn't allow disabling) – and it had zero support for UEFI style boot in general – Wubi would just install grub4dos and configure it to be chain-loaded specifically from WinXP's NTLDR.
(I don't think it touched the MBR? nor the VBR? I don't remember for sure, but I *think* it was ntldr->grub4dos specifically to reduce the chance of failure. Traditional dualboot would go rearranging things to do grub->ntldr instead, but Wubi was for a very non-technical audience.)
These days as far as I know Windows's BOOTMGR refuses to boot anything that isn't digitally signed as a Windows component (unlike NTLDR in WinXP where you could still add arbitrary entries), so you can no longer chain bootmgr->grub, have to boot directly into grub from the beginning.
imo, installing GRUB "from the outside" has become *kinda easier* in EFI world; the equivalent of "fiddling the MBR" on UEFI systems would be "fondling the EFI boot variables", which Windows has an API for (and you can do it through bcdedit, etc) – the bootloader lives on a FAT partition, drop grub.efi in there, add a new boot entry that points to grub.efi – but of course that grub.efi isn't "Microsoft-signed" so it still won't boot no matter what.
as I understand the Surface won't boot even the MS-signed "Shim" because the hardware deliberately lacks the "third-party" UEFI certificates... although mjg59 said elsewhere in the thread that allegedly those are now possible to install thanks to the 2023 cert rollover, which actually sounds like it would work (as soon as there's a version of Shim out there that's signed using the 2023 "third-party" cert, and not the 2011 one)
-
R relay@relay.mycrowd.ca shared this topic
