Hasleo Software Forums Hasleo Software (formerly called EasyUEFI Development Team) Hasleo Backup Suite (Free Windows Backup & Restore Software) v
Hasleo Offine WinPE.OPE and 2023 Secure Boot Certificates

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Hasleo Offine WinPE.OPE and 2023 Secure Boot Certificates
admin Offline
Administrator
*******
Posts: 3,229
Threads: 19
Joined: Feb 2014
Reputation: 276
#21
06-23-2026, 12:36 PM
@Bespoken, for the information you provided and for helping with the testing.

Here's the download link for the fixed version:
https://www.easyuefi.com/backup-software...260622.exe
Free Windows Backup & Free Data Recovery & Windows To Go Creator & UEFI Boot Manager & Windows Deployment Tool & BitLocker For Windows Home
Hasleo Software
Find
Reply
al3x Offline
Moderator
*****
Posts: 275
Threads: 15
Joined: Nov 2024
Reputation: 53
#22
06-26-2026, 02:23 AM
(06-18-2026, 09:31 AM)al3x Wrote: Looks like this might be a Ventoy problem unfortunately. If Ventoy with 2011 HBS ISO works then Ventoy probably replaces the 2011 cert during boot with its own cert that you inserted in BIOS previously.

Maybe Ventoy has problems with the injection of its own cert with 2023 ISOs? Have you tried any other ISOs via Ventoy that already have the new 2023 cert? If those work, maybe HBS can change something that helps Ventoy. If those don’t work as well, I hope that Ventoy will fix that soon Undecided

*Edit: There’s already a GitHub issue for this, might be related:
https://github.com/ventoy/Ventoy/issues/3639

Quick follow-up to that Ventoy issue I mentioned.
TLDR: If you're using Ventoy with secure boot, you should update Big Grin

That GitHub issue raised a small discussion that resulted in some updates to Ventoy yesterday and today.
So now the current version is 1.1.16 and brings a bunch of fixes for the new UEFI CA 2023 certificate.

Btw: Ventoy now also comes with a bypass secure boot feature that is on by default so old ISOs with blocked certs should work, too.

Quote:Changelog - https://github.com/ventoy/ventoy/releases
- Update secure boot shim file to solve the UEFI CA 2023 issue.
- The new release use a new CA, so you need to enroll the new key for the first boot time.
- VentoyPlugson update synchronously.
- Global control plugin add a VTOY_SECURE_BOOT_POLICY option.
- Fix the boot issue when Secure Boot is disabled in the UEFI firmware. (#3650)
- Fix the boot issue with old UEFI version firmware when secure boot is disabled.
- Fix the latest Kicksecure boot issue. (#3651)
- Fix the issue that VTOY_WIN_UEFI_RES_LOCK option reset when enter VentoyPlugson.
- Languages update.

Attention
Ventoy use a new UEFI secure boot CA since v1.1.14, so you need to enroll the new key for the first boot time.
If you want to delete the key used in old release, please refer: https://www.ventoy.net/en/doc_delete_key.html
Find
Reply
Epictetus Offline
Junior Member
**
Posts: 74
Threads: 3
Joined: Sep 2025
Reputation: 5
#23
06-26-2026, 11:00 AM
(06-26-2026, 02:23 AM)al3x Wrote:
(06-18-2026, 09:31 AM)al3x Wrote: Looks like this might be a Ventoy problem unfortunately. If Ventoy with 2011 HBS ISO works then Ventoy probably replaces the 2011 cert during boot with its own cert that you inserted in BIOS previously.

Maybe Ventoy has problems with the injection of its own cert with 2023 ISOs? Have you tried any other ISOs via Ventoy that already have the new 2023 cert? If those work, maybe HBS can change something that helps Ventoy. If those don’t work as well, I hope that Ventoy will fix that soon Undecided

*Edit: There’s already a GitHub issue for this, might be related:
https://github.com/ventoy/Ventoy/issues/3639

Quick follow-up to that Ventoy issue I mentioned.
TLDR: If you're using Ventoy with secure boot, you should update Big Grin

That GitHub issue raised a small discussion that resulted in some updates to Ventoy yesterday and today.
So now the current version is 1.1.16 and brings a bunch of fixes for the new UEFI CA 2023 certificate.

Btw: Ventoy now also comes with a bypass secure boot feature that is on by default so old ISOs with blocked certs should work, too.

Quote:Changelog - https://github.com/ventoy/ventoy/releases
- Update secure boot shim file to solve the UEFI CA 2023 issue.
- The new release use a new CA, so you need to enroll the new key for the first boot time.
- VentoyPlugson update synchronously.
- Global control plugin add a VTOY_SECURE_BOOT_POLICY option.
- Fix the boot issue when Secure Boot is disabled in the UEFI firmware. (#3650)
- Fix the boot issue with old UEFI version firmware when secure boot is disabled.
- Fix the latest Kicksecure boot issue. (#3651)
- Fix the issue that VTOY_WIN_UEFI_RES_LOCK option reset when enter VentoyPlugson.
- Languages update.

Attention
Ventoy use a new UEFI secure boot CA since v1.1.14, so you need to enroll the new key for the first boot time.
If you want to delete the key used in old release, please refer: https://www.ventoy.net/en/doc_delete_key.html

Thanks for this update.

Is there any reason why one should delete the old key?
Find
Reply
al3x Offline
Moderator
*****
Posts: 275
Threads: 15
Joined: Nov 2024
Reputation: 53
#24
06-26-2026, 08:36 PM
(06-26-2026, 11:00 AM)Epictetus Wrote: Is there any reason why one should delete the old key?

Well, I don't think it causes any harm but Ventoy doesn't use it anymore and it's now obsolete.

In theory someone could potentially find a bug in older Ventoy releases and would still be able to boot from it then.
I used the delete ISO and deleted the old key from my systems, just in case.
Find
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)