Solved Using Win 8 bootloader to secure-boot Win 7 ?

[Muffin Top]

Some people on the internet are suggesting a simple tweak for using a Win 8 bootloader to secure-boot Win 7:

They're saying to use the bootmgr, winload.exe, and vga.sys from Win 8? Does that sound like a complete modification, or is it overlooking something?

I was hoping to find a way to secure-boot Win 7, my favorite operating system, on the OptiPlex 7050.

 

[samuria]

A bootloader wont make the system more secure its on the boot that may be more secure but being old its unlikely to do much

 

[Muffin Top]

Windows 7 is the best for internet browsing, because Windows 7 has the only version of system restore that works the way it's supposed to.

Since the Win 10 & 11 versions of system restore are unreliable, they're actually less safe for internet browsing than Win 7.

That's right, the people who are telling us 10 & 11 are more secure are lying to us. They get away with lying to us because most people are too cool to run system restore after every internet session. Be honest, many people feel it's beneath them to comply with an op sec protocol of running system restore after every internet session.

Therefore, Win 7 is unsafe for those who refuse to comply with the op sec protocol of running system restore after every internet session. However, their lack of best practices does not justify a blanket statement about 7 being worse than 10 & 11, when the technical reality is the exact opposite.

I've hit my share of malicious websites over the past 16 years. I just used Malwarebytes to verify there are no detectable threats on my machine after 16 years of careless internet browsing, because of adherence to my op sec protocol of running system restore after every internet session.

So the critical path is to get secure boot working on Win 7. I'm hoping the Win 10 bootloader will work, because I already have a Win 10 license on these machines. If that bootloader works in 7, it will save me the hassle of procuring a Win 8 license just to use its bootloader.

As noted above, I think the only Win 10 files I need to transfer to Win 7 are bootmgr, winload.exe, and vga.sys. I'm asking the question because it sounds too easy. Why doesn't everyone browse the internet securely (instead of waiting for a security lapse to happen, and then blaming the self-described experts who tell us we have to use a newer version of Windows)?

 

[Muffin Top]

Good news and bad news about Simplix. It was not too scary, since it only needed to install 5044011, 5056456, and 5061078, on my otherwise fully updated Win 7 system.

Bad news is that secure boot does not work, even though the aforementioned updates should have enabled secure boot.

 

[Muffin Top]

I found the solution for this. The Win 10 installation USB. Its bootloader, combined with Win 7 install.esd, and a cheap graphics card that uses a combined Win 7/8.1 driver.

Step (1) install.esd copied from Win 7 dvd into Win 10 installation USB. Installed in UEFI + CSM.

Step (2) installed cheap graphics card that appeared to have drivers with good support for both Win 7 & Win 8.1. Rationale is that Dell/Intel drivers for Optiplex 7050 advertised as Win 7 would not install. And Dell's mobo does not support simultaneous use of integrated and dedicated graphics. Mobo requires selection of the expansion card to be made via firmware.

After step (2), CSM is no longer needed for graphics. However, on this machine, turning off CSM also turns off the USB 2 drivers.

Step (3) updated via Simplix. Now I have UEFI + Secure Boot. I'm ready to browse the internet safely, by running System Restore after every internet session. Assuming Secure Boot should protect me from BIOS malware. And System Restore should protect me from everything else.

For now, I'm using a third-party USB driver that I found on MDL's USB 3 thread. It's been worked over by saint canonkang, and one of his buddies from the WinRaid forum.

 

[Muffin Top]

Given my last write-up, I thought I should provide an update about the power of the cheap graphics card with a Win 8.1 driver.


I just discovered that the Win 10 bootloader is not necessarily needed to get Win 7 to UEFI + Secure Boot without using UEFISeven.


I had another of the same hardware (Opti 7050) where I previously installed Win 7, via dvd, in MBR. So I ran mbr2gpt, and then installed the cheap graphics card with the Win 8.1 drivers.


After some fits and restarts, the system was able to run properly in Win 7 without CSM. I had previously failed to discover this feasibility, because on my previous attempt the graphics card's fits and restarts caused me to prematurely assume it would not work without an advanced bootloader. Today, I had less caffeine, so I let the machine do its thing until it had enough time to get the graphics working without CSM.


In particular, on my first start-up without CSM under the new graphics card, the system seemed to be hung for a long time, with frozen graphics, although extensive disk activity was occurring. After a lengthy wait, the machine re-started itself, and since then it's been working just fine without CSM, and no graphics glitches.


After Win 7 was working with the graphics card, and without CSM, I added the post-2019 updates via Simplix, and now it secure-boots reliably.