I am trying to install FreeBSD 15

20260128_170905.jpg
 
I am guessing you need to set "TPM State" to disabled on the "Security" menu and then set "Secure Boot" to disabled on the "Boot" menu.

How many drives are attached? Can you disconnect all of them?
 
rcbsdpge said:
Can we design our own version of TPM or does something like this already exist at base system

Edit. tpm(4)
Click to expand...
Maybe, The UEFI menus asking for bitlocked number do not explain but print that it cannot use the HD that is encrypted. It is just the HD with FreeBSD 14.1. Encrypted?
 
This is getting off-topic from the OP's problem.

The point of TPM is two-fold. An encrypted drive isn't necessary.

The TPM needs to verify the boot code by checking it's signature. The goal is some assurance of no tampering. The second is for the boot code to verify that it was indeed launched from a trusted platform eg. TPM. In other words, someone did not yank the drive from the machine and attempt to boot it on another.

To dumb this down ... TPM != bitllocker.

TPM is a bit of a chicken-and-egg conundrum. I'd like to load my own keys into TPM so I can sign my drive's boot code. But if I can load my own keys, someone else might do the same using their keys and altered boot code.
 
Erichans said:
Can you tell what exact type number it is? And its CPU?
Click to expand...
CPU is AMD Ryzen 5. The PC is HP M01-F3224. Doing a search for HP M01 will show data, not exactly the data for my PC but a production first.

I can do nothing and use my PC as before except that its first image is not the one asking for my login code, like it did before my taking out the M.2 card and later installing it back.
 
unitrunker said:
I am guessing you need to set "TPM State" to disabled on the "Security" menu and then set "Secure Boot" to disabled on the "Boot" menu.

How many drives are attached? Can you disconnect all of them?
Click to expand...
Yes. The FreeBSD HD is the only one inside the PC. It is a Western Digital, (I do not count the M.2) and I can disconnect the cables. Then I will go to the UEFI, do the process, reboot, enter the bitlocker #, see what surprises happen before the usb memory with FreeBSD 15 boots.
 
Rock as long as something is prompting for a bitlocker code, your UEFI is already trying to load windows. I have no idea how to turn than off.
 
ok. I turn off TPM but did nothing. Now when using the USB flash drive the bitlocker menu appears.
 
My PC is an open box. I think it came without HP service plan. But, somehow it boots today to login screen. Is disabling TPM to credit?
 
Phishfry said:
There is also a section of the BIOS that deals with drive security. My thought is a password on the drive.
I wonder if that's what the problem is now. Secure Boot is only one component now disabled.

For experiment I would try another disk drive and try installing to it..
Click to expand...
I think UEFI is that part of the BIOS. Also Install what to it. I have to boot FreeBSD to install it.
 
On your HP when booting after disabling secure boot; press <esccape> then <F9> to get the boot menu. If there is a selection for something like UEFI Shell, select that. Once in the shell you will have a list of possible drives like FS0:, FS1: etc. figure out which drive has the FreeBSD installer and select it by entering:
FS#: <return>
at the prompt where # is the number of the drive with FreeBSD on it. Now you can use commands like ls, and cd. The directory you want will be something like /boot/EFI and there will be a file something like bootx64.efi in it. execute that file and the installer should boot.
 
I have to re-install FreeBSD on the usb flash since it got erased in the process, creating a folder /efi/boot and there were 2 files in it, one named bootia32.efi and the other named bootx64.efi.
 
Last edited:
ksolowoniuk said:
On your HP when booting after disabling secure boot; press <esccape> then <F9> to get the boot menu. If there is a selection for something like UEFI Shell, select that. Once in the shell you will have a list of possible drives like FS0:, FS1: etc. figure out which drive has the FreeBSD installer and select it by entering:
Click to expand...
I am not taking risks, so for now the procedure you give is non-tested because this is a new terrain. UEFI, from the screens, is not the BIOS used before.
 
Phishfry said:
Because FreeBSD does not support "Secure Boot" you must turn it off. FreeBSD will not work with it enabled.

All Windows PC come with it enabled and you need to disable it for FreeBSD to work.
Click to expand...
I thought FreeBSD can be set up with Secure Boot, just requires manual signing?
 
Once Keys have been enrolled in the firmware and it has been placed in “user mode” (secure boot on) it should boot signed binaries and reject unsigned binaries.
Click to expand...

FreeBSD UEFI Secure Boot | FreeBSD Foundation

1. Introduction Secure boot provides a way to ensure that only authorized EFI binaries are loaded by a computer's firmware. This ensures that no malicious code can run before the operating system is loaded. This document describes one method of securing FreeBSD's boot process. FreeBSD's regular...
freebsdfoundation.org freebsdfoundation.org
 
Install QEMU in windows 11 when the building is experimental?

I took out the M.2 board and replace it with it a blank one, then I it the power button to a black screen. I inserted a FreeBSD 15 RELEASE USB memory to install FreeBSD on the new M.2. Obviously, this UEFI is not BIOS friendly.
 
You must log in or register to reply here.
Back
Top