Ghost Solution Suite

  • Private Community
 View Only

  • 1.  GSS 3.3r12 secure boot not working with my WIN11PE boot disk

    Posted Mar 12, 2025 12:35 PM

    BIOS with secure boot enabled causes disk WIN11PE to crash.

    Symantec_Ghost_Standard_Tools_3_3_12 using bootwiz.exe

    Windows ADK= 10.1.26100.2454

    Windows PE Addons = 10.1.26100.2454

    Using bootwiz.exe.  Created a config called "Win11"
    Selected the Windows PE 11.0 for the preboot operating system, <all> OEM extensions, and click next
    Checked "Autodetect all device drivers" and click next
    Leave DHCP selected and click next
    SELECTED : WMI,WSH,HTA,ADO,WINPE-ENHANCEDSTORAGE,WINPE-DISMCMDLETS,WINPE-SECURESTARTUP,WINPE-STORAGEWMI,WINPE-PLATFORMID,WINPE-SECURBOOTCMDLETS

    Created using  "ISO" and "NETWORK BOOT" then click NEXT

    Question 1:  Was there an option somewhere I forgot to check?

    Question 2:  Does secure boot work on an older ADK or maybe Windows PE 10.0 for the preboot operating system?



  • 2.  RE: GSS 3.3r12 secure boot not working with my WIN11PE boot disk

    Broadcom Employee
    Posted Mar 13, 2025 10:11 AM

    Hello Real

    First thing is if this is older hardware does it support windows 11 if it does not then chances are that winpe11 will not work. 

    If it does support windows 11 verify the order of which the winpe options were installed. This microsoft document show the dependencies of which the options should be installed: https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference?view=windows-11. Use the up\down toggles in the options window to install the dependcies first. The order of install is dependencies should be at the top.

    There is a method to see if the otions are being install in the correct order and that is with logging: here is a document to enable bootwiz logging: https://knowledge.broadcom.com/external/article/178699/how-to-enable-bootwiz-logging-for-ghost.html

    Look for errors in the log file.

    I always go back to the basics with winpe and use the default options then build the winpe envirionment. Also, as a test,  turn off secure boot in the bios and see if it boots into winpe. 

    If you still are unable to get the winpe to run on the system please open a case with support to look into the issue further



    ------------------------------
    Scott Andreas
    Broadcom Technical Supprt
    GSS\DS\ITMS
    ------------------------------

    Original Message


  • 3.  RE: GSS 3.3r12 secure boot not working with my WIN11PE boot disk

    Posted Mar 21, 2025 08:49 AM

    I got secure boot working fine with WIN10PE instead for now using these steps:

    Download the "Windows ADK for Windows 10", version 2004 and "Windows PE add-on for the ADK, version 2004"
       -https://go.microsoft.com/fwlink/?linkid=2120254
       -https://go.microsoft.com/fwlink/?linkid=2120253
    Note: ADK 10.1.25398.1 (Republished in January 2025) did not work with secure boot and I will retest later.
    Run each setup and select the "download" option
    Copy %userprofile%\Downloads\Windows Kits\10\*.* to USB
    Go to your offline Windows 10 Machine
    Uninstall Trellix Antivirus to be safe  (Or disable)
    Disable UAC
    Browse to you USB
    Install ADK\adksetup.exe
    Leave default options and install it (You could uncheck everything except "Deployment Tools")
    Install adkwinpeaddons\adkwinpesetup.exe and hit next until done.
    Install "Symantec_Ghost_Standard_Tools_3_3_12.exe"
    Run C:\Program Files (x86)\Symantec\Ghost\bootwiz\bootwiz.exe
    Select WinPE 10.0 x64 and use the preinstalled ADK option  (Press ctrl+o if needed to open preboot os files popup)
    Select WinPE 10.0 x32 and use the preinstalled ADK option  (Press ctrl+o if needed to open preboot os files popup)
    Create "C:\Program Files (x86)\Symantec\Ghost\bootwiz\Platforms\Winpe10\x64\Drivers\custom\drivers" folder
    Copy custom drivers subfolders if you have any previous ones to "C:\Program Files (x86)\Symantec\Ghost\bootwiz\Platforms\Winpe10\x64\Drivers\custom\drivers"
    Example: "C:\Program Files (x86)\Symantec\Ghost\bootwiz\Platforms\Winpe10\x64\Drivers\custom\drivers\VMXNET3"
    Create a config called "Win10"
    Select the Windows PE 10.0 for the preboot operating system (Default if no others loaded), <all> OEM extensions, and click next
    Check "Autodetect all device drivers" and click next
    Leave DHCP selected and click next
    SELECT: 
    WMI,WINPE-NETFX,WSH,HTA,ADO,WINPE-SECURESTARTUP,WINPE-ENHANCEDSTORAGE,WINPE-DISMCMDLETS,WINPE-PLATFORMID,WINPE-POWERSHELL,WINPE-SECURBOOTCMDLETS,WINPE-STORAGEWMI
    Use arrows to match order above
    then click next.
    Click next on the details screen 
    Click complete and WAIT for it to create the folders in GUI
    Under the "Win10" config
    Right-click on "WIN10" config and "Create Boot Disk"
    Select "ISO" , "NETWORK BOOT" , and  "x64" then click NEXT
    Example Boot Disk final output:
        Path: C:\Program Files (x86)\Symantec\Ghost\bootwiz\iso-imgs\WinPE 10.0\x64\Win10.iso
        Pre-boot OS: WinPE 10.0
        Processor: x64
        Media: iso
        Task: network

    Original Message