Share via

EFI Shell with surfacebook

Anonymous
2018-03-11T20:37:55+00:00

How would I launch an EFI shell on my surfacebook 2? I called microsoft and they have zero idea what EFI is, was transferred from 3 departments, and then they said "We are only concerned with the physicall specifications of the surfacebook. You have to buy one and see for yourself ;)" I am not dropping 3 grand on a devise without efi shell. 

How do I get to it?

Pwr+vol up doesnt seem to have the option anywhere.[

Surface | Surface Book | Safety and security

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2018-03-12T03:22:00+00:00

    It is called the "UEFI BIOS" screen and not a 'shell'.

    Here is an article for the Surface Book series.  Should be the same for the Surface Book 2.

    https://surfacetip.com/configuring-surface-book-uefi-bios-settings/

    CAUTION!!!!!!!!!!!!!!!  Stay away from it if you plan on making modifications because chances are, you will 'brick' the machine and be back here on the forum asking how to fix it and there is a chance that there will be no fix.

    Surface machines have a very limited BIOS and there is not much there to change.

    0 comments
  2. Anonymous
    2018-03-12T03:54:50+00:00

    I know what uefi/bios is. I know how to get there. I need to launch a efi shell to do various things.

    Am i the only one who uses the efi shell to launch partition encryption compatible with uefi secure boot? (Encrypted boot partition + encrypted windows partition, but the dex/cex still get properly forwarded so it still has a hashcheck for secureboot and passes.) 

    This is a pretty standard thing i think 95-98% of all users do. Otherwise they wouldnt give users efi shells on every other motherboard i have ever owned. (Including prebuilt dells/hps/etc)

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2018-03-12T04:18:15+00:00

    Microsoft had stripped down the BIOS on these systems to have just the basics.  You see, in the future - there will be no BIOS in computers and the operating system itself will control hardware functions.

    Not that many people actually get into the UEFI BIOS unless they absolutely have to, but I can say that if a person was attempting to run a different system in the machine other than Windows, you can do that.  BUT!  When it comes to UNIX and Linux; there is no keyboard or touchscreen driver (yet) for the all of the Surface laptop models to include the Laptop, Book 1, and Book 2.

    I have the Surface Laptop which encountered a serious issue and it involved the BIOS.  Right now, that machine will no longer run Windows but will run Linux (I have to attach a keyboard to it to use it).  That is a reason for a warning on making changes because the latest Insider Build 'may' have sent a change to the BIOS which caused the problem.

    That machine is a $1,000 paperweight right now!  The BIOS locks up whenever I try to run a Windows system onto it but will run Linux with no problem.

    Just stay off of the BIOS unless you absolutely have to or "YOU" could end up with a $3,000 paperweight!

    0 comments
  4. Anonymous
    2018-03-12T05:07:09+00:00

    I dont think you know what an efi shell is. Who said anything about linux/unix? I dont think you know anything about UEFI, or this wouldnt have happened to you. UEFI is really simple, and here is how to fix your computer.

    Also, not joking go ahead and get a 8GB+ and another windows computer.

    Get this tool called rufus

    https://rufus.akeo.ie/

    Step1- go on working windows computer and get an .iso file out of media creation tool, follow prompts and get the iso. Dont "burn to usb" just get the large ~4GB file. 

    https://www.microsoft.com/en-us/software-download/windows10

    Step2- open rufus, select iso, find the ~4GB file you just got from media creation tool. Select under the dropdown menu "Partition scheme and target file system type" select "GPT partition scheme for UEFI"

    Dont touch the other settings, they are automatic.

    Step3- hold pwr and volup to get to UEFI settings

    go to secure boot control, disable this. [I can 1 on 1 get this working w/ secureboot on, but only if you want the help. It doesnt improve anything except physical security, as in the adversary has both knowledge of computers and physical contact w/ your surfacebook. If this is important I will help you.]

    Step4- Insert usb, turn off surfacebook, then hold pwr + vol down

    It should start windows setup. Do a custom install, delete all the partitions, and install there. 

    Efi shells are important for mr robot level security as you can get things to run preboot in addition to the security layer of key exchange (cex/dex keys) between motherboard and OS.

    10 people found this answer helpful.
    0 comments