HOWTO: Windows 11 Secure Boot install DIRECT to Internal M.2 WITHOUT USB adapter or WinToUSB

[bhiga]

After a great deal of research and trial-and-error, I managed to get Windows 11 installed directly to internal M.2 SATA SSD on the VCS without needing a SATA-compatible M.2 USB adapter (which I did order anyway, but success came before it arrived 😁).

 

I share this both to help and in thanks to all the great information I got here.

 

WARNING: It's long, so if you're cool with the WinToUSB method that's probably faster.  I was successful doing a WinToUSB VHD install then using Clonezilla to clone that to the internal M2, but I prefer having a clean install as much as possibly to avoid oddities down the line.

 

Requirements

• Windows 11 DVD (I used an ISO mounted in my Zalman virtual ODD) or other bootable Windows 11 install media (Windows 11 install USB stick should work, Ventoy looks like a great alternative to a hardware virtual ODD but I haven't tried it)
• M.2 SATA/AHCI SSD
• USB keyboard
• Display connected to the VCS that shows the full boot including boot/setup options - for whatever reason the VCS initial boot-up (text mode and boot logo) screens either take too long to sync up or simply don't display through some devices like KVMs and USB crash carts, so if you power up the VCS while hitting Escape repeatedly and don't see anything on the attached screen - try another one until you get one that shows something because we need to go into the text mode setup a few times.
• You can access the UEFI/BIOS setup - my retail Black Walnut console updated to latest OS and BIOS 24 (as of Oct 19 2023), but I still had to reflash the BIOS because none of the documented passwords (the variants of piano, voidmyvcswarranty, celebrates) let me in.

 

Notes

• I started completely fresh after initial success to document these steps, but it's quite possible I missed or typoed something.  Be kind.
• As noted above, I used DVD-ROM to install, so very interested to get confirmation that at least the Windows 11 Media Creation Tool bootable USB works
• If you do a Windows Repair, it'll likely run over your boot manager setting, causing it to boot directly into Windows again - redoing step 11 should restore that.
• I have no idea whatsoever how this all interacts with other OS installs on VCS.  I started with a fresh retail VCS, and Windows 11 requires UEFI, so unlike the documented Windows 10 installs, you can't just switch to Legacy mode, though these same steps may work to get Windows 10 installed in UEFI mode with Secure Boot as well.
• I have 32GB RAM installed and a 2TB Ediloca (EN206_2TB_US) SSD installed.  GPU memory has been increased to 8GB.

 

I hope the formatting doesn't get too mangled... Here we go!

 

Install Steps

1. Boot to UEFI (hit Escape just after power/boot0

a. Setup Utility

Boot tab

Add Boot Options [First]

Boot Order Options [(b)USB->SSD->eMMC.]

EFI

Un-tick EFI Embedded MMC Device (TA2932)

Un-tick EFI Embedded MMC Device 1 (TA2932)

Tick Windows 11 install media

F10 Save and Exit

b. Boot Manager

Select Windows 11 install media

(Press key to boot from CD/DVD if necessary)

 

2. Windows Setup starts

a. Set regional settings

b. Click [Next]

c. Click [Install now]

d. Click [I don't have a product key]

e. Select appropriate Windows 11 version if prompted

f. Accept license agreement

g. Click [Next]

h. Click [Custom: Install Windows only (advanced)]

i. Select unallocated space on the SSD (should be Drive 0 Unallocated Space)

j. Click [Next]

Copying Windows files...

k. Error: Windows could not prepare the computer to boot into the next phase of installation.  To install Windows, restart the installation.

l. Dismiss the error

m. Click [Install now]

n. Click [I don't have a product key]

o. Select appropriate Windows 11 version if prompted

p. Accept license agreement

q. Click [Next]

r. Click [Custom: Install Windows only (advanced)]

s. Drive 0 now has three partitions, types System, MSR (Reserved), and Primary

t. Delete the Primary partition (should be Drive 0 Partition 3)

u. Delete the MSR (Reserved) partition (should be Drive 0 Partition 2)

v. Select unallocated space on the SSD (should be Drive 0 Unallocated Space)

w. Click [Next]

Copying Windows files...

Getting files ready for installation...

Installing features...

Installing updates...

Finishing up...

x. Error: Windows could not prepare the computer to boot into the next phase of installation.  To install Windows, restart the installation.

y. Dismiss the error

 

3. Windows Setup starts again

a. Click [Install now]

b. Click [I don't have a product key]

c. Select appropriate Windows 11 version if prompted

d. Accept license agreement

e. Click [Next]

f. Click [Custom: Install Windows only (advanced)]

g. Delete the SSD's first 100MB System partition (should be Drive 0 Partition 1)

h. Click [OK] on "This Partition might contain important files or applications from your computer manufacturer. If  you delete this partition, any data stored on it will be lost." warning.

i. Close the window (cancel the install)

j. Click [Yes] on "Are you sure you want to quit?" prompt

k. Click [Repair your computer]

l. Click [Troubleshoot]

m. Click [Command Prompt]

DISKPART

LIST VOLUME

Note the volume number and letter assigned to the nameless 100MB System volume

If the nameless 100MB System volume does not have a letter, execute commands below to assign it a letter

SELECT VOLUME volumeNumber

ASSIGN

LIST VOLUME

Note letter assigned to the nameless 100MB System volume

EXIT

DEL letter:\EFI\Microsoft\Boot\BCD

BCDEDIT /SYSSTORE letter:

BOOTREC /REBUILDBCD

It should detect 1 installation

Y to add

EXIT

n. Click [Troubleshoot]

o. Click [Startup Repair]

p. Click the entry shown (mine said Windows 10 Enterprise, but don't worry about it, we'll fix it later)

 

4. System reboots - it may tell you the boot device cannot be found - that's okay, carry on.

 

5. Boot to UEFI (hit Escape just after power/boot0

a. Setup Utility

Boot tab

Add Boot Options [First]

Boot Order Options [(b)USB->SSD->eMMC.]

EFI

Un-tick EFI Embedded MMC Device (TA2932)

Un-tick EFI Embedded MMC Device 1 (TA2932)

Tick Windows Boot Manager

Un-tick Windows 11 install media

F10 Save and Exit

 

6. Windows should boot up and go through the Out-of-Box Experience (OOBE)

a. Proceed through setting up Windows

b. You can safely eject/disconnect the Windows Windows 11 when you get to the desktop.

 

7. --To fix Windows boot entry name--
Run Elevated Command Prompt (Windows key, type cmd, then Control-Shift-Enter, or hold Control-Shift while running cmd.exe)

BCDEDIT /set {current} description "Windows 11"

EXIT

 

8. --To get grub2 boot loader installed--

Get 0_obeWAN's grub v2 boot and efi folders and modify the config per https://forums.atariage.com/topic/344932-howto-dual-boot-internal-ssd-with-grub/ - my mmcblk0p2 UID was 62D8-2F7C, yours will be different

 

9. Run Elevated Command Prompt (Windows key, type cmd, then Control-Shift-Enter)

DISKPART

LIST VOLUME

Find the nameless 100MB System volume and note its volume number

SELECT VOLUME volumeNumber

ASSIGN

LIST VOLUME

Note letter assigned to the nameless 100MB System volume

EXIT

 

10. Copy the Grub2 ufi and boot folders to the EFI volume (overwrite when prompted)

XCOPY /s grublocation\efi\ letter:\efi\

XCOPY /s grublocation\boot\ letter:\boot\

 

11. Set the boot manager

BCDEDIT /set {bootmgr} path \EFI\boot\grubx64.efi

 

12. Boot to Recovery from Windows (select Restart while holding Shift, or your use favorite alternative method)

 

13. When Windows Recovery menu appears, select Troubleshoot, then Advanced, then UEFI Firmware Settings

 

14. System boots to UEFI

a. Administer Secure Boot

Select a UEFI file as trusted for execution

NO VOLUME LABEL, [PciRoot(0x0)/Pci(0x8, 0x2)/Pci(0x0, 0x0)/Sata(0x0, 0x0, 0x0)/HD(1, GPT, guid,

0x32800, 0x32000)]

EFI\Boot\grubx64.efi

Yes to Add this hash image to allowed database (db)

F10 Save and Exit

 

b. Setup Utility

Boot tab

EFI

Un-tick EFI Embedded MMC Device (TA2932)

Un-tick EFI Embedded MMC Device 1 (TA2932)

Un-tick 1st Windows Boot Manager entry

Tick 2nd Windows Boot Manager entry

Un-tick Windows 11 install media if it's there

F10 Save and Exit

 

15. Install driver for Other devices>Multimedia Controller (PCI\VEN_1022&DEV_15E2&SUBSYS_15E21022&REV_00)
Update driver from AMD Embedded Windows 64-bit Catalyst Driver package.

https://www.amd.com/en/support/embedded/amd-ryzen-embedded-r-series-processors/r-series-r1000-radeon-vega-graphics

This will install the AMD Audio CoProcessor driver for the unknown Multimedia Controller.

 

 

16. Install driver for Other devices>PCI Device (PCI\VEN_1022&DEV_15E6&SUBSYS_15E41022&REV_00)

Install AMD Chipset Software Installer (AMD Embedded Windows Chipset Drivers)

https://www.amd.com/en/support/embedded/amd-ryzen-embedded-r-series-processors/r-series-r1000-radeon-vega-graphics

This will install the AMD SFH KMDF I2C driver for the PCI Device and update the other platform drivers.

 

17. The grub2 loader should now launch on every boot and let you select between Atari OS and Windows unless you boot from USB

 

References:

- Howto: Dual boot internal SSD with grub - https://forums.atariage.com/topic/344932-howto-dual-boot-internal-ssd-with-grub/

- Windows 10 Install - https://forums.atariage.com/topic/315524-windows-10-install/

- Bios 24 password??? - https://forums.atariage.com/topic/353967-bios-24-password/

- Multi Boot Loader for USB/eMMC - https://forums.atariage.com/topic/316097-multi-boot-loader-for-usbemmc/

- Windows 10 Drivers for VCS - https://forums.atariage.com/topic/346376-windows-10-drivers-for-vcs/

- 3200 MHz compatible memory for the Atari VCS - READ THIS BEFORE PURCHASING! - https://forums.atariage.com/topic/330187-3200-mhz-compatible-memory-for-the-atari-vcs-read-this-before-purchasing/page/3/#comment-5184318

- VCS BIOS Related Discussions - https://forums.atariage.com/topic/315163-vcs-bios-related-discussions/?do=findComment&comment=4973419

- Atari VCS BIOS Exposed - https://www.youtube.com/watch?v=xU42H-A4FFQ

 

Edited October 23, 2023 by bhiga
Typo, formatting, RAM/SSD spec, forgot image!

[zzip]

Thanks for the info.   There's a lot there.  Where would you say the gotcha(s) were?  (whatever made this process difficult)

[bhiga]

1 hour ago, zzip said:

Thanks for the info.   There's a lot there.  Where would you say the gotcha(s) were?  (whatever made this process difficult)

The initial challenge was getting into the BIOS, but that's not specific to Windows. 🙂

 

The biggest and main one is Windows 11 requiring UEFI (so you can't use Legacy boot) and being too confused about which EFI System Partition (ESP) it needs to write the BCD to during the setup process.  This is likely because the internal eMMC has a bunch of ESPs.

I'm pretty sure that's why the first install run fails after Copying Files, and the second run fails at the very end.

I'm not entirely sure why it proceeds with the rest of the install on the second attempt but it seems to depend on seeing that first 100MB System partition (the first ESP it created) which does have \Recovery in it but nothing else got written.
 

Initially I tried manually creating the BCD in the first ESP and even moved the files from the second ESP into the first and deleted the second ESP, creating a "complete" first ESP, but that didn't work as it booted back into setup instead.  Possibly I just didn't write the BCD data correctly or completely.

 

 I'm wondering if the AMD xxx BIOS setting that entirely disables the eMMC might work to prevent Windows Setup from getting into its initial confusion, but I've already got it up and running so I leave that experiment for someone else.  I just want to play. 😁

 

 

The second challenge was getting grub2 to run at boot - it doesn't show the second SSD boot option until the grub EFI file is added as trusted in the Secure Boot administration.

Edited October 23, 2023 by bhiga

[zzip]

17 minutes ago, bhiga said:

 

The biggest and main one is Windows 11 requiring UEFI (so you can't use Legacy boot) and being too confused about which EFI System Partition (ESP) it needs to write the BCD to during the setup process.  This is likely because the internal eMMC has a bunch of ESPs.

I'm pretty sure that's why the first install run fails after Copying Files, and the second run fails at the very end.

I'm not entirely sure why it proceeds with the rest of the install on the second attempt but it seems to depend on seeing that first 100MB System partition (the first ESP it created) which does have \Recovery in it but nothing else got written.
 

Initially I tried manually creating the BCD in the first ESP and even moved the files from the second ESP into the first and deleted the second ESP, creating a "complete" first ESP, but that didn't work as it booted back into setup instead.  Possibly I just didn't write the BCD data correctly or completely.

 

 I'm wondering if the AMD xxx BIOS setting that entirely disables the eMMC might work to prevent Windows Setup from getting into its initial confusion, but I've already got it up and running so I leave that experiment for someone else.  I just want to play. 😁

 

 

The second challenge was getting grub2 to run at boot - it doesn't show the second SSD boot option until the grub EFI file is added as trusted in the Secure Boot administration.

Ah ok, so these are the same issues I've run into with Linux.   So not Windows specific.

 

My approach was that I didn't want to alter the eMMC in any way,  not even to add my own EFI boot entries.    So made my m.2 disk the primary,  manually created my own ESP on that disk,  and install Grub there with the option to Boot the AtariOS

 

Took some trial and error, but eventually I got it working.

 

Part of the problem is I come from the old PC MBR world.   I'm not an expert in how UEFI booting works, but learn a lot more everytime I screw it up

 

 

 

[bhiga]

25 minutes ago, zzip said:

My approach was that I didn't want to alter the eMMC in any way,  not even to add my own EFI boot entries.    So made my m.2 disk the primary,  manually created my own ESP on that disk,  and install Grub there with the option to Boot the AtariOS

Cool!  Same here.  I didn't want to touch the eMMC in fear that some future update would get confused/etc, along with just being weird about what I'll happily customize to the Nth degree and what I really don't want to touch, LOL.  All the customization is on the ESP Windows created on the SSD, which is now primary.

 

25 minutes ago, zzip said:

Part of the problem is I come from the old PC MBR world.   I'm not an expert in how UEFI booting works, but learn a lot more everytime I screw it up

100% same here!!  I grew up with IBM PCjr and MS-DOS 2.1 only because the promised Atari 2600 Keyboard option never materialized, nearly got an Atari 400 though.

Every experimental adventure since has been a learning experience for sure.
 

I just discovered the "frying" term wondering if the mushroom-filled Centipede playfield with quick power on/off/on was an intentional behavior, heh.

It's still weird trying to explain keyboard/mouse to my kids who grew up with touchscreen tablets though...  I'm quite determined to train them to be able to operate with keyboard alone when necessary though! 🤠

Edited October 23, 2023 by bhiga

[zzip]

2 hours ago, bhiga said:

Cool!  Same here.  I didn't want to touch the eMMC in fear that some future update would get confused/etc, along with just being weird about what I'll happily customize to the Nth degree and what I really don't want to touch, LOL.  All the customization is on the ESP Windows created on the SSD, which is now primary.

That's been my fear too, that some future Atari update would leave the system unbootable if I messed with it.   But the EFI does seem pretty robust,  you can have multiple bootloaders installed and choose the default one.    Much easier to fix an "oopsie" than the old MBR system