Here is a cool video demonstrating how to use EfiGuard: https://www.youtube.com/watch?v=EJGuJp2fqpM. This post will condense the information into a non-video format, and is explicitly for vmware VMs.
- Download the release version of EfiGuard here: https://github.com/Mattiwatti/EfiGuard
- Open an administrator powershell and run the following:
mountvol M: /S
cd M:\EFI\Boot
copy C:\EfiGuard-v1.2.1\EFI\Boot\Loader.efi .
copy C:\EfiGuard-v1.2.1\EFI\Boot\EfiGuardDxe.efi .
The mountvol command with the /S
flag mounts the EFI System Partition on the M:\
drive. We then copy the specified EfiGuard files into the system partition.
Now we need to configure the bios to booth EfiGuard. Reboot the vm and when the vmware splash screen is showing keep pressing Escape
and F2
, to get into the BIOS, then go to the setup:
Then go to Configure boot options
:
Then go to Add boot option
:
Select the entry that says GPT
and hit enter
Go Into EFI
Then into Boot
Select Loader.efi
which is one of the files we copied into this partition
Give the entry a name and commit the changes
Optionally, go to Change boot order
and move the efiguard
entry to the top, else, you will have to manually select it on each reboot.
Boot into efiguard
Open an admin prompt and run the following command
EfiDSEFix.exe -d
Now patchguard has been disabled.