Rocky 9.x Ventoy
From Notes_Wiki
Ventoy USB with Secure Boot + TPM - Step by Step
Step 1: Download Ventoy
- Go to the Ventoy official website and download the latest release.
Step 2: Extract and Prepare Ventoy
Run the following commands in terminal:
cd ~
wget https://github.com/ventoy/Ventoy/releases/download/v1.0.99/ventoy-1.0.99-linux.tar.gz
tar -xvf ventoy-1.0.99-linux.tar.gz
cd ventoy-1.0.99
Step 3: Enable Secure Boot + TPM
- Make sure **Secure Boot** and **TPM** are enabled in BIOS/UEFI settings.
Step 4: Install Ventoy with Secure Boot Support
Unmount your USB drive if mounted, then run:
sudo ./Ventoy2Disk.sh -i /dev/sda -s
(Replace /dev/sda with your actual USB device.)
Step 5: Copy ISO Files
- After installation, unplug/replug your USB.
- Copy your **.iso** files into the Ventoy partition.
Step 6: Boot and Enroll Key
- When booting the first time with Secure Boot ON, a blue screen will appear.
- Select:
* Enroll key from disk → `EFI/ventoy/ventoy.cer` → Confirm → Reboot.
Step 7: Boot ISOs Normally
- Ventoy is now trusted, and you can boot any ISO with Secure Boot + TPM enabled.
Recovery Key (Optional)
To view the recovery key after encryption:
sudo snap recovery --show-key
- The recovery key will also be saved in your cloud.
- Important: Keep this key safe for future use.
