winload.exe signature error

When I boot into my laptop, bootmgr refuses to boot Win8.1SE x64, claiming 'digital signature is wrong'.
However, testing in VMware with ISO works fine. Also, EFI is not affected since it doesn't use winload.exe.

For temporary measure, I copied my host's (Win 8.1 x64 Korean) winload.exe into PE, then it works fine.

Has any ideas? I can't guess why only in real machine this problem appears.

If you copy the boot.wim to another system, you to disable integry checks on that BCD yourself

http://theoven.org/index.php?topic=866.msg11055#msg11055

JFX was faster 

Here's what I wrote but all is already written  in http://theoven.org/index.php?topic=866.msg11055#msg11055

winload.exe is patched during x64 building to bypass drivers signing.
Look at http://theoven.org/index.php?topic=866.msg11055#msg11055

To get bootmgr accepts the invalid certificate of the new winload.exe, you need:
bcdedit -store Boot\bcd /set {default} NoIntegrityChecks 1
bcdedit -store Boot\bcd /set {default} loadoptions DISABLE_INTEGRITY_CHECKS
Do you have them ?

Can you also look in the log if you find these strings ?
"Update winload.exe failed, exit code :"  and "Update the checksum failed, exit code :"
They are written only if the return code is not 0

Thank you! Got it work 

It would be better to notify more about this.

Thank you! Got it work 

It would be better to notify more about this.

Yep, but where ? do you have any idea ?

Since I use PE/Linux multiboot usb stick, I organized BCD by self.
I tried to find why winload.exe is changed, but failed.
We should notify why winload.exe is patched and do what to avoid signature error.

Yep, but where ? do you have any idea ?

I have been thinking about 'placing'....
How about in 'Copy to USB' scripts and script.project?

5. Burn final  'Win8.1 SE' Iso or
    Copy 'Win8.1SE' to any USB-Device

We can add a button after these containing message :

winload.exe is patched during x64 building to bypass drivers signing.
Look at http://theoven.org/index.php?topic=866.msg11055#msg11055

To get bootmgr accepts the invalid certificate of the new winload.exe, you need:
bcdedit -store Boot\bcd /set {default} NoIntegrityChecks 1
bcdedit -store Boot\bcd /set {default} loadoptions DISABLE_INTEGRITY_CHECKS

It would be better to notify more about this.

Done, I added a Textbox to notify about this, in the Main Plugin 

Is there a way to disable winload.exe patching? I don't need unsigned driver support in my builds and it's hard to disable the integrity checks especially when booting from PXE...

Patch winload.exe and BCD adjustment are now grouped in 1 - Copy Files.
With an option: Patch winload.exe to bypass drivers signing
Retrieve updates on server.