Recent content by t2s50


  1. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    You wouldn't change the vbios of the iGPU by this procedure, it's an integrated part of the main firmware. It seems the only way to find out (and repair) is using a programmer like one of those https://www.aliexpress.com/w/wholesale-CH341.html Most firmware from these times can quite easily...
  2. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    Well, the bootmgrfw.efi file is still the latest available for 'stock'- installations and you're text referes to EFI files and to this file directly. So the file isn't 'banned' itself but the environment isn't rigged yet to keep secure boot up to date since the KEK is missing. Since you compare...
  3. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    That was the reason I attached the files, but there's no need, except for KEKUpdateCombined.bin (and BucketConfidenceData.cab) the files from May and April are identical.
  4. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    OK, thanks. I did have a different understanding of "banned" since for a bootmanager to boot it has to be signed with a non revoked cert stored in DB, no more no less- if there aren't any other revocations installed. Thanks for the explanation, I do know that stuff, and it should work as you...
  5. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    Thanks a lot, this version did run and write the logfile. Sorry for Samsung, don't know if there are many (and newer) firmware revisions with special signs from other vendors out there! (But the main question still is why I can only install two of three revocations after April 2026 MCUs? It...
  6. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    No, that's not correct. It's supported, but the KEK isn't installed yet. As written this is the output exactly after recovering from an unsuccessfull revocation-update when secure boot no longer was possible. I did: 1) Disable secure boot in bios settings 2) Restore factory (2011-) secure boot...
  7. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    Old laptop (Samsung NP300E5C, Phoenix P09RAP, HM75, Ivy Bridge) doesn't like the latest DBXUpdate2024.bin (together with latest DBXUpdateSVN.bin). All other updates can be installed. The older PCA2011 cert already was revoked and the SVN8(?) update was manually installed. Tried to reinstall the...
  8. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    I'm sorry, but I don't understand what MS is doing here. There has to be a meaning that the *2024 files exist, and now there's the legacy 'line' of dbx updates in addition. What would be the meaning of a line with PCA2011 signed updates with latest SVNs? One would still need a non- expired KEK...
  9. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    I don't think so, see registry after last reboot for april updates, 'Available updates' is on 0x4000, but there were some remarks [UploadedForCurrentBootCycle] [RestartRequiredForKeyRolling] [RestartRequiredForVSMBFSVCAI] [SBInstalledInCurrentBootCycle] "SBUpdateType"=dword:00000002 But even...
  10. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    For older Powershell versions (5.1 on 2016 server and default on W10) Get-Volume_DevicePath seems not known: Otherwise I'm not completely sure if this is generally true, but the April updates updated the bootmanager to SVN 8 and updated the SVN binary in \securebootupdates to SVN 8 3 3 (and...
  11. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    Thanks a lot! Should've checked myself, Sorry! But I think this might get you some additional questions? Seems that MS didn't update the minimal SVN / revoke SVN 7 for the boot manager in the latest update. How do you interpret the *Legacy.bin files in securebootupdates? DBXUpdateSVNLegacy...
  12. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    Windows 10 ESU has now got the new Secure boot message, too:
  13. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    I wonder a little bit why your script proposes to revoke the PCA2011 cert while it lists the PCA2011 already in the dbx? (Read the latest posts and didn't find that covered. Did I overlook something?)
  14. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    Thank you! Changing line 1177 to $SystemDrive = (Get-CimInstance -ClassName Win32_OperatingSystem).SystemDrive worked for me. Now both PS versions (5.1. and 7.4.14) have the same output.
  15. Solved garlin's PowerShell scripts for updating Secure Boot CA 2023

    Just for your information: W10 ESU, Powershell 7.4.14 LTS gives a small error in the beginning and displays Bitlocker state of all drives (possibly since it can't determine the system drive): Powershell 7.4.14 LTS is installed parallely to the standard Powershell 5.1 where the script works...
Back
Top Bottom