Existing Windows 11 bootable USB no longer works after installing May 9 update and applying Secure Boot revocations

Keith Weisshar · May 12, 2023

My existing Windows 11 bootable USB will no longer work to reinstall Windows if I install the May 9 update and also apply the Security Boot revocation files. Reformatting will not remove the revocations because it's written to the UEFI firmware. The only way to remove the revocations from the motherboard is to go to UEFI BIOS and delete secure boot keys from key management menu and then save and exit and then boot the USB media and then go back to UEFI BIOS again and then install default keys from key management menu and then save and exit again. Once a new BIOS is released it will become part of the BIOS and will no longer be possible to revert rendering the existing installation USB and recovery drive unbootable until I disable Secure Boot. What should I do if I get stuck after a secure erase of the SSD from the BIOS and can't use the Macrium Rescue USB to restore the computer because it won't boot? The Macrium Rescue USB no longer works either after applying the May 9 security update revocations to the UEFI firmware.

glasskuter · May 12, 2023

See remarks from members here Additional guidance for devices using Secure Boot to address CVE-2023-24932

Bree · May 12, 2023

Keith Weisshar said:
My existing Windows 11 bootable USB will no longer work to reinstall Windows if I install the May 9 update and also apply the Security Boot revocation files.

Make a new one using the Media Creation Tool. It now makes install media for 22621.1702, the build issued on 9th May that includes the security updates. This should be able boot with the revocations aplied.

Microsoft said:
After these revocations are applied, the devices will intentionally become unable to start by using recovery or installation media, unless this media has been updated with the security updates released on or after May 9, 2023.

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

support.microsoft.com

Bree · May 12, 2023

Keith Weisshar said:
The Macrium Rescue USB no longer works either after applying the May 9 security update revocations to the UEFI firmware.

If you make a new Macrium Rescue USB after applying the May 9 security updates, then that should be able to boot.

glasskuter · May 12, 2023

@Bree, let me make sure I am clear. I did get the May 9 update, but I applied no revocations nor do I intend to at this time. I have the option of applying the revocations or not? Right?

All my current boot media, Windows iso, Macrium Rescue, Linux Mint, etc, should boot as always. Is all this correct

Bree · May 12, 2023

glasskuter said:
@Bree, let me make sure I am clear. I did get the May 9 update, but I applied no revocations nor do I intend to at this time. I have the option of applying the revocations or not? Right?

All my current boot media, Windows iso, Macrium Rescue, Linux Mint, etc, should boot as always. Is all this correct

For now, yes that's correct. The May 9 update includes mitigations, but does not of itself apply the revocations. They can only be applied manually at present. But come the 1st quarter of 2024 Microsoft intent to enforce the revocations. After that only install media for 22621.1702 or later, or boot USBs made by a PC running 22621.1702 (or later) will be allowed to boot. AFAIK there's nothing to stop you turning off secure boot if you need to boot something older.

Microsoft said:
Timing of updates
Updates will be released as follows:

Initial Deployment This phase starts with updates released on May 9, 2023, and provides basic mitigations,

Second Deployment This phase starts with updates released on July 11, 2023, which adds additionally support mitigating the issue.

Enforcement The final enforcement phase that will make the mitigations permanent. Tentatively scheduled for the first quarter of 2024.

...When updates are released for the enforcement phase, they will add the following:

The revocations (Code Integrity Boot policy and Secure Boot disallow list) will be programmatically enforced after installing updates for Windows to all affected systems with no option to be disabled.

We’re looking for opportunities to accelerate this schedule, if possible and will announce any updates here.

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Haydon · May 12, 2023

Referring to MS' "Timing of updates" I trust that Macrium Reflect (and other backup apps) will be updated in sync.

What I can't quite understand, though, is how a one time revocation can cure a defect that resides in the very structure of TPM 2.0. Or will there be revocations at every WU after the first quarter of 2024? At least until machines with TPM 3.0 come along?

Scott · May 12, 2023

Bree said:
If you make a new Macrium Rescue USB after applying the May 9 security updates, then that should be able to boot.

Nope, just tried it. Only way I got in was through the boot menu option.

trevo · May 13, 2023

FWIW I just used a Macrium Rescue USB which I made several weeks ago and was able to successfully boot into Macrium.

Current build 2621.1702

Haydon · May 13, 2023

More on 'to boot or not to boot' (in the short term: it depends)

Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug

forum.macrium.com

More info (interesting comments on the roll-out in particular)

Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug

Fix will eventually render all kinds of older Windows boot media unbootable.

arstechnica.com

More than you ever want to know (evil genius)

BlackLotus UEFI bootkit: Myth confirmed

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot.

www.welivesecurity.com

Scott · May 13, 2023

trevo said:
FWIW I just used a Macrium Rescue USB which I made several weeks ago and was able to successfully boot into Macrium.

Current build 2621.1702

With the revocations applied? Interesting. Mine went straight to the UEFI/BIOS.

trevo · May 13, 2023

Scott said:
With the revocations applied? Interesting. Mine went straight to the UEFI/BIOS.

I made no adjustments, just updated to version .1702.

Scott · May 13, 2023

Haydon said:
More than you ever want to know (evil genius)

BlackLotus UEFI bootkit: Myth confirmed

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot.

www.welivesecurity.com

Amazing what a 80kb file can do.

Keith Weisshar · May 16, 2023

Recovery drives work if the computer was clean installed with the upgraded v22621.1702 bootable installation media.

Keith Weisshar · May 16, 2023

Why does DBX Management show up as Mixed instead of Default in the UEFI BIOS after applying the May 9 secure boot revocation update?

hsehestedt · May 16, 2023

Bree said:
If you make a new Macrium Rescue USB after applying the May 9 security updates, then that should be able to boot.

I'm not so sure about that. Let me explain....

Some programs (Macrium Reflect is one of them) will allow you to create boot media based on either Windows RE (Recovery Environment) or Windows PE (Preinstallation Environment).

As for media based upon WinRE, I could see that working but I have to admit that I have not tested it yet. For WinPE based media, I would expect that NOT to work yet because we need new Windows PE components. Windows PE is downloaded from the same location where you download the Windows ADK as it is considered an add-on to the ADK.

Scott · May 22, 2023

Keith Weisshar said:
Why does DBX Management show up as Mixed instead of Default in the UEFI BIOS after applying the May 9 secure boot revocation update?

Because it added "Black Lotus" to the UEFI Forbidden List (DBX), so it's no longer default.

hsehestedt · Jul 6, 2023

I realize that this thread is old, but I have some information that some may find helpful:

I have written a few batch files to automate the whole process of dealing with these BlackLotus rootkit mitigations.

There are three batch files in total:

1) The first batch file performs the actual revocations as described in KB5025885.

2) The second batch file will apply the Windows updates to your Windows PE add-on (if you have this installed).

3) The last batch file will update the boot.wim (Windows PE) file found on any of your Windows PE based bootable media, for example, a Macrium Reflect recovery disk.

For the moment, I am only posting this message - I'll provide the batch files to anyone if interest is shown. However, I'm waiting until after the July Patch Tuesday updates are posted to officially start a thread with the batch files because "phase 2" of Microsoft's mitigation for BlackLotus is set to be deployed then.

My hope is to update these batch files, if needed, depending upon what phase two includes.

So for now, just be aware that I have these batch files available and that you can request them if interested. For example, if you were one of the people bold enough to have already applied these revocations and now have some boot media that won't boot, you may want to have this now.