NikosD
New member
- Local time
- 1:46 AM
- Posts
- 9
- OS
- Windows 11 Pro 25H2
@DarkShadowMD
Well, having my last thoughts on the issue, not my final verdict because I miss a lot of technical details, i think that Microsoft and the scripts and whatever mess with Secure Boot variables should do a sanity check, a simple check to see if the keys/certs that is going to write at a specific space can fit or not.
It sounds simple, but I really don't know if it's feasible and if MS or a third party developer can do it or not.
Because I think in my case the powershell script tried to write a Secure Boot variable in a specific space with less capacity than the size of the variable and the result was a corrupted file (because obviously the file was written up to the point where the space provided for the specific variable was filled, not the whole file obviously).
This check is to prevent the failure before starting to write the file.
Another option would be an integrity test afterwards to check after the update if the whole file was written properly and if it didn't, it could cancel the whole procedure and revert back to the original values.
Just some thoughts regarding the issue - as a safety net that I posted above - to prevent future bricks, a developer like Garlin or MS could think and implement better ones.
Now regarding the MS vs Garlin scripts implementation and execution of Secure Boot variable updates, I really can't judge because I don't know if MS does any check before or after writing the update in order to avoid such failures.
As a last thought, I think my case was useful at least to remind or inform users of this thread that these scripts are messing with a part of the BIOS chip that if anything goes wrong and the NVRAM becomes corrupted, there is no software BIOS recovery solution, no clear CMOS settings, no jumper than can save you.
The PC is bricked and you have to seek for a costly hardware reprogramming of the BIOS chip.
And I don't know if MS is doing it differently, as I said before.
Well, having my last thoughts on the issue, not my final verdict because I miss a lot of technical details, i think that Microsoft and the scripts and whatever mess with Secure Boot variables should do a sanity check, a simple check to see if the keys/certs that is going to write at a specific space can fit or not.
It sounds simple, but I really don't know if it's feasible and if MS or a third party developer can do it or not.
Because I think in my case the powershell script tried to write a Secure Boot variable in a specific space with less capacity than the size of the variable and the result was a corrupted file (because obviously the file was written up to the point where the space provided for the specific variable was filled, not the whole file obviously).
This check is to prevent the failure before starting to write the file.
Another option would be an integrity test afterwards to check after the update if the whole file was written properly and if it didn't, it could cancel the whole procedure and revert back to the original values.
Just some thoughts regarding the issue - as a safety net that I posted above - to prevent future bricks, a developer like Garlin or MS could think and implement better ones.
Now regarding the MS vs Garlin scripts implementation and execution of Secure Boot variable updates, I really can't judge because I don't know if MS does any check before or after writing the update in order to avoid such failures.
As a last thought, I think my case was useful at least to remind or inform users of this thread that these scripts are messing with a part of the BIOS chip that if anything goes wrong and the NVRAM becomes corrupted, there is no software BIOS recovery solution, no clear CMOS settings, no jumper than can save you.
The PC is bricked and you have to seek for a costly hardware reprogramming of the BIOS chip.
And I don't know if MS is doing it differently, as I said before.
My Computer
At a glance
Windows 11 Pro 25H2
- OS
- Windows 11 Pro 25H2




