ewilliams28/FFU
1
0
Fork 0
mirror of https://github.com/rbalsleyMSFT/FFU.git synced 2026-06-14 02:09:35 -06:00
Code Issues Packages Projects Releases Wiki Activity

Uses ADK BCDBoot to prevent issues with devices that have updated Secureboot certificates from using 2023 signed boot files

Browse Source
This commit is contained in:
rbalsleyMSFT
2026-03-16 11:19:08 -07:00
parent 9bacac8f3d
commit 6c0ee8abc5
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
FFUDevelopment/BuildFFUVM.ps1
+18 -4
View File
@@ -464,7 +464,7 @@ param(
[switch]$Cleanup
)
$ProgressPreference = 'SilentlyContinue'
$version = '2603.1'
$version = '2603.2'
# Remove any existing modules to avoid conflicts
if (Get-Module -Name 'FFU.Common.Core' -ErrorAction SilentlyContinue) {
@@ -2781,11 +2781,25 @@ function Add-BootFiles {
[string]$OsPartitionDriveLetter,
[Parameter(Mandatory = $true)]
[string]$SystemPartitionDriveLetter,
[Parameter(Mandatory = $true)]
[string]$AdkPath,
[Parameter(Mandatory = $true)]
[ValidateSet('x86', 'x64', 'arm64')]
[string]$WindowsArch,
[string]$FirmwareType = 'UEFI'
)
WriteLog "Adding boot files for `"$($OsPartitionDriveLetter):\Windows`" to System partition `"$($SystemPartitionDriveLetter):`"..."
Invoke-Process bcdboot "$($OsPartitionDriveLetter):\Windows /S $($SystemPartitionDriveLetter): /F $FirmwareType" | Out-Null
# Use the ADK copy of BCDBoot so the boot binaries come from the validated ADK toolset
# instead of the local OS installation, which can differ based on Secure Boot servicing state.
$bcdBootArchitecture = if ($WindowsArch -ieq 'arm64') { 'arm64' } else { 'amd64' }
$bcdBootPath = Join-Path $AdkPath "Assessment and Deployment Kit\Deployment Tools\$bcdBootArchitecture\BCDBoot\bcdboot.exe"
if (-not (Test-Path -Path $bcdBootPath)) {
throw "ADK BCDBoot was not found at $bcdBootPath"
}
WriteLog "Adding boot files for `"$($OsPartitionDriveLetter):\Windows`" to System partition `"$($SystemPartitionDriveLetter):`" using ADK BCDBoot at `"$bcdBootPath`"..."
Invoke-Process $bcdBootPath "$($OsPartitionDriveLetter):\Windows /S $($SystemPartitionDriveLetter): /F $FirmwareType" | Out-Null
WriteLog "Done."
}
@@ -7025,7 +7039,7 @@ try {
WriteLog 'All necessary partitions created.'
Add-BootFiles -OsPartitionDriveLetter $osPartitionDriveLetter -SystemPartitionDriveLetter $systemPartitionDriveLetter[1]
Add-BootFiles -OsPartitionDriveLetter $osPartitionDriveLetter -SystemPartitionDriveLetter $systemPartitionDriveLetter[1] -AdkPath $adkPath -WindowsArch $WindowsArch
#Add Windows packages
if ($UpdateLatestCU -or $UpdateLatestNet -or $UpdatePreviewCU ) {