Created
May 18, 2023 17:21
-
-
Save nafai/f7108c5dc86ec2beb16d14c1046bdbcf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Joel Roth 2023 | |
[CmdletBinding()]Param( | |
[string]$UpdateFile = "$env:SystemRoot\System32\SecureBootUpdates\SKUSiPolicy.p7b", | |
[string]$UpdateHash = "8870483E0E833965A53F422494F1614F79286851" | |
) | |
# Validate update file's hash against the expected one | |
Try | |
{ | |
$Cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromCertFile($UpdateFile) | |
$CertHash = $Cert.GetCertHash().foreach({$_.ToString("X2")}) -join "" | |
} | |
Catch | |
{ | |
Throw "Could not parse $UpdateFile as a valid certificate" | |
} | |
if ($CertHash -ne $UpdateHash) | |
{ | |
Throw "Could not validate certificate! Expected hash $UpdateHash, actual hash $CertHash" | |
} | |
# Find next unoccupied drive letter | |
[char[]]$OccupiedLetters = (gwmi win32_logicaldisk).DeviceID -replace ":","" | |
$Drive = [string]([char]((65..90).Where({$_ -notin $OccupiedLetters})[0]))+":" | |
$DestinationPath = "$Drive\EFI\Microsoft\Boot" | |
# Mount the new drive | |
Invoke-Command { mountvol $Drive /S } -ErrorAction Stop | |
# Copy update file | |
if (Test-Path $DestinationPath -PathType Container) | |
{ | |
Copy-Item -LiteralPath $UpdateFile -Destination $DestinationPath -Force -ErrorAction Stop | |
} | |
# Dismount the temporary drive | |
Invoke-Command { mountvol $Drive /D } -ErrorAction Stop | |
Return $true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment