Since Microsoft has posted some documentation that makes use of my UEFIv2 module, I figured I should fix the module so that it’s compatible with PowerShell 7. The new version 3.0 is available via the PowerShell Gallery; you can upgrade with:
Import-Module UEFIv2 -Force
In addition to a simple fix to make the Get-UEFISecureBootCerts module compatible with PowerShell 7 (technically, making it compatible with .NET Core, since it uses a .NET object to turn the certificate bytes from UEFI into something readable), I changed the license from a “Creative Commons 4.0” license to the more popular (and very permissive) “MIT license.”
If you aren’t familiar with the context of what’s being discussed in the Microsoft docs, this is tied to Black Lotus mitigations and the migration to new signing certificates. Read more about that here. If you want to see what certificates are on a computer, this module will help. From my Hyper-V server, I can see that I have the new UEFI 2023 certificate:
p.s. I’m still playing around with the blog formatting in my spare time, so if you see anything odd, let me know.
Out of Office Hours 
13 responses to “Updated UEFIv2 module posted”
Hmm… You’ve installed a new WordPress theme. Which theme is it?
LikeLike
Using CastCore at the moment, but not particularly happy with it — I’d prefer something that has an adaptive width and serif fonts.
The old theme was OK on the font side, but it wasn’t a WordPress.com-blessed theme and it had some oddities especially with footers that I got tired of dealing with.
LikeLike
Missing the search feature in the current theme at the moment. Any chance that’s an option in the new format?
LikeLike
I get an error when running: Get-UEFISecureBootCerts -dbx | fl
Get-UEFISecureBootCerts : A parameter cannot be found that matches parameter name ‘dbx’.
Is this to be expected because now it seems I can only get the -db list and nothing else.
LikeLike
That’s not the right syntax. You can either specify:
Get-UEFISecureBootCerts -Variable dbx
or just:
Get-UEFISecureBootCerts dbx
LikeLike
I did realize that the help examples are wrong, so I’ll fix those.
LikeLike
Re: Blog Formatting
I believe the header is too big—more than 50% of the page is taken up by it. Additionally, it would be helpful if clicking on an image allowed me to zoom in. Currently, the only way to zoom is by enlarging the entire page.
LikeLike
Agree on this
LikeLike
Re: Blog Formatting
I believe the header is too big—more than 50% of the page is taken up by it. Additionally, it would be helpful if clicking on an image allowed me to zoom in. Currently, the only way to zoom is by enlarging the entire page.
LikeLike
What is the character encoding for the content of the variables? I seem to mostly get garbage out, and tried to pipe it to `hexdump` (my own pwsh fun). It got better, but there is never clear text. At least the certs should be visible?
LikeLike
Certs are binary x509 blobs, hence the included “secure boot” cmdlets that will convert them back to X509Certificate2 objects.
LikeLike
Maybe consider improving the output for all variables output?Here’s one, but many variables are blobs with 0x00.
$ns = Get-UEFIVariable -All; foreach ($i in $ns) { Write-Host -For DarkYellow “n$($i.NameSpace) : $($i.VariableName):n”; try { Get-UEFIVariable -Namespace “$($i.NameSpace)” -VariableName “$($i.VariableName)” | hexdump; } catch { Write-Host -for Red ” FAILED “; } }
LikeLike
That is the story of UEFI variables: they are all just byte arrays. There’s no way to determine which are strings, so you have the option to try either strings or byte arrays.
LikeLike