Original publish date: February 4, 2025
KB ID: 5053484
|
Change date |
Change description |
|
May 1, 2025 |
Added the Note below the download link for the Make2023BootableMedia.ps1 PowerShell script. |
Introduction
The PowerShell script described in this article can be used to update Windows bootable media so that the media can be used on systems that trust the “Windows UEFI CA 2023” certificate. This certificate is described in KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932.
How to get the PowerShell script
Download the Make2023BootableMedia.ps1 PowerShell script now
Note This link will download the latest version of the PowerShell script. For information about the release history of the script, see microsoft/secureboot_objects.
Description
The Make2023BootableMedia.ps1 PowerShell script updates boot manager support on Windows media to the boot manager signed by the new “Windows UEFI CA 2023” certificate. The input and output can be bootable media of the following type:
-
ISO CD/DVD image file,
-
USB flash drive,
-
a local drive path, or
-
a network drive path.
The latest Windows Assessment and Deployment Kit (Windows ADK) can be found on the Download and install the Windows ADK page and is necessary for this script to work properly.
Notes
-
The Make2023BootableMedia.ps1 script should be run from an elevated PowerShell prompt.
-
You must provide the script with a media source (-MediaPath) which has the latest servicing updates applied.
Syntax
|
PowerShell |
|
Make2023BootableMedia.ps1
|
Parameters
|
-MediaPath <path> |
The path to the media folder or ISO file to be used as baseline. The media folder can be a local drive path or a network share. |
|
-TargetType <type> |
The type of media to be created (ISO, USB, or LOCAL).
|
|
-ISOPath <path> |
The path to the new ISO file to be created from -MediaPath. |
|
-USBDrive <drive:> |
The drive letter to a target USB drive (example E:). |
|
-FileSystem <type> |
This parameter is optional. It allows specifying the file system to format the USB drive with (FAT32 or ExFAT). The default is ExFAT. |
|
-NewMediaPath <path> |
Required when TargetType is LOCAL. -MediaPath content is duplicated here and then updated. |
|
-StagingDir <path> |
Overrides default temporary staging path used by this script. System %TEMP% is used by default with a random subfolder. |
Example commands
Make2023BootableMedia.ps1 -MediaPath C:\Media\Win10Media -TargetType ISO -ISOPath C:\Media\Win10_Updated.iso
Make2023BootableMedia.ps1 -MediaPath C:\Media\Win11.iso -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso
Make2023BootableMedia.ps1 -MediaPath \\server\share\Win11_Media -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso
Make2023BootableMedia.ps1 -MediaPath \\server\share\Win11.iso -TargetType ISO -ISOPath C:\Media\Win11_Updated.iso
Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType USB -USBDrive H:
Make2023BootableMedia.ps1 -MediaPath C:\Media\Win11.iso -TargetType USB -USBDrive E:
Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType LOCAL -NewMediaPath C:\Media\Win1124H2_Updated
Make2023BootableMedia.ps1 -MediaPath H:\Media\Win11.iso -TargetType LOCAL -NewMediaPath R:\Win11_Updated
Make2023BootableMedia.ps1 -MediaPath C:\Media\Win1124H2 -TargetType ISO -ISOPath C:\Media\Win1124H2_Updated.iso -StagingDir C:\Temp\Win1124H2