The readiness script always returns a Pass for SecureBoot for me even if SecureBoot is disabled.
Might need something like below ?
try {
$isSecureBootEnabled = Confirm-SecureBootUEFI
if ($isSecureBootEnabled) {
$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $PASS_STRING
UpdateReturnCode -ReturnCode 0
}
else {
$outObject.logging += $logFormatWithBlob -f $SECUREBOOT_STRING, $CAPABLE_STRING, $FAIL_STRING
UpdateReturnCode -ReturnCode 1
$exitCode = 1
}
}
catch [System.PlatformNotSupportedException] {
ok , just found that it is not a requirement for Windows 11 to have SecureBoot enabled, system just needs to be capable.
https://support.microsoft.com/en-us/windows/windows-11-and-secure-boot-a8ff1202-c0d9-42f5-940f-843abef64fad