Event details
hi, is there a way to check the signage of bootx64.efi (and the other) with powershell or cmd?
I use the following code to check certificate on the boot file in the EFI partition. You could simplify by using mountvol if you prefer. This is just for the active boot file - not the copy in the Windows file system (C:\Windows\Boot\Efi)
$SystemDisk = Get-Disk | Where-Object IsSystem if ($SystemDisk) { $SystemPartition = Get-Partition -DiskNumber $SystemDisk.DiskNumber -ErrorAction SilentlyContinue | Where-Object IsSystem if ($SystemPartition) { $params = @{ DiskNumber = $($SystemPartition.DiskNumber) PartitionNumber = $($SystemPartition.PartitionNumber) AccessPath = 'S:' } Add-PartitionAccessPath @params -ErrorAction SilentlyContinue $SystemPartition = Get-Partition -DiskNumber $SystemDisk.DiskNumber -ErrorAction SilentlyContinue | Where-Object IsSystem if ($SystemPartition.AccessPaths -contains 'S:\') { $bootmgrPath = Join-Path 'S:\' 'EFI\Microsoft\Boot\bootmgfw.efi' if (Test-Path $bootmgrPath) { try { $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromSignedFile($bootmgrPath) } catch { } if ($null -ne $cert) { $issuerName = $cert.Issuer $commonName = $issuerName.Split(',')[0].TrimStart('CN=') $dateString = $cert.GetExpirationDateString() $notAfter = $dateString | Get-Date -Format "yyyy-MM-dd HH:mm:ss" $expiresInDays = ((Get-Date $dateString) - (Get-Date)).Days } } Remove-PartitionAccessPath @params -ErrorAction SilentlyContinue } } }thanks, the CreateFromSignedFile was the missing part for me.
