Aug 22 2024 08:24 AM
KB5025885 outlines how to update Windows Boot Manager, but build 26257 still has a Windows Boot Manager that is signed with the old "PCA 2011" certificate.
The manual processes in KB5025885 are a real pain (and don't scale) so it would be very annoying if this is not fixed before RTM.
Aug 22 2024 10:54 PM - edited Aug 22 2024 11:11 PM
Second this. My hope and humble expectation is that an in-place upgrade to build 26100 will care to fix the certificate for secure boot and also closing the WinRE security issue by a suitable resized and recreated WinRE Partition when upgrading WS 2012 R2 through 2022 to WS 2022.
Is this something you would like to consider with a dynamic update for setup?