Unexpected behavior of Set-SecureBootUEFI with the -ContentFilePath parameter
I'm using the following 3 commands to add a new key to my Secure Boot db: $CurrentTime=Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ";Format-SecureBootUEFI -Name db -SignatureOwner 12345678-1234-1234-1234-123456789abc -FormatWithCert -Certificate .\dbKey.cer -ContentFilePath .\FormattedContent.bin -SignableFilePath GeneratedFileToSign.bin -Time $CurrentTime -AppendWrite .\signtool.exe sign /fd sha256 /p7 .\ /p7co 1.2.840.113549.1.7.1 /p7ce DetachedSignedData /a /f PrivateKey.pfx /p thePassword GeneratedFileToSign.bin Set-SecureBootUEFI -ContentFilePath .\FormattedContent.bin -SignedFilePath GeneratedFileToSign.bin.p7 The first two commands succeeds but Set-SecureBootUEFI unexpectedly produces the following prompt: Supply values for the following parameters: Name: Shouldn't it be able to obtain the name from FormattedContent.bin? This behavior isn't described anywhere in the https://docs.microsoft.com/en-us/powershell/module/secureboot/set-securebootuefi?view=windowsserver2022-ps and is contrary to the behavior shown in example 2 where the command succeeds without any further prompt. I entered "db", and then it prompted: Time: Again this should have been obtained from `FormattedContent.bin`, and the behavior isn't documented anywhere. When I repeated everything in the same session with a slight modification, Set-SecureBootUEFI succeeds immediately: $CurrentTime=Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ";$ObjectFromFormat=Format-SecureBootUEFI -Name db -SignatureOwner 12345678-1234-1234-1234-123456789abc -FormatWithCert -Certificate .\dbKey.cer -SignableFilePath GeneratedFileToSign.bin -Time $CurrentTime -AppendWrite .\signtool.exe sign /fd sha256 /p7 .\ /p7co 1.2.840.113549.1.7.1 /p7ce DetachedSignedData /a /f PrivateKey.pfx /p thePassword GeneratedFileToSign.bin $ObjectFromFormat | Set-SecureBootUEFI -SignedFilePath GeneratedFileToSign.bin.p7 The only different between the two sets of commands is that the first outputs the formatted data to a file which is then supplied as a parameter to Set-SecureBootUEFI while the second outputs the formatted data to a PowerShell object which is then piped to Set-SecureBootUEFI. Functionally both are identical and it is puzzling why they have different behavior.