test_partition_and_db_v3.ps1

<# README

Pre-test:
powershell -ExecutionPolicy Bypass D:\test_partition_and_db_v2.ps1

Update DB:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x40 /f
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

2x reboot or brute force, whichever works
test again with line 2

Update EFI partition bootloader:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x100 /f
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

2x reboot or brute force, whichever works
test again with line 2, done #>

$PSVersionTable.PSVersion.ToString() + "`n"

function Format-Color([hashtable] $Colors = @{}, [switch] $SimpleMatch) {
    $lines = ($input | Out-String) -replace "`r", "" -split "`n"
    foreach($line in $lines) {
        $color = ''
        foreach($pattern in $Colors.Keys){
            if(!$SimpleMatch -and $line -match $pattern) { $color = $Colors[$pattern] }
            elseif ($SimpleMatch -and $line -like $pattern) { $color = $Colors[$pattern] }
        }
        if($color) {
            Write-Host -ForegroundColor 'Green' $line
        } else {
            Write-Host -ForegroundColor 'Red' $line
        }
    }
}

echo "Checking FAT32 EFI partition..."
mountvol S: /S
$sig = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate
$sig = [System.Security.Cryptography.X509Certificates.X509Certificate]::CreateFromSignedFile("S:\EFI\Microsoft\Boot\bootmgfw.efi")
$sig2 = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $sig | Select-Object -ExpandProperty 'issuer'
echo $sig2 | Format-Color @{ 'CA 2023' = 'dummy' }
mountvol S: /D

echo "Checking SecureBoot DB..."
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023' | Format-Color @{ 'True' = 'dummy' }