Using bcdboot after revocations

Question

I completely did the revocations from here:

https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#bkmk_mitigation_guidelines

I next (to experiment) recreated my system partition, formatted, etc. Normally (prior to revocations),

the following code would restore boot of course I used assign letter=S

bcdboot C:\windows /s S: /f UEFI

It did not boot, I got the secure boot warning.

So next I ran these in order from the revocations KB article:

COPY D:\EFI\MICROSOFT\BOOT\BCD D:\EFI\MICROSOFT\BOOT\BCD.BAK

bcdboot c:\windows /f UEFI /s D: /bootex

COPY D:\EFI\MICROSOFT\BOOT\BCD.BAK D:\EFI\MICROSOFT\BOOT\BCD

I did substitute S: instead of D: This time it booted normally.

Now my question, is the method I used fine to repair the system (esp) partition once revocations have been applied?

And one more question, will a major Windows 11 update mess with the revocations or booting?

Of course I restored the whole drive after experimenting, I use Macrium Reflect.

Answer 1

Now my question, is the method I used fine to repair the system (esp) partition once revocations have been applied?

Yes.

And one more question, will a major Windows 11 update mess with the revocations or booting?

Best practice will be creating a System Restore Point, so that if any mess happens you could always go back to normal state.