This is how Microsoft Tools (such as DISM) deploy Windows in enterprise environments. WIM is similar to a ZIP file, as it contains all the base files for booting Windows. When using Winclone 10’s “Quick Install Windows” feature, Winclone does not use the Windows installer: instead, it restores the Windows installation from the installer Windows Image (WIM) file. Windows 11 can boot fine without Secure Boot, but the installer requires that the hardware have Secure Boot and a TPM 2 module. However, this is the not the same as requiring secure boot to boot the OS. Doing this requires a TCM when installing or upgrading to Windows 11. In order to increase security, Microsoft wants to validate the boot loader on all PCs. This setting is then passed to the EFI boot loader, continuing the secure boot. When a T2 Mac boots Windows, the T2 co-processor verifies the boot loader if Secure Boot is enabled. In T2 Macs, the trusted certificate is stored in the Secure Enclave. This certificate must be in a location that is trusted: malware could add in a certificate to trust any boot loader if it was in an untrusted location. If Secure Boot is enabled, the boot loader is verified with the Microsoft certificate that signed it. In order to detect malware in the booting process, the boot loader is digitally signed by Microsoft. Modern Macs have a Secure Enclave, which allows macOS (and Windows 10 to some degree) use Secure Boot. I’ve received questions about how this is possible: after all, most Macs do not have a Trusted Platform Module (TPM), and those with a TPM do not expose it to the hardware. One of the really interesting features of Winclone 10 is the ability to install Windows 11 onto a Boot Camp partition.
0 kommentar(er)
