Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'.
$RegistryPath = 'HKEY_LOCAL_MACHINE:Software\Policies\Microsoft\FVE' $Name = 'OSAllowSecureBootForIntegrity' $Value = '1'
If (-NOT (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null }
New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType DWORD -Force