Version:
  v1.0.8

Note:
  This is intended for use with Stone branded client devices containing Asus motherboards.


Recommendations:
  Test in your environment, using a small batch of eligible systems to confirm correct operation.


Usage:
  Secureboot2023_helper [-h] [-s] [-y]
  Should be run locally on clients, but this could be incorporated into a script or package pushed out by SCCM/MECM or Intune.

Description:
  Updates the Secure Boot 'KEK' and 'DB' certificate files and sets them as active.
  Important point to consider, this tool does not insert the certificates into the default 'KEK' and 'DB' stores.


Parameters:
  -h, -?
      Displays this help message.
  -s
      Use swap operation instead of update for Secure Boot 'KEK' certificates.
      [IMPORTANT] Secure Boot 'KEK' will be replaced with the new certificate instead of appending it.
  -y
      Automatically suspends BitLocker protection when detected and proceeds without confirmation.