Microsoft sneaks Secure Boot support into Windows 7 shortly before support ends

Support for Extended Security Updates for Windows 7 is ending today officially. Microsoft will release a last cumulative update for Windows 7 on January 10, 2023 before the operating system is laid to rest.
Users and organizations who run Windows 7 have a few options available to them to continue using their devices. The official path is to upgrade devices to Windows 10 or 11, or replace them with newer devices that run these operating systems.
Those who prefer to stay on Windows 7 may subscribe to 0Patch for less than $30 a year to receive critical security updates for at least 2 years starting with the official end of support. There may also be options to install patches that Microsoft produces for systems that are based on Windows 7 and still supported by the company.
Chinese blog CSDN discovered in October 2022 that Microsoft appears to have added support for Secure Boot to Windows 7 via the September 2022 cumulative updates. Microsoft did not announce the change in the changelog or elsewhere, to the best of our knowledge.
Microsoft introduced support for Secure Boot in Windows 8 and has not backported the feature to Windows 7 during Windows 7's official support lifecycle. Support for Windows 7 ended in January 2020 for all Home customers while Enterprise and business customers could extend the support range by up to three years for a price.
Secure Boot is a security technology that verifies the integrity of core system components, including the UEFI firmware drivers, EFI applications and the operating system. Only if these components are verified through checks is the operating system booted.
Twitter user Bob Pony published news about this on the messaging site recently. He posted a screenshot of a Windows 7 Enterprise system running Secure Boot. Secure Boot does not work on UEFI Class 3 systems directly to the information published, which means that a workaround is required. The second caveat is that the feature was introduced in an ESU update.
Lastly, it needs to be noted that it feels strange that Microsoft would add support for the feature near the end of the operating system's end of support date. Microsoft did not even reveal that it added the feature, which means that no one outside of the company knows why it was added just months before support end.
Now You: what is your take on this? Why did Microsoft add Secure Boot support to Windows 7? (via Neowin)


I am an XP user and one of the best tips I ever picked up was to copy the i386 folder from the installation disk to the root of C:\, then by changing just two registry keys to point to C:\i386 instead of your CD/DVD drive you can run SFC without using the installation disk.
If you update to a later service pack, as I did with SP3, you then delete the original i386 folder on C:\ and replace it with the one on the slipstreamed disk.
You still use the command SFC /SCANNOW.
As far as I am aware the same technique can be used with later versions of Windows.
Another similar tip is to install the Recovery Console so that too can be run without the installation disk.
Yeah I used that technique back in the days. Was mighty useful.
Modern netbooks and ultra/laptops don’t come with optical drives anymore.
Useful reminder about SFC and service packs.
“Modern netbooks and ultra/laptops don’t come with optical drives anymore” – get a portable USB DVD/RW drive (about $25).
If you burn the W7 (integrated SP1) ISO to DVD you can use it for System File Checker and as a Recovery Disk and for a full W7 (re)installation – easier than trying to slipstream SP1 or configure a flash drive install of W7.
” – get a portable USB DVD/RW drive (about $25).”
Why should I make dvd/rw OEMs richer after investing thousand $ in a PC just to run Windows 7 ?
$1000 just to run windows 7? Sounds to me like you got a pretty crappy deal dude xD
I would have thought that this could be done without a DVD drive or even a second computer, you can get free software that will allow you to mount an ISO image on a hard drive then just copy the required folder to C:\.
An alternative might be to try extracting the folder from the iSO image using something like Universal Extractor, also free, although the first idea should work without any problems.