Improve Device overview

README.md

@@ -110,8 +110,7 @@ Double-click `Show Secure Boot update events.cmd` to display all the Secure Boot
 To view the current Windows Secure Boot state, right-click `Check Windows state.cmd` and *Run as administrator*. The output will be similar to the following:
 
 ```
-
-Windows version: 25H2 (Build 26200.8457)
+Windows version          : Windows 11 - 25H2 (Build 26200.8457)
 
 UEFISecureBootEnabled    : 1
 AvailableUpdates         : 0x0000

ps/Check UEFI PK, KEK, DB and DBX.ps1

@@ -18,15 +18,9 @@ if (-not ((Test-Path -Path "$PSScriptRoot\Check-Dbx-Simplified.ps1" -PathType Le
 }
 
 # Print computer info
-Get-Date -Format 'dd MMMM yyyy'
-$computer = Get-CimInstance -ClassName Win32_ComputerSystem
-$bios = Get-CimInstance -ClassName Win32_BIOS
-"Manufacturer: " + $computer.Manufacturer
-"Model: " + $computer.Model
-$biosinfo = $bios.Manufacturer , $bios.Name , $bios.SMBIOSBIOSVersion , $bios.Version -join ", "
-"BIOS: " + $biosinfo
-$v = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'
-"Windows version: {0} (Build {1}.{2})`n" -f $v.DisplayVersion, $v.CurrentBuildNumber, $v.UBR
+Import-Module $PSScriptRoot\Get-SystemOverview.psm1 -Force
+Show-DeviceOverview
+Write-Host
 
 # Check architecture
 $IsArm = $false
@@ -47,7 +41,7 @@ try {
     $cpuArch = 9 # default x64
 }
 $arch = if ($Is64bit -and $cpuArch -eq 9) { # CPU arch x64
-        "x64"
+        "amd64"
     } elseif ($Is64bit -and $cpuArch -eq 12) { # CPU arch ARM64
         "arm64"
     } elseif (-not $Is64bit -and ($cpuArch -eq 0 -or $cpuArch -eq 9)) {
@@ -58,7 +52,7 @@ $arch = if ($Is64bit -and $cpuArch -eq 9) { # CPU arch x64
         "unsupported"
     }
 
-Write-Host "Detected $arch UEFI architecture. Ensure that this is correct for valid DBX results.`n"
+Write-Host "Detected $(Resolve-ArchName($arch)) UEFI architecture. Ensure that this is correct for valid DBX results.`n"
 
 # Check for Secure Boot status
 Write-Host "Secure Boot status: " -NoNewLine
@@ -252,20 +246,20 @@ function Show-CheckDBX {
 
 # select the proper bin file for the DBX Update.
 # files are copied from https://github.com/microsoft/secureboot_objects/tree/main/PostSignedObjects/DBX
-if ($arch -eq "x64") {
+if ($arch -eq "amd64") {
   # Show-CheckDBX "2023-03-14         " "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2023-03-14.bin"
   # Show-CheckDBX "2023-05-09         " "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2023-05-09.bin"
   # Show-CheckDBX "2025-01-14 (v1.3.1)" "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2025-01-14.bin"
   # Show-CheckDBX "2025-06-11 (v1.5.1)" "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2025-06-11.bin"
-    Show-CheckDBX "2025-10-14 (v1.6.0) [$arch]" "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2025-10-14.bin"
+    Show-CheckDBX "2025-10-14 (v1.6.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2025-10-14.bin"
 } elseif ($arch -eq "arm64") {
-    Show-CheckDBX "2025-02-25 (v1.4.0) [$arch]" "$PSScriptRoot\..\dbx_bin\arm64_DBXUpdate_2025-02-25.bin"
+    Show-CheckDBX "2025-02-25 (v1.4.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\arm64_DBXUpdate_2025-02-25.bin"
 } elseif ($arch -eq "x86") {
-    Show-CheckDBX "2025-10-14 (v1.6.0) [$arch]" "$PSScriptRoot\..\dbx_bin\x86_DBXUpdate_2025-10-14.bin"
+    Show-CheckDBX "2025-10-14 (v1.6.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\x86_DBXUpdate_2025-10-14.bin"
 } elseif ($arch -eq "arm") {
-    Show-CheckDBX "2025-02-25 (v1.4.0) [$arch]" "$PSScriptRoot\..\dbx_bin\arm_DBXUpdate_2025-02-25.bin"
+    Show-CheckDBX "2025-02-25 (v1.4.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\arm_DBXUpdate_2025-02-25.bin"
 } else {
-     Write-Warning "[$arch] architecture."
+    Write-Warning "[$($arch.ToUpper())] architecture."
 }
 Show-CheckDBX "Current Windows staged" "C:\Windows\System32\SecureBootUpdates\dbxupdate.bin"
 

ps/Check Windows state.ps1

@@ -8,8 +8,8 @@ if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdent
 }
 
 # Print computer info
-$v = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'
-"Windows version: {0} (Build {1}.{2})`n" -f $v.DisplayVersion, $v.CurrentBuildNumber, $v.UBR
+Import-Module $PSScriptRoot\Get-SystemOverview.psm1 -Force
+"Windows version          : " + ((Show-WindowsVersion) -replace '^.*:\s*') + "`n"
 
 Write-Host "UEFISecureBootEnabled    :" (Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State).UEFISecureBootEnabled
 "AvailableUpdates         : 0x{0:X4}" -f (Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot).AvailableUpdates

ps/Get-SystemOverview.psm1

@@ -0,0 +1,112 @@
+# Created by github.com/jcoester
+# Repository https://github.com/cjee21/Check-UEFISecureBootVariables
+
+function Spacer() {
+    Write-Host ("-" * 60)
+}
+
+function Get-WindowsVersionFromBuild([int]$Build) {
+
+    # See https://en.wikipedia.org/wiki/List_of_Microsoft_Windows_versions
+    switch ($Build) {
+        { $_ -ge 22000 } { return "11" }
+        { $_ -ge 10240 } { return "10" }
+        { $_ -ge 9600 }  { return "8.1" }
+        { $_ -ge 9200 }  { return "8" }
+        default          { return "" }
+    }
+}
+
+function Resolve-ArchName {
+    param([string]$Arch)
+
+    switch ($Arch.ToUpper()) {
+        "AMD64" { "AMD64/X64" }
+        "ARM"   { "ARM" }
+        "ARM64" { "ARM64/AARCH64" }
+        "X86"   { "X86/IA32" }
+        default { $Arch }
+    }
+}
+
+function Format-Set($Values) {
+
+    # Filter out duplicates and junk
+    $clean = $Values | Where-Object {
+        $_ -and
+        $_ -notmatch "to be filled by o\.e\.m\." -and
+        $_ -notmatch "default string" -and
+        $_ -ne "1.0" # Only applied to hardware, firmware can be '1.0'
+    } | Select-Object -Unique
+
+    # Filter out substrings of others
+    foreach ($v in @($clean)) {
+        if ($clean | Where-Object { $_ -ne $v -and $_ -like "*$v*" }) {
+            $clean = $clean -ne $v
+        }
+    }
+
+    $clean
+}
+
+function Format-DeviceModel([string[]]$Values) {
+
+    # Build three tiers, from most specific to most generic
+    $t1 = Format-Set $Values[0,1] # OEMModelNumber, OEMModelBaseBoard
+    $t2 = Format-Set $Values[2,3] # OEMModelSystemFamily, OEMModelSystemVersion
+    $t3 = Format-Set $Values[4,5] # OEMModelSKU, OEMModelBaseBoardVersion
+
+    # T1 and T2 always, T3 as fallback
+    $result = if ($t1) { @($t1) + @($t2) } else { @($t3) }
+    $result -join ' - '
+}
+
+function Show-WindowsVersion {
+    $windows = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
+    "OS : Windows {0} - {1} (Build {2}.{3})" -f `
+        (Get-WindowsVersionFromBuild ([int]$windows.CurrentBuildNumber)),
+        $windows.DisplayVersion,
+        $windows.CurrentBuildNumber,
+        $windows.UBR
+}
+
+function Show-DeviceOverview {
+    (Get-Date).ToString('dd MMM yyyy')
+    Spacer
+    Show-Device
+    Show-WindowsVersion
+}
+
+function Show-Device {
+    # Show Secure Boot related device hardware and firmware info
+    $device  = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes"
+
+    # Hardware
+    "HW : {0} - {1} - {2}" -f `
+        ((Format-Set @(
+            $device.OEMName
+            $device.OEMManufacturerName
+            $device.BaseBoardManufacturer
+        )) -join " - "),
+        (Format-DeviceModel @(
+            $device.OEMModelNumber    
+            $device.OEMModelBaseBoard
+            $device.OEMModelSystemFamily
+            $device.OEMModelSystemVersion
+            $device.OEMModelSKU
+            $device.OEMModelBaseBoardVersion
+        )),
+        (Resolve-ArchName $device.OSArchitecture)
+
+    # Firmware
+    "FW : {0} - {1} - {2}" -f `
+        $device.FirmwareManufacturer,
+        $device.FirmwareVersion,
+        ([datetime]$device.FirmwareReleaseDate).ToString('dd MMM yyyy')
+}
+
+Export-ModuleMember -Function `
+    Spacer,
+    Show-WindowsVersion,
+    Show-DeviceOverview,
+    Resolve-ArchName