I downloaded windows server 2022 ADK and created WinPE media after installing all Microsoft Server operating system-21H2 security updates, but I am still unable to boot the ISO on the VM on which I have upgraded the boot manager with Windows UEFI CA 2023. Also, I have updated the Secure DBX with Windows Production PCA 2011 signature.
I created bootable virtual disk using same media files as in ISO and I am able to boot the vhd on the VM and similarly I am able to boot USB, but is not booting giving the error: The image's certificate was denied (DBX).
Under digital signature tab for bootmgr.efi it shows Windows Production PCA 2011 for every bootable device.
Doc for creating WinPE Doc for setting up machine with Black Lotus mitigations
Can someone please help me creating the ISO which can boot on the prepared machine? Also, I don't understand, what is the difference between booting from vhd/usb and ISO.
