SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(first-boot): online branding re-apply + deferred sm-bootstrap cleanup #13

Merged
SilverLABS merged 1 commits from fix/branding-online-and-bootstrap-cleanup into main 2026-06-09 20:57:29 +00:00
Conversation 0 Commits 1 Files Changed 3 +25
SilverLABS commented 2026-06-09 20:27:33 +00:00
Owner
Copy Link

Two real-user-desktop findings from the e2e (the wizard itself now runs fully and BitLocker + recovery work):

1. Lock/login screen + wallpaper weren't branded (OEM About was). Same root cause as the UAC reset we already proved: Windows resets offline-baked personalization during OOBE (PersonalizationCSP lock screen, default-user wallpaper, FVE recovery message). Plain SOFTWARE keys like OEM About survive; personalization doesn't.
Fix: stage windows/branding/ into the image and re-run Apply-Branding -Mode Online from SetupComplete (post-OOBE, as SYSTEM) where it sticks. Idempotent with the offline bake.

2. sm-bootstrap still present after onboarding. TearDownAsync's in-session Remove-LocalUser no-ops — you can't delete the account you're logged in as.
Fix: keep the best-effort in-session attempt, but defer the real removal to a SYSTEM AtStartup scheduled task that runs on next boot (sm-bootstrap not logged on), removes the account + Win32_UserProfile, then deletes itself. Uses an -EncodedCommand payload to dodge schtasks quoting.

Not a code change: the VM's "no network adapter" was a Proxmox NIC regression to virtio (no driver in IoT LTSC) — fixed by switching the VM to Intel e1000. The real Pocket 4 uses its driver pack.

Verified: build.ps1 parses, welcome solution builds, 29/29 tests. Next: rebuild → restage → retest (expect branded lock screen + wallpaper, and sm-bootstrap gone after the first real-user boot).

Follow-up still tracked: escrow + display the BitLocker recovery key in the Done step; investigate the PCR-11 E_FVE_SECURE_BOOT_CHANGED (likely -SkipHardwareTest sealing) so TPM+PIN doesn't drop to recovery on the first post-enroll boot.

🤖 Generated with Claude Code

Two real-user-desktop findings from the e2e (the wizard itself now runs fully and BitLocker + recovery work): **1. Lock/login screen + wallpaper weren't branded** (OEM About *was*). Same root cause as the UAC reset we already proved: **Windows resets offline-baked personalization during OOBE** (PersonalizationCSP lock screen, default-user wallpaper, FVE recovery message). Plain `SOFTWARE` keys like OEM About survive; personalization doesn't. **Fix:** stage `windows/branding/` into the image and **re-run `Apply-Branding -Mode Online` from `SetupComplete`** (post-OOBE, as SYSTEM) where it sticks. Idempotent with the offline bake. **2. `sm-bootstrap` still present after onboarding.** `TearDownAsync`'s in-session `Remove-LocalUser` no-ops — you can't delete the account you're logged in as. **Fix:** keep the best-effort in-session attempt, but **defer the real removal to a SYSTEM `AtStartup` scheduled task** that runs on next boot (sm-bootstrap not logged on), removes the account + `Win32_UserProfile`, then deletes itself. Uses an `-EncodedCommand` payload to dodge schtasks quoting. Not a code change: the VM's "no network adapter" was a Proxmox NIC regression to **virtio** (no driver in IoT LTSC) — fixed by switching the VM to **Intel e1000**. The real Pocket 4 uses its driver pack. Verified: build.ps1 parses, welcome solution builds, **29/29** tests. Next: rebuild → restage → retest (expect branded lock screen + wallpaper, and sm-bootstrap gone after the first real-user boot). Follow-up still tracked: escrow + display the BitLocker recovery key in the Done step; investigate the PCR-11 `E_FVE_SECURE_BOOT_CHANGED` (likely `-SkipHardwareTest` sealing) so TPM+PIN doesn't drop to recovery on the first post-enroll boot. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
SilverLABS added 1 commit 2026-06-09 20:27:33 +00:00
fix(first-boot): re-apply personalization branding online + defer sm-bootstrap cleanup
All checks were successful
Build SilverMetal Enhanced - Windows ISO / build (pull_request) Successful in 5m37s
Details
daac231148 
VM e2e findings on the real-user desktop:
1. Lock/login screen + wallpaper NOT branded (OEM About WAS) — Windows resets the
   offline-baked personalization (PersonalizationCSP / default-user wallpaper / FVE)
   during OOBE, same class as the UAC reset. Fix: stage windows/branding/ into the
   image and re-run Apply-Branding -Mode Online from SetupComplete (post-OOBE, as
   SYSTEM) where it sticks. OEM About re-asserted harmlessly.
2. sm-bootstrap account still present after onboarding — TearDownAsync's in-session
   Remove-LocalUser no-ops (can't delete the account you're logged in as). Fix: keep
   the best-effort in-session attempt, but DEFER the real removal to a SYSTEM
   AtStartup scheduled task that runs on next boot (sm-bootstrap not logged on),
   removes the account + Win32_UserProfile, then deletes itself.

(Network 'no adapter' in the VM was a Proxmox NIC-model regression to virtio — fixed
by switching the VM to Intel e1000; not a SilverMetal change.)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
SilverLABS merged commit 94de283495 into main 2026-06-09 20:57:29 +00:00
SilverLABS deleted branch fix/branding-online-and-bootstrap-cleanup 2026-06-09 20:57:29 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
SilverLABS
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SilverLABS/SilverMetal#13
Delete Branch "fix/branding-online-and-bootstrap-cleanup"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?