feat: Add fix for BSOD in Windows 11 24H2 when Bitlocker is enabled

[ksimon1]

What this PR does / why we need it:
feat: Add fix for BSOD in Windows 11 24H2 when Bitlocker is enabled

https://learn.microsoft.com/en-us/answers/questions/1843393/windows-11-24h2-26100-1150-sysprep-generalize-brea?source=docs
This should be workaround for win11 bsod caused by bitlocker

Release note:

feat: Add fix for BSOD in Windows 11 24H2 when Bitlocker is enabled

[ksimon1]

/hold

[sourcery-ai]

Hey @ksimon1 - I've reviewed your changes and they look great!

Here's what I looked at during the review

• 🟡 General issues: 1 issue found
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion: DRY up duplicate script block in release and template files

Extract the shared post-update.ps1 injection into a common include to simplify future updates.

Suggested implementation:

          <FirstLogonCommands>
            <!--#include virtual="post-update-command.xml" -->
            <SynchronousCommand wcm:action="add">
              <CommandLine>reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
              <RequiresUserInput>false</RequiresUserInput>
              <Order>2</Order>
              <Description>Set AutoLogonCount to 0</Description>

1. Create a new file named post-update-command.xml in the same directory with the following content:

<SynchronousCommand wcm:action="add">
  <CommandLine>PowerShell -ExecutionPolicy Bypass -NoProfile F:\post-update.ps1</CommandLine>
  <Order>1</Order>
</SynchronousCommand>

2. If you use a different templating system (e.g., Helm, ytt, kustomize), adjust the include syntax accordingly (e.g., {{ include "post-update-command" }} for Helm).
3. Apply the same include in any other files (such as release files) that previously duplicated this block.

[jcanocan]

Nice job, and thanks for your persistence with this!
It looks good to me, nothing to add regarding the xml modifications.
However, I would be a bit more descriptive with the NOTES. E.g.,

feat: Add fix for BSOD in Windows 11 24H2 when Bitlocker is enabled

[0xFelix]

Not sure I like the wording of "official fix", since this needs to be fixed within Windows afterall, but it's a viable workaround.

/approve

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 0xFelix

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [0xFelix]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 0xFelix, ksimon1

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [0xFelix,ksimon1]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kostyanf14]

In general, I preferred to enumerate all drives for the post-update script, instead of hardcoding F:. F: means that you exactly know that Windows has only one drive C:, the second drive D: is a Windows ISO, etc...

[ksimon1]

/hold cancel

[jcanocan]

/lgtm