Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-12 19:38:26 -06:00
Code Activity

Windows: Add DCS EFI Bootloader files that are signed. Add certificates and powershell script to update Secure Boot configuration.

Browse Source
This commit is contained in:
Mounir IDRASSI
2016-08-14 23:45:10 +02:00
parent 87ee61bcb1
commit 67031da928
29 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Boot/EFI/Readme.txt Normal file
View File

@@ -0,0 +1,13 @@
To update secure boot configuration
1. Enter BIOS configuration
2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key.
3. Boot Windows
4. execute from admin command prompt
powershell -File sb_set_siglists.ps1
It sets in PK (platform key) - DCS_platform
It sets in KEK (key exchange key) - DCS_key_exchange
It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27
All DCS modules are protected by DCS_sign.
All Windows modules are protected by MicWinProPCA2011_2011-10-19
All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27