VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--DcsBoot/DcsBoot.c135
-rw-r--r--DcsCfg/DcsCfg.h8
-rw-r--r--DcsCfg/DcsCfg.inf8
-rw-r--r--DcsCfg/DcsCfgCrypt.c260
-rw-r--r--DcsCfg/DcsCfgMain.c8
-rw-r--r--DcsInfo/DcsInfo.inf4
-rw-r--r--DcsInt/DcsInt.c126
-rw-r--r--DcsInt/DcsInt.inf7
-rw-r--r--DcsRe/DcsRe.c273
-rw-r--r--DcsRe/DcsRe.inf4
-rw-r--r--Include/Library/CommonLib.h35
-rw-r--r--Include/Library/PasswordLib.h4
-rw-r--r--Library/CommonLib/EfiConsole.c6
-rw-r--r--Library/CommonLib/EfiFile.c61
-rw-r--r--Library/CommonLib/EfiMem.c27
-rw-r--r--Library/DcsCfgLib/DcsCfgLib.inf8
-rw-r--r--Library/DcsCfgLib/GptEdit.c8
-rw-r--r--Library/DcsTpmLib/Tpm20.c2
-rw-r--r--Library/PasswordLib/ConsolePassword.c39
-rw-r--r--Library/PasswordLib/PicturePassword.c2
-rw-r--r--Library/VeraCryptLib/DcsProp4
-rw-r--r--Library/VeraCryptLib/DcsVeraCrypt.c25
-rw-r--r--Library/VeraCryptLib/DcsVeraCrypt.h2
-rw-r--r--Library/VeraCryptLib/VeraCryptLib.inf18
-rw-r--r--Library/VeraCryptLib/llmath.c435
-rw-r--r--Library/VeraCryptLib/mklinks_src.bat14
-rw-r--r--SecureBoot/certs/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27.crtbin0 -> 870 bytes
-rw-r--r--SecureBoot/certs/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27.crtbin0 -> 861 bytes
-rw-r--r--SecureBoot/certs/Acer_2012-05-31.crtbin0 -> 1010 bytes
-rw-r--r--SecureBoot/certs/Acer_ABO_2010-12-31.crtbin0 -> 757 bytes
-rw-r--r--SecureBoot/certs/Acer_Database_2013-07-10.crtbin0 -> 923 bytes
-rw-r--r--SecureBoot/certs/Acer_DisablePW_2012-12-31.crtbin0 -> 775 bytes
-rw-r--r--SecureBoot/certs/Acer_LINPUS_2012-10-09.crtbin0 -> 779 bytes
-rw-r--r--SecureBoot/certs/Acer_LINPUS_2018-04-19.crtbin0 -> 1021 bytes
-rw-r--r--SecureBoot/certs/Acer_Quanta_NB4_2012-07-18.crtbin0 -> 786 bytes
-rw-r--r--SecureBoot/certs/Acer_Wistron_Secure_Flash_2013-05-17.crtbin0 -> 816 bytes
-rw-r--r--SecureBoot/certs/Acer_db_Manufacture_2015-06-17.crtbin0 -> 905 bytes
-rw-r--r--SecureBoot/certs/Canonical_Master_CA_2012_04_12.crtbin0 -> 1096 bytes
-rw-r--r--SecureBoot/certs/Dell_CompalA31CSMB_2012-07-17.crtbin0 -> 812 bytes
-rw-r--r--SecureBoot/certs/Dell_UEFI_DB_2016_06_03.crtbin0 -> 978 bytes
-rw-r--r--SecureBoot/certs/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23.crtbin0 -> 1420 bytes
-rw-r--r--SecureBoot/certs/HP_UEFI_Secure_Boot_DB_2017_2017-01-20.crtbin0 -> 1204 bytes
-rw-r--r--SecureBoot/certs/Intel_CISD_FW_Update_2017-08-30.crtbin0 -> 840 bytes
-rw-r--r--SecureBoot/certs/Lenovo_1T110-1415ISK-2016-02-17.crtbin0 -> 821 bytes
-rw-r--r--SecureBoot/certs/Lenovo_2JYoga910_2015-12-02.crtbin0 -> 817 bytes
-rw-r--r--SecureBoot/certs/Lenovo_4MYoga720-15IKB_2016-11-09.crtbin0 -> 823 bytes
-rw-r--r--SecureBoot/certs/Lenovo_DCU31-80E31-80_2015-03-03.crtbin0 -> 822 bytes
-rw-r--r--SecureBoot/certs/Lenovo_LCFC_2015-05-29.crtbin0 -> 768 bytes
-rw-r--r--SecureBoot/certs/Lenovo_Mocca_2012-06-20.crtbin0 -> 813 bytes
-rw-r--r--SecureBoot/certs/Lenovo_ThinkPad_Product_CA_2012-06-29.crtbin0 -> 962 bytes
-rw-r--r--SecureBoot/certs/Lenovo_UEFI_CA_2014-01-24.crtbin0 -> 919 bytes
-rw-r--r--SecureBoot/certs/MSI_SHIP_OWN_CA_2012-06-09.crtbin0 -> 1078 bytes
-rw-r--r--SecureBoot/certs/OriginPC_OWN_CA_2018-01-09.crtbin0 -> 1051 bytes
-rw-r--r--SecureBoot/certs/Panasonic_Corporation_db_CA_2013-03-31.crtbin0 -> 1073 bytes
-rw-r--r--SecureBoot/certs/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05.crtbin0 -> 886 bytes
-rw-r--r--SecureBoot/certs/Toshiba_Corporation_Utility_CA_2012-08-10.crtbin0 -> 1102 bytes
-rw-r--r--SecureBoot/certs/Toshiba_QCI_2012-07-24.crtbin0 -> 822 bytes
-rw-r--r--SecureBoot/certs/Toshiba_QCI_Shell_2012-07-24.crtbin0 -> 810 bytes
-rw-r--r--SecureBoot/readme.txt13
-rw-r--r--SecureBoot/sb_set_siglists.ps1101
-rw-r--r--SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList.binbin0 -> 898 bytes
-rw-r--r--SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.binbin0 -> 938 bytes
-rw-r--r--SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList.binbin0 -> 889 bytes
-rw-r--r--SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.binbin0 -> 929 bytes
-rw-r--r--SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_2012-05-31_SigList.binbin0 -> 1038 bytes
-rw-r--r--SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.binbin0 -> 1078 bytes
-rw-r--r--SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_ABO_2010-12-31_SigList.binbin0 -> 785 bytes
-rw-r--r--SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.binbin0 -> 825 bytes
-rw-r--r--SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_Database_2013-07-10_SigList.binbin0 -> 951 bytes
-rw-r--r--SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.binbin0 -> 991 bytes
-rw-r--r--SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList.binbin0 -> 803 bytes
-rw-r--r--SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.binbin0 -> 843 bytes
-rw-r--r--SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList.binbin0 -> 807 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.binbin0 -> 847 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList.binbin0 -> 807 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.binbin0 -> 847 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.binbin0 -> 1049 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.binbin0 -> 1089 bytes
-rw-r--r--SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList.binbin0 -> 814 bytes
-rw-r--r--SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.binbin0 -> 854 bytes
-rw-r--r--SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList.binbin0 -> 844 bytes
-rw-r--r--SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.binbin0 -> 884 bytes
-rw-r--r--SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList.binbin0 -> 933 bytes
-rw-r--r--SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.binbin0 -> 973 bytes
-rw-r--r--SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList.binbin0 -> 1124 bytes
-rw-r--r--SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.binbin0 -> 1164 bytes
-rw-r--r--SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.binbin1179 -> 1179 bytes
-rw-r--r--SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin.p7bin1996 -> 1996 bytes
-rw-r--r--SecureBoot/siglists/DCS_platform_SigList_Serialization.binbin1425 -> 1425 bytes
-rw-r--r--SecureBoot/siglists/DCS_platform_SigList_Serialization.bin.p7bin1996 -> 1996 bytes
-rw-r--r--SecureBoot/siglists/DCS_sign_SigList_Serialization.binbin910 -> 910 bytes
-rw-r--r--SecureBoot/siglists/DCS_sign_SigList_Serialization.bin.p7bin1492 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList.binbin0 -> 840 bytes
-rw-r--r--SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.binbin0 -> 880 bytes
-rw-r--r--SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList.binbin0 -> 1006 bytes
-rw-r--r--SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.binbin0 -> 1046 bytes
-rw-r--r--SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList.binbin0 -> 1448 bytes
-rw-r--r--SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.binbin0 -> 1488 bytes
-rw-r--r--SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList.binbin0 -> 1232 bytes
-rw-r--r--SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.binbin0 -> 1272 bytes
-rw-r--r--SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList.binbin0 -> 868 bytes
-rw-r--r--SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.binbin0 -> 908 bytes
-rw-r--r--SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList.binbin0 -> 849 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.binbin0 -> 889 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList.binbin0 -> 845 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.binbin0 -> 885 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList.binbin0 -> 851 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.binbin0 -> 891 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList.binbin0 -> 850 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.binbin0 -> 890 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList.binbin0 -> 796 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.binbin0 -> 836 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList.binbin0 -> 841 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.binbin0 -> 881 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList.binbin0 -> 990 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.binbin0 -> 1030 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList.binbin0 -> 947 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.binbin0 -> 987 bytes
-rw-r--r--SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList.binbin0 -> 1106 bytes
-rw-r--r--SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.binbin0 -> 1146 bytes
-rw-r--r--SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList.binbin1600 -> 1600 bytes
-rw-r--r--SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.binbin1640 -> 1640 bytes
-rw-r--r--SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7bin1492 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList.binbin1543 -> 1543 bytes
-rw-r--r--SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.binbin1583 -> 1583 bytes
-rw-r--r--SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7bin1492 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList.binbin0 -> 1079 bytes
-rw-r--r--SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.binbin0 -> 1119 bytes
-rw-r--r--SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList.binbin0 -> 1101 bytes
-rw-r--r--SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.binbin0 -> 1141 bytes
-rw-r--r--SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList.binbin0 -> 914 bytes
-rw-r--r--SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.binbin0 -> 954 bytes
-rw-r--r--SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList.binbin0 -> 1130 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.binbin0 -> 1170 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList.binbin0 -> 850 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.binbin0 -> 890 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList.binbin0 -> 838 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.binbin0 -> 878 bytes
-rw-r--r--SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin.p7bin0 -> 1492 bytes
-rw-r--r--SecureBoot/siglists/dbx_list_SigList.binbin0 -> 3724 bytes
-rw-r--r--SecureBoot/siglists/dbx_list_SigList_Serialization.binbin0 -> 3766 bytes
-rw-r--r--SecureBoot/siglists/dbx_list_SigList_Serialization.bin.p7bin0 -> 1492 bytes
174 files changed, 1105 insertions, 532 deletions
diff --git a/DcsBoot/DcsBoot.c b/DcsBoot/DcsBoot.c
index 7eaf41b..7029a10 100644
--- a/DcsBoot/DcsBoot.c
+++ b/DcsBoot/DcsBoot.c
@@ -25,9 +25,11 @@ https://opensource.org/licenses/LGPL-3.0
EFI_GUID ImagePartGuid;
EFI_GUID *gEfiExecPartGuid = &ImagePartGuid;
-CHAR16 *gEfiExecCmdDefault = L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi";
+CHAR16 *gEfiExecCmdDefault = L"\\EFI\\Microsoft\\Boot\\Bootmgfw_ms.vc";
+CHAR16 *gEfiExecCmdMS = L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi";
CHAR16 *gEfiExecCmd = NULL;
CHAR8 gDoExecCmdMsg[256];
+CONST CHAR8* g_szMsBootString = "bootmgfw.pdb";
EFI_STATUS
DoExecCmd()
@@ -44,7 +46,10 @@ DoExecCmd()
lockFlags = ConfigReadInt("DcsBmlLockFlags", BML_LOCK_SETVARIABLE | BML_SET_BOOTNEXT | BML_UPDATE_BOOTORDER);
BmlLock(lockFlags);
res = EfiExec(NULL, gEfiExecCmd);
- AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't exec %s start partition %g\n", gEfiExecCmd, gEfiExecPartGuid);
+ if (EFI_ERROR(res))
+ AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't exec %s start partition %g\n", gEfiExecCmd, gEfiExecPartGuid);
+ else
+ AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nDone exec %s start partition %g\n", gEfiExecCmd, gEfiExecPartGuid);
} else {
AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't open start partition %g\n", gEfiExecPartGuid);
}
@@ -54,6 +59,39 @@ DoExecCmd()
return res;
}
+EFI_STATUS
+ExecMSWindowsLoader() {
+
+ if (!EFI_ERROR(FileExist(NULL, gEfiExecCmdDefault)))
+ return EfiExec(NULL, gEfiExecCmdDefault);
+ else
+ {
+ if (!EFI_ERROR(FileExist(NULL, gEfiExecCmdMS)))
+ {
+ /* check if it is Microsoft one */
+ UINT8* fileData = NULL;
+ UINTN fileSize = 0;
+ BOOLEAN bFound = FALSE;
+ if (!EFI_ERROR(FileLoad(NULL, gEfiExecCmdMS, &fileData, &fileSize)))
+ {
+ if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+ {
+ bFound = TRUE;
+ }
+ }
+
+ MEM_FREE(fileData);
+
+ if (bFound)
+ return EfiExec(NULL, gEfiExecCmdMS);
+ }
+
+ ERR_PRINT(L"Could not find the original Windows loader\r\n");
+
+ return EFI_NOT_READY;
+ }
+}
+
//////////////////////////////////////////////////////////////////////////
// BML
//////////////////////////////////////////////////////////////////////////
@@ -121,6 +159,8 @@ DcsBootMain(
UINTN len;
UINT32 attr;
BOOLEAN searchOnESP = FALSE;
+ BOOLEAN searchMsOnESP = FALSE;
+ EFI_GUID *pEfiExecPartBackup = NULL;
// EFI_INPUT_KEY key;
InitBio();
@@ -159,9 +199,33 @@ DcsBootMain(
EfiSetVar(L"DcsExecPartGuid", NULL, &ImagePartGuid, sizeof(EFI_GUID), EFI_VARIABLE_BOOTSERVICE_ACCESS);
EfiSetVar(L"DcsExecCmd", NULL, gEfiExecCmdDefault, (StrLen(gEfiExecCmdDefault) + 1) * 2, EFI_VARIABLE_BOOTSERVICE_ACCESS);
// Authorize
+ gBS->SetWatchdogTimer(0, 0, 0, NULL);
res = EfiExec(NULL, L"\\EFI\\VeraCrypt\\DcsInt.dcs");
- if (EFI_ERROR(res)) {
+ if (EFI_ERROR(res) && (res != EFI_DCS_POSTEXEC_REQUESTED)) {
+
+ // Clear DcsExecPartGuid before execute OS to avoid problem in VirtualBox with reboot.
+ EfiSetVar(L"DcsExecPartGuid", NULL, NULL, 0, EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ EfiSetVar(L"DcsExecCmd", NULL, NULL, 0, EFI_VARIABLE_BOOTSERVICE_ACCESS);
// ERR_PRINT(L"\nDcsInt.efi %r\n",res);
+ if (res == EFI_DCS_SHUTDOWN_REQUESTED)
+ {
+ res = EFI_SUCCESS;
+ gST->RuntimeServices->ResetSystem(EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ }
+ else if (res == EFI_DCS_REBOOT_REQUESTED)
+ {
+ res = EFI_SUCCESS;
+ gST->RuntimeServices->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
+ }
+ else if (res == EFI_DCS_HALT_REQUESTED)
+ {
+ EfiCpuHalt();
+ }
+ else if (res == EFI_DCS_USER_CANCELED)
+ {
+ /* If user cancels password prompt, call original Windows loader */
+ res = ExecMSWindowsLoader ();
+ }
return res;
}
@@ -169,6 +233,8 @@ DcsBootMain(
if (EFI_ERROR(res)) {
gEfiExecPartGuid = &ImagePartGuid;
}
+
+ pEfiExecPartBackup = gEfiExecPartGuid;
res = EfiGetVar(L"DcsExecCmd", NULL, &gEfiExecCmd, &len, &attr);
if (EFI_ERROR(res)) {
@@ -177,6 +243,9 @@ DcsBootMain(
searchOnESP = CompareGuid(gEfiExecPartGuid, &ImagePartGuid) &&
EFI_ERROR(FileExist(NULL, gEfiExecCmd));
+
+ searchMsOnESP = CompareGuid(gEfiExecPartGuid, &ImagePartGuid) &&
+ EFI_ERROR(FileExist(NULL, gEfiExecCmdMS));
// Clear DcsExecPartGuid before execute OS to avoid problem in VirtualBox with reboot.
EfiSetVar(L"DcsExecPartGuid", NULL, NULL, 0, EFI_VARIABLE_BOOTSERVICE_ACCESS);
@@ -187,34 +256,50 @@ DcsBootMain(
InitBio();
res = InitFS();
- // Default load of bootmgfw?
- if (searchOnESP) {
- // gEfiExecCmd is not found on start partition. Try from ESP
- EFI_BLOCK_IO_PROTOCOL *bio = NULL;
- EFI_PARTITION_TABLE_HEADER *gptHdr = NULL;
- EFI_PARTITION_ENTRY *gptEntry = NULL;
- HARDDRIVE_DEVICE_PATH hdp;
- EFI_HANDLE disk;
- if (!EFI_ERROR(res = EfiGetPartDetails(gFileRootHandle, &hdp, &disk))) {
- if ((bio = EfiGetBlockIO(disk)) != NULL) {
- if (!EFI_ERROR(res = GptReadHeader(bio, 1, &gptHdr)) &&
- !EFI_ERROR(res = GptReadEntryArray(bio, gptHdr, &gptEntry))) {
- UINT32 i;
- for (i = 0; i < gptHdr->NumberOfPartitionEntries; ++i) {
- if (CompareGuid(&gptEntry[i].PartitionTypeGUID, &gEfiPartTypeSystemPartGuid)) {
- // select ESP GUID
- CopyGuid(gEfiExecPartGuid, &gptEntry[i].UniquePartitionGUID);
- res = DoExecCmd();
- if(EFI_ERROR(res)) continue;
+ while (1)
+ {
+ // Default load of bootmgfw?
+ if (searchOnESP) {
+ // gEfiExecCmd is not found on start partition. Try from ESP
+ EFI_BLOCK_IO_PROTOCOL *bio = NULL;
+ EFI_PARTITION_TABLE_HEADER *gptHdr = NULL;
+ EFI_PARTITION_ENTRY *gptEntry = NULL;
+ HARDDRIVE_DEVICE_PATH hdp;
+ EFI_HANDLE disk;
+ if (!EFI_ERROR(res = EfiGetPartDetails(gFileRootHandle, &hdp, &disk))) {
+ if ((bio = EfiGetBlockIO(disk)) != NULL) {
+ if (!EFI_ERROR(res = GptReadHeader(bio, 1, &gptHdr)) &&
+ !EFI_ERROR(res = GptReadEntryArray(bio, gptHdr, &gptEntry))) {
+ UINT32 i;
+ for (i = 0; i < gptHdr->NumberOfPartitionEntries; ++i) {
+ if (CompareGuid(&gptEntry[i].PartitionTypeGUID, &gEfiPartTypeSystemPartGuid)) {
+ // select ESP GUID
+ CopyGuid(gEfiExecPartGuid, &gptEntry[i].UniquePartitionGUID);
+ res = DoExecCmd();
+ if(EFI_ERROR(res)) continue;
+ }
}
}
}
}
+ } else {
+ res = DoExecCmd();
}
- } else {
- res = DoExecCmd();
+
+ if(EFI_ERROR(res))
+ {
+ if (0 == StrCmp (gEfiExecCmd, gEfiExecCmdDefault))
+ {
+ gEfiExecCmd = gEfiExecCmdMS;
+ searchOnESP = searchMsOnESP;
+ gEfiExecPartGuid = pEfiExecPartBackup;
+ }
+ else
+ break;
+ }
+ else
+ break;
}
-
ERR_PRINT(L"%a\nStatus - %r", gDoExecCmdMsg, res);
EfiCpuHalt();
return EFI_INVALID_PARAMETER;
diff --git a/DcsCfg/DcsCfg.h b/DcsCfg/DcsCfg.h
index 4152fe9..379a8c0 100644
--- a/DcsCfg/DcsCfg.h
+++ b/DcsCfg/DcsCfg.h
@@ -89,18 +89,18 @@ OuterInit();
extern UINTN gSecRigonCount;
EFI_STATUS
-SecRigionMark();
+SecRegionMark();
EFI_STATUS
-SecRigionWipe();
+SecRegionWipe();
EFI_STATUS
-SecRigionAdd(
+SecRegionAdd(
IN UINTN regIdx
);
EFI_STATUS
-SecRigionDump(
+SecRegionDump(
IN EFI_HANDLE hBio,
IN CHAR16 *prefix
);
diff --git a/DcsCfg/DcsCfg.inf b/DcsCfg/DcsCfg.inf
index c057b96..2557418 100644
--- a/DcsCfg/DcsCfg.inf
+++ b/DcsCfg/DcsCfg.inf
@@ -83,6 +83,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI
DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
DEBUG_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
RELEASE_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
@@ -91,6 +95,10 @@ DEBUG_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
RELEASE_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+DEBUG_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+RELEASE_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
+NOOPT_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+
[FeaturePcd]
[Pcd]
diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c
index 0ca45ec..986824d 100644
--- a/DcsCfg/DcsCfgCrypt.c
+++ b/DcsCfg/DcsCfgCrypt.c
@@ -60,7 +60,7 @@ AskEA() {
CHAR16 name[128];
for (ea = EAGetFirst(); ea != 0; ea = EAGetNext(ea))
{
- EAGetName(name, ea, 1);
+ EAGetName(name, 128, ea, 1);
OUT_PRINT(L"(%d) %s\n", ea, name);
}
ea = (int)AskUINTN(":", EAGetFirst());
@@ -167,12 +167,19 @@ ChangePassword(
ZeroMem(&confirmPassword, sizeof(newPassword));
VCAskPwd(AskPwdNew, &newPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
- return EFI_NOT_READY;
+ return EFI_DCS_USER_CANCELED;
+ }
+ if (gAuthPwdCode == AskPwdRetTimeout) {
+ return EFI_TIMEOUT;
}
VCAskPwd(AskPwdConfirm, &confirmPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
MEM_BURN(&newPassword, sizeof(newPassword));
- return EFI_NOT_READY;
+ return EFI_DCS_USER_CANCELED;
+ }
+ if (gAuthPwdCode == AskPwdRetTimeout) {
+ MEM_BURN(&newPassword, sizeof(newPassword));
+ return EFI_TIMEOUT;
}
if (newPassword.Length == confirmPassword.Length) {
if (CompareMem(newPassword.Text, confirmPassword.Text, confirmPassword.Length) == 0) {
@@ -417,6 +424,10 @@ RangeCrypt(
UINT64 remainsOnStart;
UINT64 pos;
UINTN rd;
+ BOOL bIsSystemEncyption = FALSE;
+
+ if (info->noIterations == get_pkcs5_iteration_count (info->pkcs5, info->volumePim, FALSE, TRUE))
+ bIsSystemEncyption = TRUE;
io = EfiGetBlockIO(disk);
if (!io) {
@@ -478,6 +489,13 @@ RangeCrypt(
if (encrypt) {
EncryptDataUnits(buf, (UINT64_STRUCT*)&pos, (UINT32)(rd), info);
} else {
+ if (bIsSystemEncyption && (pos == start) && (0xEB52904E54465320 == BE64 (*(uint64 *) buf)))
+ {
+ // first sector is not encrypted (e.g. because of Windows repair).
+ // So we encrypt it so that decryption will lead to correct result
+ EncryptDataUnits(buf, (UINT64_STRUCT*)&pos, 1, info);
+ }
+
DecryptDataUnits(buf, (UINT64_STRUCT*)&pos, (UINT32)(rd), info);
}
@@ -560,90 +578,96 @@ RangeCrypt(
RangeCryptProgress(size, remains, pos, remainsOnStart);
}
else if (!encrypt)
- {
- BOOL bIsSystemEncyption = FALSE;
- if (info->noIterations == get_pkcs5_iteration_count (info->pkcs5, info->volumePim, FALSE, TRUE))
- bIsSystemEncyption = TRUE;
-
+ {
if (bIsSystemEncyption)
{
- /*
- * Case of OS decryption by Rescue Disk
- * Check if NTFS marker exists. If not, then probably disk affected by
- * bug in 1.19 Rescue Disk which caused the first 50 MB of disk to be
- * decrypted in a wrong way. In this case, try to reverse the faulty decryption
- * and then perform correct decryption
- */
- remains = size % CRYPT_BUF_SECTORS;
- if (remains > 0)
- {
- /* 1.19 bug appears only when size not multiple of 50 MB */
- res = io->ReadBlocks(io, io->Media->MediaId, start, 512, buf);
- if (!EFI_ERROR(res)) {
- if (0xEB52904E54465320 != BE64 (*(uint64 *) buf)) /* NTFS */
+ res = io->ReadBlocks(io, io->Media->MediaId, start, 512, buf);
+ if (!EFI_ERROR(res)) {
+ /*
+ * Case of OS decryption by Rescue Disk
+ * Check if NTFS marker exists. If not, then probably disk affected by
+ * either Windows Repair overwriting first sector or the bug in 1.19
+ * Rescue Disk which caused the first 50 MB of disk to be
+ * decrypted in a wrong way. In this case, try to reverse the faulty decryption
+ * and then perform correct decryption
+ */
+ if (0xEB52904E54465320 != BE64 (*(uint64 *) buf)) /* NTFS */
+ {
+ /* encrypt it to see if the first sector was unencrypted before decrypt done */
+ EncryptDataUnits(buf, (UINT64_STRUCT*)&start, 1, info);
+
+ if (0xEB52904E54465320 == BE64 (*(uint64 *) buf)) /* NTFS */
{
- if (AskConfirm("\r\nSystem already decrypted but partition can't be recognized.\r\nDid you use 1.19 Rescue Disk previously to decrypt OS?", 1)) {
- OUT_PRINT(L"\r\nTrying to recover data corrupted by 1.19 Rescue Disk bug.");
-
- pos = start + remains - CRYPT_BUF_SECTORS;
- // Read
- do {
- res = io->ReadBlocks(io, io->Media->MediaId, pos, CRYPT_BUF_SECTORS << 9, buf);
- if (EFI_ERROR(res)) {
- UINT8 ar;
- ERR_PRINT(L"Read error: %r\n", res);
- ar = AskAR();
- if (ar != 'R' && ar != 'r')
- break;
- }
- } while (EFI_ERROR(res));
-
- if (EFI_ERROR(res))
- {
- OUT_PRINT(L"\r\nNo corrective action performed.");
+ // Write corrected first sector
+ do {
+ res = io->WriteBlocks(io, io->Media->MediaId, start, 512, buf);
+ if (EFI_ERROR(res)) {
+ UINT8 ar;
+ ERR_PRINT(L"Write error: %r\n", res);
+ ar = AskAR();
+ if (ar != 'R' && ar != 'r')
+ break;
}
- else
- {
- UINT8* realEncryptedData = buf + ((CRYPT_BUF_SECTORS - remains) << 9);
- BOOL bPerformWrite = FALSE;
+ } while (EFI_ERROR(res));
+
+ if (EFI_ERROR(res))
+ {
+ OUT_PRINT(L"\r\nThe corrected first sector could not be written.");
+ }
+ }
+ else
+ {
+ /* restore original value */
+ DecryptDataUnits(buf, (UINT64_STRUCT*)&start, 1, info);
- // reverse faulty decryption
- EncryptDataUnits(buf, (UINT64_STRUCT*)&pos, (UINT32)(remains), info);
+ remains = size % CRYPT_BUF_SECTORS;
+ if (remains > 0)
+ {
+ /* 1.19 bug appears only when size not multiple of 50 MB */
+ if (AskConfirm("\r\nSystem already decrypted but partition can't be recognized.\r\nDid you use 1.19 Rescue Disk previously to decrypt OS?", 1)) {
+ OUT_PRINT(L"\r\nTrying to recover data corrupted by 1.19 Rescue Disk bug.");
+
+ pos = start + remains - CRYPT_BUF_SECTORS;
+ // Read
+ do {
+ res = io->ReadBlocks(io, io->Media->MediaId, pos, CRYPT_BUF_SECTORS << 9, buf);
+ if (EFI_ERROR(res)) {
+ UINT8 ar;
+ ERR_PRINT(L"Read error: %r\n", res);
+ ar = AskAR();
+ if (ar != 'R' && ar != 'r')
+ break;
+ }
+ } while (EFI_ERROR(res));
- // decrypt the correct data
- DecryptDataUnits(realEncryptedData, (UINT64_STRUCT*)&start, (UINT32)(remains), info);
-
- if (0xEB52904E54465320 == BE64 (*(uint64 *) realEncryptedData)) /* NTFS */
- bPerformWrite = TRUE;
- else
+ if (EFI_ERROR(res))
{
- if (AskConfirm("\r\nDecrypted data don't contain valid partition information. Proceeed anyway?", 1))
- bPerformWrite = TRUE;
+ OUT_PRINT(L"\r\nNo corrective action performed.");
}
-
- if (bPerformWrite)
+ else
{
- // Write original encrypted data
- do {
- res = io->WriteBlocks(io, io->Media->MediaId, pos, (UINTN)((CRYPT_BUF_SECTORS - remains) << 9), buf);
- if (EFI_ERROR(res)) {
- UINT8 ar;
- ERR_PRINT(L"Write error: %r\n", res);
- ar = AskAR();
- if (ar != 'R' && ar != 'r')
- break;
- }
- } while (EFI_ERROR(res));
+ UINT8* realEncryptedData = buf + ((CRYPT_BUF_SECTORS - remains) << 9);
+ BOOL bPerformWrite = FALSE;
+
+ // reverse faulty decryption
+ EncryptDataUnits(buf, (UINT64_STRUCT*)&pos, (UINT32)(remains), info);
- if (EFI_ERROR(res))
+ // decrypt the correct data
+ DecryptDataUnits(realEncryptedData, (UINT64_STRUCT*)&start, (UINT32)(remains), info);
+
+ if (0xEB52904E54465320 == BE64 (*(uint64 *) realEncryptedData)) /* NTFS */
+ bPerformWrite = TRUE;
+ else
{
- OUT_PRINT(L"\r\nNo corrective action performed.");
+ if (AskConfirm("\r\nDecrypted data don't contain valid partition information. Proceeed anyway?", 1))
+ bPerformWrite = TRUE;
}
- else
- {
- // Write correctly decrypted data
+
+ if (bPerformWrite)
+ {
+ // Write original encrypted data
do {
- res = io->WriteBlocks(io, io->Media->MediaId, start, (UINTN) (remains << 9), realEncryptedData);
+ res = io->WriteBlocks(io, io->Media->MediaId, pos, (UINTN)((CRYPT_BUF_SECTORS - remains) << 9), buf);
if (EFI_ERROR(res)) {
UINT8 ar;
ERR_PRINT(L"Write error: %r\n", res);
@@ -652,30 +676,48 @@ RangeCrypt(
break;
}
} while (EFI_ERROR(res));
-
+
if (EFI_ERROR(res))
{
- OUT_PRINT(L"\r\nFailed to write decrypted data.");
+ OUT_PRINT(L"\r\nNo corrective action performed.");
}
else
- {
- OUT_PRINT(L"\r\nData recovered successfully!");
+ {
+ // Write correctly decrypted data
+ do {
+ res = io->WriteBlocks(io, io->Media->MediaId, start, (UINTN) (remains << 9), realEncryptedData);
+ if (EFI_ERROR(res)) {
+ UINT8 ar;
+ ERR_PRINT(L"Write error: %r\n", res);
+ ar = AskAR();
+ if (ar != 'R' && ar != 'r')
+ break;
+ }
+ } while (EFI_ERROR(res));
+
+ if (EFI_ERROR(res))
+ {
+ OUT_PRINT(L"\r\nFailed to write decrypted data.");
+ }
+ else
+ {
+ OUT_PRINT(L"\r\nData recovered successfully!");
+ }
}
}
- }
- else
- {
- OUT_PRINT(L"\r\nNo corrective action performed.");
- }
- }
- }
- else
- {
- OUT_PRINT(L"\n\rNo corrective action attempted.");
+ else
+ {
+ OUT_PRINT(L"\r\nNo corrective action performed.");
+ }
+ }
+ }
+ else
+ {
+ OUT_PRINT(L"\n\rNo corrective action attempted.");
+ }
+
}
-
- }
-
+ }
}
}
@@ -1566,7 +1608,7 @@ UsbScApdu(
EFI_STATUS res;
CE(InitUsb());
CE(UsbGetIO(gUSBHandles[UsbIndex], &UsbIo));
- StrHexToBytes(cmd + sizeof(CCID_HEADER_OUT), &cmdLen, hexString);
+ DcsStrHexToBytes(cmd + sizeof(CCID_HEADER_OUT), &cmdLen, hexString);
CE(UsbScTransmit(UsbIo, cmd, cmdLen + sizeof(CCID_HEADER_OUT), resp, &respLen, &statusSc));
PrintBytes(resp, respLen);
return res;
@@ -1622,7 +1664,7 @@ UpdateDcsBoot() {
UINTN gSecRigonCount = 0;
EFI_STATUS
-SecRigionMark()
+SecRegionMark()
{
UINT32 crc;
EFI_STATUS res;
@@ -1665,7 +1707,7 @@ SecRigionMark()
}
EFI_STATUS
-SecRigionWipe()
+SecRegionWipe()
{
EFI_STATUS res;
CHAR8* buf;
@@ -1719,7 +1761,7 @@ error:
}
EFI_STATUS
-SecRigionDump(
+SecRegionDump(
IN EFI_HANDLE hBio,
IN CHAR16 *prefix
)
@@ -1728,9 +1770,9 @@ SecRigionDump(
EFI_BLOCK_IO_PROTOCOL* bio;
DCS_AUTH_DATA_MARK* adm = NULL;
UINT32 crc;
- UINT8* SecRegionData = NULL;
- UINTN SecRegionSize = 0;
- UINTN SecRegionOffset = 0;
+ UINT8* SecRegionDumpData = NULL;
+ UINTN SecRegionDumpSize = 0;
+ UINTN SecRegionDumpOffset = 0;
UINTN saveSize = 0;
UINTN idx = 0;
CHAR16 name[128];
@@ -1755,42 +1797,42 @@ SecRigionDump(
res = EFI_INVALID_PARAMETER;
}
- SecRegionSize = adm->AuthDataSize * 128 * 1024;
- SecRegionData = MEM_ALLOC(SecRegionSize);
- if (SecRegionData == NULL) {
+ SecRegionDumpSize = adm->AuthDataSize * 128 * 1024;
+ SecRegionDumpData = MEM_ALLOC(SecRegionDumpSize);
+ if (SecRegionDumpData == NULL) {
res = EFI_BUFFER_TOO_SMALL;
goto err;
}
- CE(bio->ReadBlocks(bio, bio->Media->MediaId, 62, SecRegionSize, SecRegionData));
+ CE(bio->ReadBlocks(bio, bio->Media->MediaId, 62, SecRegionDumpSize, SecRegionDumpData));
do {
// EFI tables?
- if (TablesVerify(SecRegionSize - SecRegionOffset, SecRegionData + SecRegionOffset)) {
- EFI_TABLE_HEADER *mhdr = (EFI_TABLE_HEADER *)(SecRegionData + SecRegionOffset);
+ if (TablesVerify(SecRegionDumpSize - SecRegionDumpOffset, SecRegionDumpData + SecRegionDumpOffset)) {
+ EFI_TABLE_HEADER *mhdr = (EFI_TABLE_HEADER *)(SecRegionDumpData + SecRegionDumpOffset);
UINTN tblZones = (mhdr->HeaderSize + 1024 * 128 - 1) / (1024 * 128);
saveSize = tblZones * 1024 * 128;
} else {
saveSize = 1024 * 128;
}
UnicodeSPrint(name, sizeof(name), L"%s%d", prefix, idx);
- CE(FileSave(NULL, name, SecRegionData + SecRegionOffset, saveSize));
+ CE(FileSave(NULL, name, SecRegionDumpData + SecRegionDumpOffset, saveSize));
OUT_PRINT(L"%s saved\n", name);
idx += saveSize / (1024 * 128);
- SecRegionOffset += saveSize;
- } while (SecRegionOffset < SecRegionSize);
+ SecRegionDumpOffset += saveSize;
+ } while (SecRegionDumpOffset < SecRegionDumpSize);
err:
if (EFI_ERROR(res)) {
ERR_PRINT(L"%r\n", res);
}
MEM_FREE(adm);
- MEM_FREE(SecRegionData);
+ MEM_FREE(SecRegionDumpData);
return res;
}
EFI_STATUS
-SecRigionAdd(
+SecRegionAdd(
IN UINTN regIdx
)
{
diff --git a/DcsCfg/DcsCfgMain.c b/DcsCfg/DcsCfgMain.c
index 5e5d819..8e3ad81 100644
--- a/DcsCfg/DcsCfgMain.c
+++ b/DcsCfg/DcsCfgMain.c
@@ -707,7 +707,7 @@ DcsCfgMain(
CONST CHAR16* opt = NULL;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_MARK);
gSecRigonCount = StrDecimalToUintn(opt);
- SecRigionMark();
+ SecRegionMark();
} else {
ERR_PRINT(L"Select disk and security region count");
return EFI_INVALID_PARAMETER;
@@ -719,7 +719,7 @@ DcsCfgMain(
CONST CHAR16* opt = NULL;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_WIPE);
gSecRigonCount = StrDecimalToUintn(opt);
- SecRigionWipe();
+ SecRegionWipe();
}
else {
ERR_PRINT(L"Select disk and security region count");
@@ -734,7 +734,7 @@ DcsCfgMain(
UINTN secRegionIdx;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_ADD);
secRegionIdx = StrDecimalToUintn(opt);
- SecRigionAdd(secRegionIdx);
+ SecRegionAdd(secRegionIdx);
}
else {
ERR_PRINT(L"Select disk and GPT file");
@@ -746,7 +746,7 @@ DcsCfgMain(
if (ShellCommandLineGetFlag(Package, OPT_DISK_START)) {
CONST CHAR16* opt = NULL;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_DUMP);
- SecRigionDump(gBIOHandles[BioIndexStart], (CHAR16*)opt);
+ SecRegionDump(gBIOHandles[BioIndexStart], (CHAR16*)opt);
} else {
ERR_PRINT(L"Select disk");
return EFI_INVALID_PARAMETER;
diff --git a/DcsInfo/DcsInfo.inf b/DcsInfo/DcsInfo.inf
index 64eadee..1a7789a 100644
--- a/DcsInfo/DcsInfo.inf
+++ b/DcsInfo/DcsInfo.inf
@@ -71,6 +71,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI
DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
[FeaturePcd]
[Pcd]
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c
index f7c3965..a8fe493 100644
--- a/DcsInt/DcsInt.c
+++ b/DcsInt/DcsInt.c
@@ -84,7 +84,7 @@ UINTN SecRegionOffset = 0;
PCRYPTO_INFO SecRegionCryptInfo = NULL;
VOID
-CleanSensitiveData()
+CleanSensitiveData(BOOLEAN bClearBootParams)
{
if (SecRegionCryptInfo != NULL) {
MEM_BURN(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
@@ -97,6 +97,10 @@ CleanSensitiveData()
if (SecRegionData != NULL) {
MEM_BURN(SecRegionData, SecRegionSize);
}
+
+ if (bootParams != NULL && bClearBootParams) {
+ MEM_BURN(bootParams, sizeof(*bootParams));
+ }
if (gAutoPassword != NULL) {
MEM_BURN(gAutoPassword, MAX_PASSWORD);
@@ -105,7 +109,7 @@ CleanSensitiveData()
void HaltPrint(const CHAR16* Msg)
{
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
Print(L"%s - system Halted\n", Msg);
EfiCpuHalt();
}
@@ -160,29 +164,33 @@ PrepareBootParams(
IN PCRYPTO_INFO cryptoInfo)
{
BootArguments *bootArgs;
- if (bootParams == NULL) return EFI_UNSUPPORTED;
- bootArgs = &bootParams->BootArgs;
- TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
- bootArgs->BootLoaderVersion = VERSION_NUM;
- bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
- bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
- bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
- CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
- bootArgs->HiddenSystemPartitionStart = 0;
- bootArgs->DecoySystemPartitionStart = 0;
- bootArgs->BootDriveSignature = bootDriveSignature;
- bootArgs->Flags = (uint32)(gAuthPim << 16);
- bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
- bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
- bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
- bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
- SetSecRegionParamsMemory();
+ EFI_STATUS status;
+ if (bootParams == NULL) status = EFI_UNSUPPORTED;
+ else {
+ bootArgs = &bootParams->BootArgs;
+ TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
+ bootArgs->BootLoaderVersion = VERSION_NUM;
+ bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
+ bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
+ bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
+ CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
+ bootArgs->HiddenSystemPartitionStart = 0;
+ bootArgs->DecoySystemPartitionStart = 0;
+ bootArgs->BootDriveSignature = bootDriveSignature;
+ bootArgs->Flags = (uint32)(gAuthPim << 16);
+ bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
+ bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
+ bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
+ bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
+ SetSecRegionParamsMemory();
+ status = EFI_SUCCESS;
+ }
// Clean auth data
MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
MEM_BURN(&gAuthPim, sizeof(gAuthPim));
- return EFI_SUCCESS;
+ return status;
}
void GetIntersection(uint64 start1, uint32 length1, uint64 start2, uint64 end2, uint64 *intersectStart, uint32 *intersectLength)
@@ -563,12 +571,19 @@ SecRegionChangePwd() {
ZeroMem(&confirmPassword, sizeof(newPassword));
VCAskPwd(AskPwdNew, &newPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
- return EFI_NOT_READY;
+ return EFI_DCS_USER_CANCELED;
+ }
+ if (gAuthPwdCode == AskPwdRetTimeout) {
+ return EFI_TIMEOUT;
}
VCAskPwd(AskPwdConfirm, &confirmPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
MEM_BURN(&newPassword, sizeof(newPassword));
- return EFI_NOT_READY;
+ return EFI_DCS_USER_CANCELED;
+ }
+ if (gAuthPwdCode == AskPwdRetTimeout) {
+ MEM_BURN(&newPassword, sizeof(newPassword));
+ return EFI_TIMEOUT;
}
if (newPassword.Length == confirmPassword.Length) {
if (CompareMem(newPassword.Text, confirmPassword.Text, confirmPassword.Length) == 0) {
@@ -627,7 +642,7 @@ SecRegionChangePwd() {
if (key.UnicodeChar == 'r') {
MEM_BURN(&newPassword, sizeof(newPassword));
MEM_BURN(&confirmPassword, sizeof(confirmPassword));
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
gST->RuntimeServices->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
}
}
@@ -675,7 +690,10 @@ SecRegionTryDecrypt()
SecRegionOffset = 0;
VCAuthAsk();
if (gAuthPwdCode == AskPwdRetCancel) {
- return EFI_NOT_READY;
+ return EFI_DCS_USER_CANCELED;
+ }
+ if (gAuthPwdCode == AskPwdRetTimeout) {
+ return EFI_TIMEOUT;
}
OUT_PRINT(L"%a", gAuthStartMsg);
do {
@@ -698,6 +716,10 @@ SecRegionTryDecrypt()
break;
} else {
ERR_PRINT(L"%a", gAuthErrorMsg);
+ // clear previous failed authentication information
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ if (gAuthPimRqt)
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
}
retry--;
} while (vcres != 0 && retry > 0);
@@ -793,6 +815,8 @@ SecRegionTryDecrypt()
enum OnExitTypes{
OnExitAuthFaild = 1,
OnExitAuthNotFound,
+ OnExitAuthTimeout,
+ OnExitAuthCancelled,
OnExitSuccess
};
@@ -820,7 +844,7 @@ AsciiStrNStr(
++posp;
++pos2;
}
- if (*pos2 == 0) return NULL;
+ if (*pos2 == 0 && *posp) return NULL;
if (*posp == 0) return pos1;
++pos1;
}
@@ -866,10 +890,17 @@ OnExit(
CHAR8* delayStr = NULL;
EFI_GUID *guid = NULL;
CHAR16 *fileStr = NULL;
+
+ if (EFI_ERROR(retValue))
+ {
+ CleanSensitiveData(TRUE);
+ }
+
if (action == NULL) return retValue;
+
if (OnExitGetParam(action, "guid", &guidStr, NULL)) {
EFI_GUID tmp;
- if (AsciiStrToGuid(&tmp, guidStr)) {
+ if (DcsAsciiStrToGuid(&tmp, guidStr)) {
guid = MEM_ALLOC(sizeof(EFI_GUID));
CopyMem(guid, &tmp, sizeof(EFI_GUID));
}
@@ -905,29 +936,43 @@ OnExit(
}
if (AsciiStrNStr(action, "halt") == action) {
- EfiCpuHalt();
+ retValue = EFI_DCS_HALT_REQUESTED;
+ }
+
+ else if (AsciiStrNStr(action, "shutdown") == action) {
+ retValue = EFI_DCS_SHUTDOWN_REQUESTED;
+ }
+
+ else if (AsciiStrNStr(action, "reboot") == action) {
+ retValue = EFI_DCS_REBOOT_REQUESTED;
}
- if (AsciiStrNStr(action, "exec") == action) {
+ else if (AsciiStrNStr(action, "exec") == action) {
if (guid != NULL) {
EFI_STATUS res;
EFI_HANDLE h;
res = EfiFindPartByGUID(guid, &h);
if (EFI_ERROR(res)) {
ERR_PRINT(L"\nCan't find start partition\n");
- EfiCpuHalt();
+ CleanSensitiveData(TRUE);
+ retValue = EFI_DCS_HALT_REQUESTED;
+ goto exit;
}
// Try to exec
if (fileStr != NULL) {
res = EfiExec(h, fileStr);
if (EFI_ERROR(res)) {
ERR_PRINT(L"\nStart %s - %r\n", fileStr, res);
- EfiCpuHalt();
+ CleanSensitiveData(TRUE);
+ retValue = EFI_DCS_HALT_REQUESTED;
+ goto exit;
}
}
else {
ERR_PRINT(L"\nNo EFI execution path specified. Halting!\n");
- EfiCpuHalt();
+ CleanSensitiveData(TRUE);
+ retValue = EFI_DCS_HALT_REQUESTED;
+ goto exit;
}
}
@@ -937,17 +982,19 @@ OnExit(
goto exit;
}
- if (AsciiStrNStr(action, "postexec") == action) {
+ else if (AsciiStrNStr(action, "postexec") == action) {
if (guid != NULL) {
EfiSetVar(L"DcsExecPartGuid", NULL, &guid, sizeof(EFI_GUID), EFI_VARIABLE_BOOTSERVICE_ACCESS);
}
if (fileStr != NULL) {
EfiSetVar(L"DcsExecCmd", NULL, fileStr, (StrLen(fileStr) + 1) * 2, EFI_VARIABLE_BOOTSERVICE_ACCESS);
}
+
+ retValue = EFI_DCS_POSTEXEC_REQUESTED;
goto exit;
}
- if (AsciiStrStr(action, "exit") == action) {
+ else if (AsciiStrStr(action, "exit") == action) {
goto exit;
}
@@ -973,7 +1020,7 @@ VirtualNotifyEvent(
)
{
// Clean all sensible info and keys before transfer to OS
- CleanSensitiveData();
+ CleanSensitiveData(FALSE);
}
//////////////////////////////////////////////////////////////////////////
@@ -1151,7 +1198,16 @@ UefiMain(
gST->ConIn->Reset(gST->ConIn, FALSE);
if (EFI_ERROR(res)) {
- return OnExit(gOnExitFailed, OnExitAuthFaild, res);
+ // clear buffers with potential authentication data
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
+
+ if (res == EFI_TIMEOUT)
+ return OnExit(gOnExitTimeout, OnExitAuthTimeout, res);
+ else if (res == EFI_DCS_USER_CANCELED)
+ return OnExit(gOnExitCancelled, OnExitAuthCancelled, res);
+ else
+ return OnExit(gOnExitFailed, OnExitAuthFaild, res);
}
res = PrepareBootParams(BootDriveSignature, SecRegionCryptInfo);
diff --git a/DcsInt/DcsInt.inf b/DcsInt/DcsInt.inf
index e79dcc6..1fa0a4c 100644
--- a/DcsInt/DcsInt.inf
+++ b/DcsInt/DcsInt.inf
@@ -78,6 +78,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI
DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
DEBUG_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
RELEASE_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
@@ -86,6 +90,9 @@ DEBUG_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
RELEASE_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+DEBUG_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+RELEASE_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
+NOOPT_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
[FeaturePcd]
diff --git a/DcsRe/DcsRe.c b/DcsRe/DcsRe.c
index 7f4096f..aa6f2ed 100644
--- a/DcsRe/DcsRe.c
+++ b/DcsRe/DcsRe.c
@@ -21,11 +21,15 @@ https://opensource.org/licenses/LGPL-3.0
#include "common/Tcdefs.h"
#ifdef _M_X64
+#define ARCHdot L"x64."
#define ARCHdotEFI L"x64.efi"
#else
+#define ARCHdot L"IA32."
#define ARCHdotEFI L"IA32.efi"
#endif
+CONST CHAR8* g_szMsBootString = "bootmgfw.pdb";
+CONST CHAR16* g_szVcBootString = L"VeraCrypt";
//////////////////////////////////////////////////////////////////////////
// Menu
@@ -48,48 +52,56 @@ SelectEfiVolume()
EFI_FILE *file;
EFI_FILE **efiVolumes;
UINTN efiVolumesCount = 0;
- EFI_HANDLE startHandle;
if (EfiBootVolume != NULL) return;
- res = EfiGetStartDevice(&startHandle);
- if (EFI_ERROR(res)) {
- ERR_PRINT(L"GetStartDevice %r", res);
- return;
- }
+
efiVolumes = MEM_ALLOC(sizeof(EFI_FILE*) * gFSCount);
for (i = 0; i < gFSCount; ++i) {
+ if (gFSHandles[i] == gFileRootHandle)
+ continue;
res = FileOpenRoot(gFSHandles[i], &file);
- if(EFI_ERROR(res)) continue;
- if (!EFI_ERROR(FileExist(file, L"EFI\\Boot\\boot" ARCHdotEFI))) {
+ if(EFI_ERROR(res)) { ERR_PRINT(L"FileOpenRoot %r\n", res); continue;}
+ if ( !EFI_ERROR(FileExist(file, L"EFI\\Boot\\boot" ARCHdotEFI))
+ || !EFI_ERROR(FileExist(file, L"EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ || !EFI_ERROR(FileExist(file, L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc"))
+ )
+ {
efiVolumesCount++;
efiVolumes[i] = file;
- if (gFSHandles[i] != startHandle) {
- EfiBootVolumeIndex = i;
- EfiBootVolume = file;
- }
+ EfiBootVolumeIndex = i;
+ EfiBootVolume = file;
} else {
FileClose(file);
}
}
-
- for (i = 0; i < gFSCount; ++i) {
- OUT_PRINT(L"%H%d)%N ", i);
- if (efiVolumes[i] != NULL) {
- if (gFSHandles[i] == startHandle) {
- OUT_PRINT(L"%V [Boot Rescue] %N");
- }
- else {
+
+ if (efiVolumesCount > 1)
+ {
+ for (i = 0; i < gFSCount; ++i) {
+ OUT_PRINT(L"%H%d)%N ", i);
+ if (efiVolumes[i] != NULL) {
OUT_PRINT(L"%V [Boot] %N");
}
+ EfiPrintDevicePath(gFSHandles[i]);
+ OUT_PRINT(L"\n");
}
- EfiPrintDevicePath(gFSHandles[i]);
- OUT_PRINT(L"\n");
- }
- do {
- EfiBootVolumeIndex = AskUINTN("Select EFI boot volume:", EfiBootVolumeIndex);
- if (EfiBootVolumeIndex >= gFSCount) continue;
- EfiBootVolume = efiVolumes[EfiBootVolumeIndex];
- } while (EfiBootVolume == NULL);
+ do {
+ EfiBootVolumeIndex = AskUINTN("Select EFI boot volume:", EfiBootVolumeIndex);
+ if (EfiBootVolumeIndex >= gFSCount) continue;
+ EfiBootVolume = efiVolumes[EfiBootVolumeIndex];
+ } while (EfiBootVolume == NULL);
+
+ /* free unused descriptors */
+ for (i = 0; i < gFSCount; ++i) {
+ if (efiVolumes[i] != NULL && efiVolumes[i] != EfiBootVolume) {
+ FileClose(efiVolumes[i]);
+ }
+ }
+
+ OUT_PRINT (L"\n");
+ }
+
+
MEM_FREE(efiVolumes);
}
@@ -113,6 +125,54 @@ ActionDcsBoot(IN VOID* ctx) {
return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\VeraCrypt\\DcsBoot.efi");
}
+EFI_STATUS
+ActionWindowsBoot(IN VOID* ctx) {
+ if (AskConfirm("If Windows is encrypted, Windows original loader will fail to start.\r\nDo you want to continue? [N]", 1))
+ {
+ SelectEfiVolume();
+ if (EfiBootVolume == NULL) return EFI_NOT_READY;
+ if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc")))
+ return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc");
+ else
+ {
+ if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi")))
+ {
+ /* check if it is Microsoft one */
+ UINT8* fileData = NULL;
+ UINTN fileSize = 0;
+ BOOLEAN bFound = FALSE;
+ if (!EFI_ERROR(FileLoad(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi", &fileData, &fileSize)))
+ {
+ if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+ {
+ bFound = TRUE;
+ }
+ }
+
+ MEM_FREE(fileData);
+
+ if (bFound)
+ return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw.efi");
+ }
+
+ /* copy our backup copy and then boot from it*/
+ if (!EFI_ERROR(FileExist(NULL, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup")))
+ {
+ if (!EFI_ERROR(FileCopy(NULL, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup", EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", 1024 * 1024)))
+ {
+ return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc");
+ }
+ }
+
+ ERR_PRINT(L"Could not find the original Windows loader\r\n");
+
+ return EFI_NOT_READY;
+ }
+ }
+ else
+ return EFI_SUCCESS;
+}
+
CHAR16* DcsBootBins[] = {
L"EFI\\VeraCrypt\\DcsBoot.efi",
L"EFI\\VeraCrypt\\DcsInt.dcs",
@@ -130,11 +190,73 @@ ActionRestoreDcsLoader(IN VOID* ctx) {
UINTN i;
SelectEfiVolume();
if (EfiBootVolume == NULL) return EFI_NOT_READY;
+
+ DirectoryCreate (EfiBootVolume, L"EFI\\VeraCrypt");
+
for (i = 0; i < sizeof(DcsBootBins) / sizeof(CHAR16*); ++i) {
res = FileCopy(NULL, DcsBootBins[i], EfiBootVolume, DcsBootBins[i], 1024 * 1024);
if (EFI_ERROR(res)) return res;
}
- return res;
+ /* restore standard boot file */
+ if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI)))
+ {
+ /* check if it is Microsoft one or ours */
+ UINT8* fileData = NULL;
+ UINTN fileSize = 0;
+ res = EFI_SUCCESS;
+ if (!EFI_ERROR(FileLoad(EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, &fileData, &fileSize)))
+ {
+ if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+ {
+ res = FileCopy(EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, EfiBootVolume, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup", 1024 * 1024);
+ if (!EFI_ERROR(res))
+ res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, 1024 * 1024);
+ }
+ else if ((fileSize <= 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szVcBootString, StrLen (g_szVcBootString) * 2)))
+ {
+ res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, 1024 * 1024);
+ }
+ MEM_FREE(fileData);
+
+ if (EFI_ERROR(res)) return res;
+ }
+ }
+ else if (!EFI_ERROR(FileExist(EfiBootVolume, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup")))
+ {
+ res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, 1024 * 1024);
+ if (EFI_ERROR(res)) return res;
+ }
+
+ if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi")))
+ {
+ /* check if it is Microsoft one */
+ UINT8* fileData = NULL;
+ UINTN fileSize = 0;
+ res = EFI_SUCCESS;
+ if (!EFI_ERROR(FileLoad(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi", &fileData, &fileSize)))
+ {
+ if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+ {
+ res = FileCopy(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi", EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", 1024 * 1024);
+ }
+
+ MEM_FREE(fileData);
+
+ if (EFI_ERROR(res)) return res;
+ }
+
+ res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", 1024 * 1024);
+ if (EFI_ERROR(res)) return res;
+ }
+ else if (!EFI_ERROR(FileExist(EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc")))
+ {
+ res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", 1024 * 1024);
+ if (EFI_ERROR(res)) return res;
+ }
+
+ OUT_PRINT (L"\nVeraCrypt Loader restored to disk successfully\n\n");
+
+ return EFI_SUCCESS;
}
CHAR16* sDcsBootEfi = L"EFI\\VeraCrypt\\DcsBoot.efi";
@@ -236,54 +358,67 @@ DcsReMain(
ERR_PRINT(L"InitFS %r\n", res);
return res;
}
+
+ if (!EFI_ERROR(DirectoryExists(NULL, L"EFI\\VeraCrypt")))
+ {
+ item = DcsMenuAppend(NULL, L"Decrypt OS", 'd', ActionDecryptOS, NULL);
+ gMenu = item;
+ item = DcsMenuAppend(item, L"Restore VeraCrypt loader to boot menu", 'm', ActionRestoreDcsBootMenu, NULL);
+ item = DcsMenuAppend(item, L"Remove VeraCrypt loader from boot menu", 'z' , ActionRemoveDcsBootMenu, NULL);
+
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsProp"))) {
+ item = DcsMenuAppend(item, L"Restore VeraCrypt loader configuration to system disk", 'c', ActionRestoreDcsProp, NULL);
+ }
- item = DcsMenuAppend(NULL, L"Decrypt OS", 'd', ActionDecryptOS, NULL);
- gMenu = item;
- item = DcsMenuAppend(item, L"Restore VeraCrypt loader to boot menu", 'm', ActionRestoreDcsBootMenu, NULL);
- item = DcsMenuAppend(item, L"Remove VeraCrypt loader from boot menu", 'z' , ActionRemoveDcsBootMenu, NULL);
-
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsProp"))) {
- item = DcsMenuAppend(item, L"Restore VeraCrypt loader configuration to system disk", 'c', ActionRestoreDcsProp, NULL);
- }
-
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\svh_bak"))) {
- item = DcsMenuAppend(item, L"Restore OS header keys", 'k', ActionRestoreHeader, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\svh_bak"))) {
+ item = DcsMenuAppend(item, L"Restore OS header keys", 'k', ActionRestoreHeader, NULL);
+ }
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi"))) {
- item = DcsMenuAppend(item, L"Restore VeraCrypt loader binaries to system disk", 'r', ActionRestoreDcsLoader, NULL);
- item = DcsMenuAppend(item, L"Boot VeraCrypt loader from rescue disk", 'v', ActionDcsBoot, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi"))) {
+ item = DcsMenuAppend(item, L"Restore VeraCrypt loader binaries to system disk", 'r', ActionRestoreDcsLoader, NULL);
+ item = DcsMenuAppend(item, L"Boot VeraCrypt loader from rescue disk", 'v', ActionDcsBoot, NULL);
+ }
+
+ item = DcsMenuAppend(item, L"Boot Original Windows Loader", 'o', ActionWindowsBoot, NULL);
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\Boot\\WinPE_boot" ARCHdotEFI))) {
- item = DcsMenuAppend(item, L"Boot Windows PE from rescue disk", 'w', ActionBootWinPE, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\Boot\\WinPE_boot" ARCHdotEFI))) {
+ item = DcsMenuAppend(item, L"Boot Windows PE from rescue disk", 'w', ActionBootWinPE, NULL);
+ }
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\Shell\\Shell.efi"))) {
- item = DcsMenuAppend(item, L"Boot Shell.efi from rescue disk", 's', ActionShell, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\Shell\\Shell.efi"))) {
+ item = DcsMenuAppend(item, L"Boot Shell.efi from rescue disk", 's', ActionShell, NULL);
+ }
- item = DcsMenuAppend(item, L"Help", 'h', ActionHelp, NULL);
- item = DcsMenuAppend(item, L"Exit", 'e', ActionExit, NULL);
- OUT_PRINT(L"%V%a rescue disk %a%N\n", TC_APP_NAME, VERSION_STRING);
- gBS->SetWatchdogTimer(0, 0, 0, NULL);
- do {
- DcsMenuPrint(gMenu);
- item = NULL;
- key.UnicodeChar = 0;
- while (item == NULL) {
- item = gMenu;
- key = GetKey();
- while (item != NULL) {
- if (item->Select == key.UnicodeChar) break;
- item = item->Next;
+ item = DcsMenuAppend(item, L"Help", 'h', ActionHelp, NULL);
+ item = DcsMenuAppend(item, L"Exit", 'e', ActionExit, NULL);
+ OUT_PRINT(L"%V%a rescue disk %a%N\n", TC_APP_NAME, VERSION_STRING);
+ gBS->SetWatchdogTimer(0, 0, 0, NULL);
+ do {
+ DcsMenuPrint(gMenu);
+ item = NULL;
+ key.UnicodeChar = 0;
+ while (item == NULL) {
+ item = gMenu;
+ key = GetKey();
+ while (item != NULL) {
+ if (item->Select == key.UnicodeChar) break;
+ item = item->Next;
+ }
}
- }
- OUT_PRINT(L"%c\n",key.UnicodeChar);
- res = item->Action(item->Context);
+ OUT_PRINT(L"%c\n",key.UnicodeChar);
+ res = item->Action(item->Context);
+ if (EFI_ERROR(res)) {
+ ERR_PRINT(L"%r\n", res);
+ }
+ } while (gContiniue);
+ }
+ else
+ {
+ /* No VeraCrypt folder. Boot directly from the hard drive */
+ res = ActionDcsBoot (NULL);
if (EFI_ERROR(res)) {
ERR_PRINT(L"%r\n", res);
}
- } while (gContiniue);
+ }
return EFI_INVALID_PARAMETER;
}
diff --git a/DcsRe/DcsRe.inf b/DcsRe/DcsRe.inf
index e103865..5aa63f5 100644
--- a/DcsRe/DcsRe.inf
+++ b/DcsRe/DcsRe.inf
@@ -68,6 +68,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI
DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
[FeaturePcd]
[Pcd]
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h
index 9a15afd..2cf10d3 100644
--- a/Include/Library/CommonLib.h
+++ b/Include/Library/CommonLib.h
@@ -25,6 +25,16 @@ https://opensource.org/licenses/LGPL-3.0
#include <Uefi/UefiGpt.h>
//////////////////////////////////////////////////////////////////////////
+// Custom error codes
+//////////////////////////////////////////////////////////////////////////
+
+#define EFI_DCS_SHUTDOWN_REQUESTED ENCODE_ERROR(0xDC50001)
+#define EFI_DCS_REBOOT_REQUESTED ENCODE_ERROR(0xDC50002)
+#define EFI_DCS_HALT_REQUESTED ENCODE_ERROR(0xDC50003)
+#define EFI_DCS_USER_CANCELED ENCODE_ERROR(0xDC50004)
+#define EFI_DCS_POSTEXEC_REQUESTED ENCODE_ERROR(0xDC50005)
+
+//////////////////////////////////////////////////////////////////////////
// Check error
//////////////////////////////////////////////////////////////////////////
extern UINTN gCELine;
@@ -72,6 +82,13 @@ PrepareMemory(
IN UINTN len,
OUT VOID** mem
);
+
+EFI_STATUS
+MemoryHasPattern (
+ CONST VOID* buffer,
+ UINTN bufferLen,
+ CONST VOID* pattern,
+ UINTN patternLen);
//////////////////////////////////////////////////////////////////////////
// handles
@@ -412,7 +429,7 @@ AsciiHexToByte(
);
BOOLEAN
-AsciiStrToGuid(
+DcsAsciiStrToGuid(
OUT EFI_GUID *guid,
IN CHAR8 *str
);
@@ -425,7 +442,7 @@ AsciiHexToBytes(
);
BOOLEAN
-StrHexToBytes(
+DcsStrHexToBytes(
OUT UINT8 *b,
IN UINTN *bytesLen,
IN CHAR16 *str
@@ -643,6 +660,18 @@ EFI_STATUS
InitFS();
EFI_STATUS
+DirectoryCreate(
+ IN EFI_FILE* root,
+ IN CHAR16* name
+ );
+
+EFI_STATUS
+DirectoryExists(
+ IN EFI_FILE* root,
+ IN CHAR16* name
+ );
+
+EFI_STATUS
FileOpenRoot(
IN EFI_HANDLE rootHandle,
OUT EFI_FILE** rootFile);
@@ -677,7 +706,7 @@ EFI_STATUS
FileWrite(
IN EFI_FILE* f,
IN VOID* data,
- IN OUT UINTN* bytes,
+ IN OUT UINTN bytes,
IN OUT UINT64* position);
UINTN
diff --git a/Include/Library/PasswordLib.h b/Include/Library/PasswordLib.h
index 25ee1aa..6289763 100644
--- a/Include/Library/PasswordLib.h
+++ b/Include/Library/PasswordLib.h
@@ -25,6 +25,7 @@ extern UINTN gPasswordPictureCharsLen;
extern UINT8 gPasswordVisible;
extern UINT8 gPasswordProgress;
extern int gPasswordTimeout;
+extern UINTN gKeyboardInputDelay;
extern int gPasswordShowMark;
extern VOID* gPictPwdBmp;
@@ -43,7 +44,8 @@ enum AskPwdType {
enum AskPwdRetCode {
AskPwdRetCancel = 0,
AskPwdRetLogin = 1,
- AskPwdRetChange
+ AskPwdRetChange = 2,
+ AskPwdRetTimeout
};
VOID
diff --git a/Library/CommonLib/EfiConsole.c b/Library/CommonLib/EfiConsole.c
index 0d94235..daf087f 100644
--- a/Library/CommonLib/EfiConsole.c
+++ b/Library/CommonLib/EfiConsole.c
@@ -175,7 +175,7 @@ ConsoleShowTip(
// remove tip
for (i = 0; i < StrLen(tip); ++i) {
- OUT_PRINT(L"\b \b", tip);
+ OUT_PRINT(L"\b \b");
}
}
@@ -366,7 +366,7 @@ AsciiHexToByte(
}
BOOLEAN
-AsciiStrToGuid(
+DcsAsciiStrToGuid(
OUT EFI_GUID *guid,
IN CHAR8 *str
)
@@ -428,7 +428,7 @@ AsciiHexToBytes(
}
BOOLEAN
-StrHexToBytes(
+DcsStrHexToBytes(
OUT UINT8 *b,
IN UINTN *bytesLen,
IN CHAR16 *str
diff --git a/Library/CommonLib/EfiFile.c b/Library/CommonLib/EfiFile.c
index fdc999c..4ea164e 100644
--- a/Library/CommonLib/EfiFile.c
+++ b/Library/CommonLib/EfiFile.c
@@ -42,6 +42,38 @@ InitFS() {
}
EFI_STATUS
+DirectoryCreate(
+ IN EFI_FILE* root,
+ IN CHAR16* name
+ )
+{
+ EFI_FILE* file;
+ EFI_STATUS res;
+ if (!name) { return EFI_INVALID_PARAMETER; }
+
+ res = FileOpen(root, name, &file, EFI_FILE_MODE_READ | EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE, EFI_FILE_DIRECTORY);
+ if (EFI_ERROR(res)) return res;
+ FileClose(file);
+ return res;
+}
+
+EFI_STATUS
+DirectoryExists(
+ IN EFI_FILE* root,
+ IN CHAR16* name
+ )
+{
+ EFI_FILE* file;
+ EFI_STATUS res;
+ if (!name) { return EFI_INVALID_PARAMETER; }
+
+ res = FileOpen(root, name, &file, EFI_FILE_MODE_READ, EFI_FILE_DIRECTORY);
+ if (EFI_ERROR(res)) return res;
+ FileClose(file);
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
FileOpenRoot(
IN EFI_HANDLE rootHandle,
OUT EFI_FILE** rootFile)
@@ -131,12 +163,14 @@ EFI_STATUS
FileWrite(
IN EFI_FILE* f,
IN VOID* data,
- IN OUT UINTN* bytes,
+ IN OUT UINTN bytes,
IN OUT UINT64* position)
{
EFI_STATUS res;
+ UINTN remaining;
+ UINT8* pbData = (UINT8*) data;
- if (!f || !data || !bytes) {
+ if (!f || !data) {
return EFI_INVALID_PARAMETER;
}
if (position != NULL) {
@@ -145,7 +179,20 @@ FileWrite(
return res;
}
}
- res = f->Write(f, bytes, data);
+ remaining = bytes;
+ res = f->Write(f, &bytes, pbData);
+ if (!EFI_ERROR(res)) {
+ remaining -= bytes;
+ pbData += bytes;
+ bytes = remaining;
+ while ((remaining > 0) && !EFI_ERROR(res))
+ {
+ res = f->Write(f, &bytes, pbData);
+ remaining -= bytes;
+ pbData += bytes;
+ bytes = remaining;
+ }
+ }
if (position != NULL) {
f->GetPosition(f, position);
}
@@ -265,12 +312,11 @@ FileSave(
{
EFI_FILE* file;
EFI_STATUS res;
- UINTN sz = size;
if (!data || !name) { return EFI_INVALID_PARAMETER; }
FileDelete(root, name);
res = FileOpen(root, name, &file, EFI_FILE_MODE_READ | EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE, 0);
if (EFI_ERROR(res)) return res;
- res = FileWrite(file, data, &sz, NULL);
+ res = FileWrite(file, data, size, NULL);
FileClose(file);
return res;
}
@@ -348,7 +394,8 @@ FileCopy(
res = EFI_BUFFER_TOO_SMALL;
goto copyerr;
}
-
+
+ FileDelete (dstroot, dst);
res = FileOpen(dstroot, dst, &dstfile, EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, 0);
if (EFI_ERROR(res)) goto copyerr;
@@ -356,7 +403,7 @@ FileCopy(
datasz = remains > bufSz ? bufSz : remains;
res =FileRead(srcfile, data, &datasz, NULL);
if (EFI_ERROR(res)) goto copyerr;
- res = FileWrite(dstfile, data, &datasz, NULL);
+ res = FileWrite(dstfile, data, datasz, NULL);
if (EFI_ERROR(res)) goto copyerr;
remains -= datasz;
} while (remains > 0);
diff --git a/Library/CommonLib/EfiMem.c b/Library/CommonLib/EfiMem.c
index d9386c0..872d3de 100644
--- a/Library/CommonLib/EfiMem.c
+++ b/Library/CommonLib/EfiMem.c
@@ -72,3 +72,30 @@ PrepareMemory(
*mem = buf;
return status;
}
+
+//////////////////////////////////////////////////////////////////////////
+// Memory misc
+//////////////////////////////////////////////////////////////////////////
+EFI_STATUS MemoryHasPattern (
+ CONST VOID* buffer,
+ UINTN bufferLen,
+ CONST VOID* pattern,
+ UINTN patternLen)
+{
+ EFI_STATUS status = EFI_NOT_FOUND;
+ if (patternLen <= bufferLen)
+ {
+ UINTN i;
+ CONST UINT8* memPtr = (CONST UINT8*) buffer;
+ for (i = 0; i <= (bufferLen - patternLen); ++i)
+ {
+ if (CompareMem (&memPtr[i], pattern, patternLen) == 0)
+ {
+ status = EFI_SUCCESS;
+ break;
+ }
+ }
+ }
+
+ return status;
+}
diff --git a/Library/DcsCfgLib/DcsCfgLib.inf b/Library/DcsCfgLib/DcsCfgLib.inf
index d199bb1..2dd0aab 100644
--- a/Library/DcsCfgLib/DcsCfgLib.inf
+++ b/Library/DcsCfgLib/DcsCfgLib.inf
@@ -74,6 +74,10 @@ DEBUG_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE
RELEASE_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+
RELEASE_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
@@ -81,3 +85,7 @@ NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
RELEASE_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+
+RELEASE_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+DEBUG_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+NOOPT_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c
index bae8f1e..1cb2b35 100644
--- a/Library/DcsCfgLib/GptEdit.c
+++ b/Library/DcsCfgLib/GptEdit.c
@@ -161,7 +161,7 @@ GptLoadFromDisk(
EFI_PARTITION_ENTRY *part;
part = &GptMainEntrys[i];
if (CompareMem(&gEfiPartTypeSystemPartGuid, &part->PartitionTypeGUID, sizeof(EFI_GUID)) == 0) {
- CHAR16* defExec = L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi";
+ CHAR16* defExec = L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc";
DeExecParams = MEM_ALLOC(sizeof(*DeExecParams));
ZeroMem(DeExecParams, sizeof(*DeExecParams));
CopyMem(&DeExecParams->ExecPartGuid, &part->UniquePartitionGUID, sizeof(EFI_GUID));
@@ -289,13 +289,13 @@ DeListSaveToFile() {
UINTN pad;
len = (UINTN)DeList->DE[i].Length;
pad = (((len + 511) >> 9) << 9) - len;
- res = FileWrite(file, DeData[i], &len, NULL);
+ res = FileWrite(file, DeData[i], len, NULL);
if (EFI_ERROR(res)) {
ERR_PRINT(L"Write: %r\n", res);
goto error;
}
if (pad > 0) {
- res = FileWrite(file, pad512buf, &pad, NULL);
+ res = FileWrite(file, pad512buf, pad, NULL);
if (EFI_ERROR(res)) {
ERR_PRINT(L"Write: %r\n", res);
goto error;
@@ -636,7 +636,7 @@ GptAskGUID(
ok = TRUE;
}
else {
- ok = AsciiStrToGuid(&result, buf);
+ ok = DcsAsciiStrToGuid(&result, buf);
if (ok) {
CopyMem(guid, &result, sizeof(result));
}
diff --git a/Library/DcsTpmLib/Tpm20.c b/Library/DcsTpmLib/Tpm20.c
index 3ddc4df..182742e 100644
--- a/Library/DcsTpmLib/Tpm20.c
+++ b/Library/DcsTpmLib/Tpm20.c
@@ -539,7 +539,7 @@ DcsTpm2NvRead(
{
EFI_STATUS res;
TPMI_SH_AUTH_SESSION SessionHandle = 0;
- UINT32 PcrMask,
+ UINT32 PcrMask;
CE(DcsTpm2NVReadPcrMask(&PcrMask));
diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c
index 6894b50..8270290 100644
--- a/Library/PasswordLib/ConsolePassword.c
+++ b/Library/PasswordLib/ConsolePassword.c
@@ -29,6 +29,8 @@ AskConsolePwdInt(
EFI_INPUT_KEY key;
UINT32 count = 0;
UINTN i;
+
+ if ((asciiLine != NULL) && (line_max >= 1)) asciiLine[0] = '\0';
gST->ConOut->EnableCursor(gST->ConOut, TRUE);
if (gPasswordTimeout) {
@@ -36,20 +38,21 @@ AskConsolePwdInt(
UINTN EventIndex = 0;
InputEvents[0] = gST->ConIn->WaitForKey;
gBS->CreateEvent(EVT_TIMER, 0, (EFI_EVENT_NOTIFY)NULL, NULL, &InputEvents[1]);
- gBS->SetTimer(InputEvents[1], TimerPeriodic, 10000000 * gPasswordTimeout);
+ gBS->SetTimer(InputEvents[1], TimerRelative, 10000000 * gPasswordTimeout);
gBS->WaitForEvent(2, InputEvents, &EventIndex);
- gPasswordTimeout = 0;
+ gBS->SetTimer(InputEvents[1], TimerCancel, 0);
gBS->CloseEvent(InputEvents[1]);
if (EventIndex == 1) {
- *retCode = AskPwdRetCancel;
+ *retCode = AskPwdRetTimeout;
return ;
}
}
do {
key = GetKey();
- // Remove dirty chars 0.1s
- FlushInputDelay(100000);
+ // Remove dirty chars
+ if (gKeyboardInputDelay)
+ FlushInputDelay(gKeyboardInputDelay * 1000);
if (key.ScanCode == SCAN_ESC) {
*retCode = AskPwdRetCancel;
@@ -63,19 +66,21 @@ AskConsolePwdInt(
if (key.ScanCode == SCAN_F5) {
show = show ? 0 : 1;
- if (show) {
- for (i = 0; i < count; i++) {
- OUT_PRINT(L"\b");
- }
- OUT_PRINT(L"%a", asciiLine);
- }
- else {
- for (i = 0; i < count; i++) {
- OUT_PRINT(L"\b");
+ if (count > 0) {
+ if (show) {
+ for (i = 0; i < count; i++) {
+ OUT_PRINT(L"\b");
+ }
+ OUT_PRINT(L"%a", asciiLine);
}
- if (gPasswordProgress) {
+ else {
for (i = 0; i < count; i++) {
- OUT_PRINT(L"*");
+ OUT_PRINT(L"\b");
+ }
+ if (gPasswordProgress) {
+ for (i = 0; i < count; i++) {
+ OUT_PRINT(L"*");
+ }
}
}
}
@@ -101,7 +106,7 @@ AskConsolePwdInt(
break;
}
- if ((count >= line_max &&
+ if ((count >= (line_max - 1) &&
key.UnicodeChar != CHAR_BACKSPACE) ||
key.UnicodeChar == CHAR_NULL ||
key.UnicodeChar == CHAR_TAB ||
diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c
index b2d8fad..7ce4014 100644
--- a/Library/PasswordLib/PicturePassword.c
+++ b/Library/PasswordLib/PicturePassword.c
@@ -32,6 +32,7 @@ UINT8 gPasswordVisible = 0;
int gPasswordShowMark = 1;
UINT8 gPasswordProgress = 1;
int gPasswordTimeout = 0;
+UINTN gKeyboardInputDelay = 100;
int gPlatformLocked = 0;
int gTPMLocked = 0;
@@ -285,7 +286,6 @@ AskPictPwdInt(
CHAR8 pwdNewChar = 0;
if (gPasswordTimeout) {
- UINTN EventIndex = 0;
InputEvents[0] = gST->ConIn->WaitForKey;
eventsCount = 2;
if (gTouchPointer != NULL) {
diff --git a/Library/VeraCryptLib/DcsProp b/Library/VeraCryptLib/DcsProp
index e0b6691..c9ca1ff 100644
--- a/Library/VeraCryptLib/DcsProp
+++ b/Library/VeraCryptLib/DcsProp
@@ -6,7 +6,7 @@
0 - text message is displayed
PasswordMsg to specify message
1 - touch picture password if touch is supported by EFI. check PlatformInfo
- PasswordPicture to specify bitmap
+ PasswordPicture to specify bitmap (only support BITMAPINFOHEADER format)
-->
<config key="PasswordType">0</config>
<config key="PasswordMsg">Password:</config>
@@ -179,4 +179,4 @@ Hash:</config-->
<config key="BeepControl">1</config>
</configuration>
-</VeraCrypt> \ No newline at end of file
+</VeraCrypt>
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c
index 5d9be88..c165d9f 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.c
+++ b/Library/VeraCryptLib/DcsVeraCrypt.c
@@ -81,13 +81,15 @@ UINT8 gForcePasswordProgress = 1;
CHAR8* gOnExitFailed = NULL;
CHAR8* gOnExitSuccess = NULL;
CHAR8* gOnExitNotFound = NULL;
+CHAR8* gOnExitTimeout = NULL;
+CHAR8* gOnExitCancelled = NULL;
//////////////////////////////////////////////////////////////////////////
// Authorize
/////////////////////////////////////////////////////////////////////////
#define VCCONFIG_ALLOC(data, size) \
- if(data == NULL) MEM_FREE(data); \
+ if(data != NULL) MEM_FREE(data); \
data = MEM_ALLOC(size);
VOID
@@ -147,7 +149,8 @@ VCAuthLoadConfig()
gPasswordProgress = (UINT8)ConfigReadInt("AuthorizeProgress", 1); // print "*"
gPasswordVisible = (UINT8)ConfigReadInt("AuthorizeVisible", 0); // show chars
gPasswordShowMark = ConfigReadInt("AuthorizeMarkTouch", 1); // show touch points
- gPasswordTimeout = (UINT8)ConfigReadInt("PasswordTimeout", 0); // If no password for <seconds> => <ESC>
+ gPasswordTimeout = (UINTN)ConfigReadInt("PasswordTimeout", 180); // If no password for <seconds> => <ESC>
+ gKeyboardInputDelay = (UINTN)ConfigReadInt("KeyboardInputDelay", 100); // minimum number of ms between two valid key strokes, anything between is discarded
gDcsBootForce = ConfigReadInt("DcsBootForce", 1); // Ask password even if no USB marked found.
@@ -181,12 +184,16 @@ VCAuthLoadConfig()
ConfigReadString("ActionNotFound", "Exit", gOnExitNotFound, MAX_MSG);
VCCONFIG_ALLOC(gOnExitFailed, MAX_MSG);
ConfigReadString("ActionFailed", "Exit", gOnExitFailed, MAX_MSG);
+ VCCONFIG_ALLOC(gOnExitTimeout, MAX_MSG);
+ ConfigReadString("ActionTimeout", "Shutdown", gOnExitTimeout, MAX_MSG);
+ VCCONFIG_ALLOC(gOnExitCancelled, MAX_MSG);
+ ConfigReadString("ActionCancelled", "Exit", gOnExitCancelled, MAX_MSG);
strTemp = MEM_ALLOC(MAX_MSG);
ConfigReadString("PartitionGuidOS", "", strTemp, MAX_MSG);
if (strTemp[0] != 0) {
EFI_GUID g;
- if (AsciiStrToGuid(&g, strTemp)) {
+ if (DcsAsciiStrToGuid(&g, strTemp)) {
VCCONFIG_ALLOC(gPartitionGuidOS, sizeof(EFI_GUID));
if (gPartitionGuidOS != NULL) {
memcpy(gPartitionGuidOS, &g, sizeof(g));
@@ -321,7 +328,7 @@ VCAskPwd(
ERR_PRINT(L"%r\n", res);
}
} while (gCfgMenuContinue);
- if (gAuthPwdCode == AskPwdRetCancel) {
+ if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
return;
}
}
@@ -331,7 +338,7 @@ VCAskPwd(
gAutoLogin = 0;
gAuthPwdCode = AskPwdRetLogin;
vcPwd->Length = (unsigned int)strlen(gAutoPassword);
- strcpy(vcPwd->Text, gAutoPassword);
+ AsciiStrCpyS(vcPwd->Text, sizeof(vcPwd->Text), gAutoPassword);
}
else {
if (gAuthPasswordType == 1 &&
@@ -355,7 +362,7 @@ VCAskPwd(
AskConsolePwdInt(&vcPwd->Length, vcPwd->Text, &gAuthPwdCode, sizeof(vcPwd->Text), gPasswordVisible);
}
- if (gAuthPwdCode == AskPwdRetCancel) {
+ if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
return;
}
}
@@ -394,9 +401,11 @@ VCAskPwd(
VOID
VCAuthAsk()
{
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
VCAskPwd(AskPwdLogin, &gAuthPassword);
- if (gAuthPwdCode == AskPwdRetCancel) {
+ if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
return;
}
@@ -414,7 +423,7 @@ VCAuthAsk()
if (gAuthHashRqt) {
do {
gAuthHash = AskInt(gAuthHashMsg, gPasswordVisible);
- } while (gAuthHash < 0 || gAuthHash > 4);
+ } while (gAuthHash < 0 || gAuthHash > 5);
}
}
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.h b/Library/VeraCryptLib/DcsVeraCrypt.h
index f7a3c8f..1f25ae9 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.h
+++ b/Library/VeraCryptLib/DcsVeraCrypt.h
@@ -74,6 +74,8 @@ extern UINT8 gForcePasswordProgress;
extern CHAR8* gOnExitFailed;
extern CHAR8* gOnExitSuccess;
extern CHAR8* gOnExitNotFound;
+extern CHAR8* gOnExitTimeout;
+extern CHAR8* gOnExitCancelled;
void
VCAuthAsk();
diff --git a/Library/VeraCryptLib/VeraCryptLib.inf b/Library/VeraCryptLib/VeraCryptLib.inf
index 359782c..5006cfc 100644
--- a/Library/VeraCryptLib/VeraCryptLib.inf
+++ b/Library/VeraCryptLib/VeraCryptLib.inf
@@ -42,8 +42,11 @@ crypto\Aestab.h
crypto\Aes_hw_cpu.nasm
crypto\Aes_hw_cpu.h
crypto\config.h
-crypto\Rmd160.c
-crypto\Rmd160.h
+crypto\blake2s.c
+crypto\blake2s_SSE2.c
+crypto\blake2s_SSE41.c
+crypto\blake2s_SSSE3.c
+crypto\blake2.h
crypto\Serpent.c
crypto\Serpent.h
crypto\Sha2.c
@@ -52,8 +55,6 @@ crypto\Twofish.c
crypto\Twofish.h
crypto\Whirlpool.c
crypto\Whirlpool.h
-crypto\GostCipher.c
-crypto\GostCipher.h
crypto\Streebog.c
crypto\Streebog.h
crypto\kuznyechik.c
@@ -69,7 +70,6 @@ DcsVeraCrypt.h
[Sources.X64]
crypto\Aes_x64.nasm
-crypto\Gost89_x64.nasm
[Sources.IA32]
llmath.c
@@ -120,6 +120,10 @@ DEBUG_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE
RELEASE_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+
RELEASE_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
@@ -127,3 +131,7 @@ NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
RELEASE_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+
+RELEASE_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+DEBUG_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+NOOPT_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
diff --git a/Library/VeraCryptLib/llmath.c b/Library/VeraCryptLib/llmath.c
index ad13758..2ea1bf9 100644
--- a/Library/VeraCryptLib/llmath.c
+++ b/Library/VeraCryptLib/llmath.c
@@ -1,237 +1,246 @@
-#include <uefi.h>
-void __cdecl atexit() {}
+/** @file
+64-bit Math Worker Function.
+The 32-bit versions of C compiler generate calls to library routines
+to handle 64-bit math. These functions use non-standard calling conventions.
+
+Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available
+under the terms and conditions of the BSD License which accompanies this
+distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-int __cdecl _purecall() { return 0; }
+**/
+
+#include <uefi.h>
+#include <Library/BaseLib.h>
#if defined(_M_IX86)
//////////////////////////////////////////////////////////////////////////
// _allmul
//////////////////////////////////////////////////////////////////////////
-__declspec(naked) void __cdecl _allmul(void)
+/*
+ * Multiplies a 64-bit signed or unsigned value by a 64-bit signed or unsigned value
+ * and returns a 64-bit result.
+ */
+__declspec(naked) void __cdecl _allmul (void)
{
- _asm {
- mov ebx, [esp + 4] ; ebx <- M1[0..31]
- mov edx, [esp + 12] ; edx <- M2[0..31]
- mov ecx, ebx
- mov eax, edx
- imul ebx, [esp + 16] ; ebx <- M1[0..31] * M2[32..63]
- imul edx, [esp + 8] ; edx <- M1[32..63] * M2[0..31]
- add ebx, edx ; carries are abandoned
- mul ecx ; edx:eax <- M1[0..31] * M2[0..31]
- add edx, ebx ; carries are abandoned
- ret 16
- }
-}
+ //
+ // Wrapper Implementation over EDKII MultS64x64() routine
+ // INT64
+ // EFIAPI
+ // MultS64x64 (
+ // IN INT64 Multiplicand,
+ // IN INT64 Multiplier
+ // )
+ //
+ _asm {
+ ; Original local stack when calling _allmul
+ ; -----------------
+ ; | |
+ ; |---------------|
+ ; | |
+ ; |--Multiplier --|
+ ; | |
+ ; |---------------|
+ ; | |
+ ; |--Multiplicand-|
+ ; | |
+ ; |---------------|
+ ; | ReturnAddr** |
+ ; ESP---->|---------------|
+ ;
-//////////////////////////////////////////////////////////////////////////
-// _aullmul
-//////////////////////////////////////////////////////////////////////////
-__declspec(naked) void __cdecl _aullmul()
-{
- _asm {
- mov ebx, [esp + 4] ; ebx <- M1[0..31]
- mov edx, [esp + 12] ; edx <- M2[0..31]
- mov ecx, ebx
- mov eax, edx
- imul ebx, [esp + 16] ; ebx <- M1[0..31] * M2[32..63]
- imul edx, [esp + 8] ; edx <- M1[32..63] * M2[0..31]
- add ebx, edx ; carries are abandoned
- mul ecx ; edx:eax <- M1[0..31] * M2[0..31]
- add edx, ebx ; carries are abandoned
- ret 16
- }
-}
+ ;
+ ; Set up the local stack for Multiplicand parameter
+ ;
+ mov eax, [esp + 16]
+ push eax
+ mov eax, [esp + 16]
+ push eax
+
+ ;
+ ; Set up the local stack for Multiplier parameter
+ ;
+ mov eax, [esp + 16]
+ push eax
+ mov eax, [esp + 16]
+ push eax
+
+ ;
+ ; Call native MulS64x64 of BaseLib
+ ;
+ call MultS64x64
+
+ ;
+ ; Adjust stack
+ ;
+ add esp, 16
+
+ ret 16
+ }
+}
//////////////////////////////////////////////////////////////////////////
// _alldiv
//////////////////////////////////////////////////////////////////////////
-__declspec(naked) void __cdecl _alldiv()
+/*
+ * Divides a 64-bit signed value with a 64-bit signed value and returns
+ * a 64-bit signed result.
+ */
+__declspec(naked) void __cdecl _alldiv (void)
{
- _asm {
- ; Check sign of res
- mov ebx, [esp + 8] ; dividend msdw
- mov ecx, [esp + 16] ; divisor msdw
- xor ebx, ecx
- shr ebx, 31
- jz _PosRes ; if Result is positive
- push 1 ; if is negative
- jmp _Preparing
- _PosRes:
- push 0
-
- ; Preparing operands
- ; Dividend
- _Preparing:
- mov ecx, [esp + 12]
- shr ecx, 31
- jz _ChkDvsr ; Divident is positive
- mov eax, [esp + 12] ; is negative
- mov ecx, [esp + 8]
- xor eax, 0xFFFFFFFF
- xor ecx, 0xFFFFFFFF
- add ecx, 1
- jnc _DvntOK
- adc eax, 0
- _DvntOK:
- mov [esp + 12], eax
- mov [esp + 8], ecx
-
- ; Divisor
- _ChkDvsr:
- mov ecx, [esp + 20]
- shr ecx, 31
- jz _Divide ; Divisor is positive
- mov eax, [esp + 20] ; is negative
- mov ecx, [esp + 16]
- xor eax, 0xFFFFFFFF
- xor ecx, 0xFFFFFFFF
- add ecx, 1
- jnc _DvsrOK
- adc eax, 0
- _DvsrOK:
- mov [esp + 20], eax
- mov [esp + 16], ecx
-
- _Divide:
- mov ecx, [esp + 20] ; ecx <- divisor[32..63]
- test ecx, ecx
- jnz __DivRemU64x64 ; call __DivRemU64x64 if Divisor > 2^32
- mov ecx, [esp + 16] ; ecx <- divisor
- mov eax, [esp + 12] ; eax <- dividend[32..63]
- xor edx, edx
- div ecx ; eax <- quotient[32..63], edx <- remainder
- push eax
- mov eax, [esp + 12] ; eax <- dividend[0..31]
- div ecx ; eax <- quotient[0..31]
- pop edx ; edx <- quotient[32..63] - edx:eax
- jmp _GetSign
-
- __DivRemU64x64:
- mov edx, dword ptr [esp + 12]
- mov eax, dword ptr [esp + 8] ; edx:eax <- dividend
- mov edi, edx
- mov esi, eax ; edi:esi <- dividend
- mov ebx, dword ptr [esp + 16] ; ecx:ebx <- divisor
- _B:
- shr edx, 1
- rcr eax, 1
- shrd ebx, ecx, 1
- shr ecx, 1
- jnz _B
- div ebx
- mov ebx, eax ; ebx <- quotient
- mov ecx, [esp + 20] ; ecx <- high dword of divisor
- mul dword ptr [esp + 16] ; edx:eax <- quotient * divisor[0..31]
- imul ecx, ebx ; ecx <- quotient * divisor[32..63]
- add edx, ecx ; edx <- (quotient * divisor)[32..63]
- ;mov ecx, dword ptr [esp + 32] ; ecx <- addr for Remainder
- jc _TooLarge ; product > 2^64
- cmp edi, edx ; compare high 32 bits
- ja _Correct
- jb _TooLarge ; product > dividend
- cmp esi, eax
- jae _Correct ; product <= dividend
- _TooLarge:
- dec ebx ; adjust quotient by -1
- jecxz _Return ; return if Remainder == NULL
- sub eax, dword ptr [esp + 16]
- sbb edx, dword ptr [esp + 20] ; edx:eax <- (quotient - 1) * divisor
- _Correct:
- jecxz _Return
- sub esi, eax
- sbb edi, edx ; edi:esi <- remainder
- ;mov [ecx], esi
- ;mov [ecx + 4], edi
- _Return:
- mov eax, ebx ; eax <- quotient
- xor edx, edx ; quotient is 32 bits long
-
- ; Get sign of result
- _GetSign:
- pop ecx ; Sign of res
- jecxz _Rtrn ; Result is positive
- xor eax, 0xFFFFFFFF
- xor edx, 0xFFFFFFFF
- add eax, 1 ; edx:eax
- jnc _Rtrn
- adc edx, 0
-
- _Rtrn:
- ret 16
- }
+ //
+ // Wrapper Implementation over EDKII DivS64x64Remainder() routine
+ // INT64
+ // EFIAPI
+ // DivS64x64Remainder (
+ // IN UINT64 Dividend,
+ // IN UINT64 Divisor,
+ // OUT UINT64 *Remainder OPTIONAL
+ // )
+ //
+ _asm {
+
+ ;Entry:
+ ; Arguments are passed on the stack:
+ ; 1st pushed: divisor (QWORD)
+ ; 2nd pushed: dividend (QWORD)
+ ;
+ ;Exit:
+ ; EDX:EAX contains the quotient (dividend/divisor)
+ ; NOTE: this routine removes the parameters from the stack.
+ ;
+ ; Original local stack when calling _alldiv
+ ; -----------------
+ ; | |
+ ; |---------------|
+ ; | |
+ ; |-- Divisor --|
+ ; | |
+ ; |---------------|
+ ; | |
+ ; |-- Dividend --|
+ ; | |
+ ; |---------------|
+ ; | ReturnAddr** |
+ ; ESP---->|---------------|
+ ;
+
+ ;
+ ; Set up the local stack for NULL Reminder pointer
+ ;
+ xor eax, eax
+ push eax
+
+ ;
+ ; Set up the local stack for Divisor parameter
+ ;
+ mov eax, [esp + 20]
+ push eax
+ mov eax, [esp + 20]
+ push eax
+
+ ;
+ ; Set up the local stack for Dividend parameter
+ ;
+ mov eax, [esp + 20]
+ push eax
+ mov eax, [esp + 20]
+ push eax
+
+ ;
+ ; Call native DivS64x64Remainder of BaseLib
+ ;
+ call DivS64x64Remainder
+
+ ;
+ ; Adjust stack
+ ;
+ add esp, 20
+
+ ret 16
+ }
}
//////////////////////////////////////////////////////////////////////////
// _aulldiv
//////////////////////////////////////////////////////////////////////////
-__declspec(naked) void __cdecl _aulldiv()
+/*
+ * Divides a 64-bit unsigned value with a 64-bit unsigned value and returns
+ * a 64-bit unsigned result.
+ */
+__declspec(naked) void __cdecl _aulldiv (void)
{
- _asm {
- mov ecx, [esp + 16] ; ecx <- divisor[32..63]
- test ecx, ecx
- jnz __DivRemU64x64 ; call __DivRemU64x64 if Divisor > 2^32
- mov ecx, [esp + 12] ; ecx <- divisor
- mov eax, [esp + 8] ; eax <- dividend[32..63]
- xor edx, edx
- div ecx ; eax <- quotient[32..63], edx <- remainder
- push eax
- mov eax, [esp + 8] ; eax <- dividend[0..31]
- div ecx ; eax <- quotient[0..31]
- pop edx ; edx <- quotient[32..63]
- ret 16
-
- __DivRemU64x64:
- mov edx, dword ptr [esp + 8]
- mov eax, dword ptr [esp + 4] ; edx:eax <- dividend
- mov edi, edx
- mov esi, eax ; edi:esi <- dividend
- mov ebx, dword ptr [esp + 12] ; ecx:ebx <- divisor
- _B:
- shr edx, 1
- rcr eax, 1
- shrd ebx, ecx, 1
- shr ecx, 1
- jnz _B
- div ebx
- mov ebx, eax ; ebx <- quotient
- mov ecx, [esp + 16] ; ecx <- high dword of divisor
- mul dword ptr [esp + 12] ; edx:eax <- quotient * divisor[0..31]
- imul ecx, ebx ; ecx <- quotient * divisor[32..63]
- add edx, ecx ; edx <- (quotient * divisor)[32..63]
- ;mov ecx, dword ptr [esp + 32] ; ecx <- addr for Remainder
- jc _TooLarge ; product > 2^64
- cmp edi, edx ; compare high 32 bits
- ja _Correct
- jb _TooLarge ; product > dividend
- cmp esi, eax
- jae _Correct ; product <= dividend
- _TooLarge:
- dec ebx ; adjust quotient by -1
- jecxz _Return ; return if Remainder == NULL
- sub eax, dword ptr [esp + 12]
- sbb edx, dword ptr [esp + 16] ; edx:eax <- (quotient - 1) * divisor
- _Correct:
- jecxz _Return
- sub esi, eax
- sbb edi, edx ; edi:esi <- remainder
- ;mov [ecx], esi
- ;mov [ecx + 4], edi
- _Return:
- mov eax, ebx ; eax <- quotient
- xor edx, edx ; quotient is 32 bits long
-
- ret 16
- }
-}
+ //
+ // Wrapper Implementation over EDKII DivU64x64Reminder() routine
+ // UINT64
+ // EFIAPI
+ // DivU64x64Remainder (
+ // IN UINT64 Dividend,
+ // IN UINT64 Divisor,
+ // OUT UINT64 *Remainder OPTIONAL
+ // )
+ //
+ _asm {
+ ; Original local stack when calling _aulldiv
+ ; -----------------
+ ; | |
+ ; |---------------|
+ ; | |
+ ; |-- Divisor --|
+ ; | |
+ ; |---------------|
+ ; | |
+ ; |-- Dividend --|
+ ; | |
+ ; |---------------|
+ ; | ReturnAddr** |
+ ; ESP---->|---------------|
+ ;
-UINT64
-EFIAPI
-DivU64x64Remainder(
-IN UINT64 Dividend,
-IN UINT64 Divisor,
-OUT UINT64 *Remainder OPTIONAL
-);
+ ;
+ ; Set up the local stack for NULL Reminder pointer
+ ;
+ xor eax, eax
+ push eax
+
+ ;
+ ; Set up the local stack for Divisor parameter
+ ;
+ mov eax, [esp + 20]
+ push eax
+ mov eax, [esp + 20]
+ push eax
+
+ ;
+ ; Set up the local stack for Dividend parameter
+ ;
+ mov eax, [esp + 20]
+ push eax
+ mov eax, [esp + 20]
+ push eax
+
+ ;
+ ; Call native DivU64x64Remainder of BaseLib
+ ;
+ call DivU64x64Remainder
+
+ ;
+ ; Adjust stack
+ ;
+ add esp, 20
+
+ ret 16
+ }
+}
+
+//////////////////////////////////////////////////////////////////////////
+// _aullrem
+//////////////////////////////////////////////////////////////////////////
/*
* Divides a 64-bit unsigned value by another 64-bit unsigned value and returns
* the 64-bit unsigned remainder.
diff --git a/Library/VeraCryptLib/mklinks_src.bat b/Library/VeraCryptLib/mklinks_src.bat
index f87bc60..ca28f5b 100644
--- a/Library/VeraCryptLib/mklinks_src.bat
+++ b/Library/VeraCryptLib/mklinks_src.bat
@@ -41,9 +41,6 @@ call :create_link common\Xts.c
call :create_link common\Xts.h
if NOT EXIST crypto mkdir crypto
-call :create_link crypto\GostCipher.c
-call :create_link crypto\GostCipher.h
-call :create_link crypto\Gost89_x64.asm Gost89_x64.nasm
call :create_link crypto\Streebog.c
call :create_link crypto\Streebog.h
call :create_link crypto\kuznyechik.c
@@ -61,8 +58,15 @@ call :create_link crypto\cpu.h
call :create_link crypto\cpu.c
call :create_link crypto\config.h
call :create_link crypto\misc.h
-call :create_link crypto\Rmd160.c
-call :create_link crypto\Rmd160.h
+call :create_link crypto\blake2s.c
+call :create_link crypto\blake2.h
+call :create_link crypto\blake2-impl.h
+call :create_link crypto\blake2s_SSE2.c
+call :create_link crypto\blake2s_SSE41.c
+call :create_link crypto\blake2s_SSSE3.c
+call :create_link crypto\blake2s-load-sse2.h
+call :create_link crypto\blake2s-load-sse41.h
+call :create_link crypto\blake2s-round.h
call :create_link crypto\Serpent.c
call :create_link crypto\Serpent.h
call :create_link crypto\Sha2.c
diff --git a/SecureBoot/certs/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27.crt b/SecureBoot/certs/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27.crt
new file mode 100644
index 0000000..4f8c0c9
--- /dev/null
+++ b/SecureBoot/certs/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27.crt
Binary files differ
diff --git a/SecureBoot/certs/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27.crt b/SecureBoot/certs/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27.crt
new file mode 100644
index 0000000..d841207
--- /dev/null
+++ b/SecureBoot/certs/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_2012-05-31.crt b/SecureBoot/certs/Acer_2012-05-31.crt
new file mode 100644
index 0000000..b0aa0ce
--- /dev/null
+++ b/SecureBoot/certs/Acer_2012-05-31.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_ABO_2010-12-31.crt b/SecureBoot/certs/Acer_ABO_2010-12-31.crt
new file mode 100644
index 0000000..09585a9
--- /dev/null
+++ b/SecureBoot/certs/Acer_ABO_2010-12-31.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_Database_2013-07-10.crt b/SecureBoot/certs/Acer_Database_2013-07-10.crt
new file mode 100644
index 0000000..b69e5a4
--- /dev/null
+++ b/SecureBoot/certs/Acer_Database_2013-07-10.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_DisablePW_2012-12-31.crt b/SecureBoot/certs/Acer_DisablePW_2012-12-31.crt
new file mode 100644
index 0000000..8d7af17
--- /dev/null
+++ b/SecureBoot/certs/Acer_DisablePW_2012-12-31.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_LINPUS_2012-10-09.crt b/SecureBoot/certs/Acer_LINPUS_2012-10-09.crt
new file mode 100644
index 0000000..5e38f20
--- /dev/null
+++ b/SecureBoot/certs/Acer_LINPUS_2012-10-09.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt b/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt
new file mode 100644
index 0000000..0ea2204
--- /dev/null
+++ b/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_Quanta_NB4_2012-07-18.crt b/SecureBoot/certs/Acer_Quanta_NB4_2012-07-18.crt
new file mode 100644
index 0000000..d05e8de
--- /dev/null
+++ b/SecureBoot/certs/Acer_Quanta_NB4_2012-07-18.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_Wistron_Secure_Flash_2013-05-17.crt b/SecureBoot/certs/Acer_Wistron_Secure_Flash_2013-05-17.crt
new file mode 100644
index 0000000..ef90358
--- /dev/null
+++ b/SecureBoot/certs/Acer_Wistron_Secure_Flash_2013-05-17.crt
Binary files differ
diff --git a/SecureBoot/certs/Acer_db_Manufacture_2015-06-17.crt b/SecureBoot/certs/Acer_db_Manufacture_2015-06-17.crt
new file mode 100644
index 0000000..394b37c
--- /dev/null
+++ b/SecureBoot/certs/Acer_db_Manufacture_2015-06-17.crt
Binary files differ
diff --git a/SecureBoot/certs/Canonical_Master_CA_2012_04_12.crt b/SecureBoot/certs/Canonical_Master_CA_2012_04_12.crt
new file mode 100644
index 0000000..fe39568
--- /dev/null
+++ b/SecureBoot/certs/Canonical_Master_CA_2012_04_12.crt
Binary files differ
diff --git a/SecureBoot/certs/Dell_CompalA31CSMB_2012-07-17.crt b/SecureBoot/certs/Dell_CompalA31CSMB_2012-07-17.crt
new file mode 100644
index 0000000..cd79bf3
--- /dev/null
+++ b/SecureBoot/certs/Dell_CompalA31CSMB_2012-07-17.crt
Binary files differ
diff --git a/SecureBoot/certs/Dell_UEFI_DB_2016_06_03.crt b/SecureBoot/certs/Dell_UEFI_DB_2016_06_03.crt
new file mode 100644
index 0000000..bb4df00
--- /dev/null
+++ b/SecureBoot/certs/Dell_UEFI_DB_2016_06_03.crt
Binary files differ
diff --git a/SecureBoot/certs/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23.crt b/SecureBoot/certs/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23.crt
new file mode 100644
index 0000000..6072ffc
--- /dev/null
+++ b/SecureBoot/certs/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23.crt
Binary files differ
diff --git a/SecureBoot/certs/HP_UEFI_Secure_Boot_DB_2017_2017-01-20.crt b/SecureBoot/certs/HP_UEFI_Secure_Boot_DB_2017_2017-01-20.crt
new file mode 100644
index 0000000..faacb2e
--- /dev/null
+++ b/SecureBoot/certs/HP_UEFI_Secure_Boot_DB_2017_2017-01-20.crt
Binary files differ
diff --git a/SecureBoot/certs/Intel_CISD_FW_Update_2017-08-30.crt b/SecureBoot/certs/Intel_CISD_FW_Update_2017-08-30.crt
new file mode 100644
index 0000000..020b6f9
--- /dev/null
+++ b/SecureBoot/certs/Intel_CISD_FW_Update_2017-08-30.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_1T110-1415ISK-2016-02-17.crt b/SecureBoot/certs/Lenovo_1T110-1415ISK-2016-02-17.crt
new file mode 100644
index 0000000..32776f5
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_1T110-1415ISK-2016-02-17.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_2JYoga910_2015-12-02.crt b/SecureBoot/certs/Lenovo_2JYoga910_2015-12-02.crt
new file mode 100644
index 0000000..1c8b284
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_2JYoga910_2015-12-02.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_4MYoga720-15IKB_2016-11-09.crt b/SecureBoot/certs/Lenovo_4MYoga720-15IKB_2016-11-09.crt
new file mode 100644
index 0000000..196de32
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_4MYoga720-15IKB_2016-11-09.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_DCU31-80E31-80_2015-03-03.crt b/SecureBoot/certs/Lenovo_DCU31-80E31-80_2015-03-03.crt
new file mode 100644
index 0000000..b95ba3e
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_DCU31-80E31-80_2015-03-03.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_LCFC_2015-05-29.crt b/SecureBoot/certs/Lenovo_LCFC_2015-05-29.crt
new file mode 100644
index 0000000..bd2ad26
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_LCFC_2015-05-29.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_Mocca_2012-06-20.crt b/SecureBoot/certs/Lenovo_Mocca_2012-06-20.crt
new file mode 100644
index 0000000..37fda34
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_Mocca_2012-06-20.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_ThinkPad_Product_CA_2012-06-29.crt b/SecureBoot/certs/Lenovo_ThinkPad_Product_CA_2012-06-29.crt
new file mode 100644
index 0000000..d8d0955
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_ThinkPad_Product_CA_2012-06-29.crt
Binary files differ
diff --git a/SecureBoot/certs/Lenovo_UEFI_CA_2014-01-24.crt b/SecureBoot/certs/Lenovo_UEFI_CA_2014-01-24.crt
new file mode 100644
index 0000000..4541127
--- /dev/null
+++ b/SecureBoot/certs/Lenovo_UEFI_CA_2014-01-24.crt
Binary files differ
diff --git a/SecureBoot/certs/MSI_SHIP_OWN_CA_2012-06-09.crt b/SecureBoot/certs/MSI_SHIP_OWN_CA_2012-06-09.crt
new file mode 100644
index 0000000..a1e9cde
--- /dev/null
+++ b/SecureBoot/certs/MSI_SHIP_OWN_CA_2012-06-09.crt
Binary files differ
diff --git a/SecureBoot/certs/OriginPC_OWN_CA_2018-01-09.crt b/SecureBoot/certs/OriginPC_OWN_CA_2018-01-09.crt
new file mode 100644
index 0000000..7f84964
--- /dev/null
+++ b/SecureBoot/certs/OriginPC_OWN_CA_2018-01-09.crt
Binary files differ
diff --git a/SecureBoot/certs/Panasonic_Corporation_db_CA_2013-03-31.crt b/SecureBoot/certs/Panasonic_Corporation_db_CA_2013-03-31.crt
new file mode 100644
index 0000000..d839ce2
--- /dev/null
+++ b/SecureBoot/certs/Panasonic_Corporation_db_CA_2013-03-31.crt
Binary files differ
diff --git a/SecureBoot/certs/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05.crt b/SecureBoot/certs/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05.crt
new file mode 100644
index 0000000..ca4ebf0
--- /dev/null
+++ b/SecureBoot/certs/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05.crt
Binary files differ
diff --git a/SecureBoot/certs/Toshiba_Corporation_Utility_CA_2012-08-10.crt b/SecureBoot/certs/Toshiba_Corporation_Utility_CA_2012-08-10.crt
new file mode 100644
index 0000000..b772879
--- /dev/null
+++ b/SecureBoot/certs/Toshiba_Corporation_Utility_CA_2012-08-10.crt
Binary files differ
diff --git a/SecureBoot/certs/Toshiba_QCI_2012-07-24.crt b/SecureBoot/certs/Toshiba_QCI_2012-07-24.crt
new file mode 100644
index 0000000..461c91a
--- /dev/null
+++ b/SecureBoot/certs/Toshiba_QCI_2012-07-24.crt
Binary files differ
diff --git a/SecureBoot/certs/Toshiba_QCI_Shell_2012-07-24.crt b/SecureBoot/certs/Toshiba_QCI_Shell_2012-07-24.crt
new file mode 100644
index 0000000..496f764
--- /dev/null
+++ b/SecureBoot/certs/Toshiba_QCI_Shell_2012-07-24.crt
Binary files differ
diff --git a/SecureBoot/readme.txt b/SecureBoot/readme.txt
index ce2d3d3..b9b40c7 100644
--- a/SecureBoot/readme.txt
+++ b/SecureBoot/readme.txt
@@ -3,14 +3,17 @@ In order to allow VeraCrypt EFI bootloader to run when EFI Secure Boot is enable
whose public part can be loaded into Secure Boot to allow verification of VeraCrypt EFI files.
to update Secure Boot configuration steps:
-1. Enter BIOS configuration
-2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key.
-3. Boot Windows
-4. execute from admin command prompt
+1. Run the tool dumpEfiVars (https://www.veracrypt.fr/downloads/tools/dumpEfiVars.exe) to dump the SecureBoot data.
+2. Go through all folders created by dumpEfiVars (other than "77fa9abd-0359-4d32-bd60-28f4e78f784b" and "SigLists") and note the file names of the certificates created inside the folders (.der extension).
+3. Enter BIOS configuration
+4. Switch Secure boot to setup mode (or custom mode or clear keys). It deletes PK (platform certificate) and allows to load DCS platform key.
+5. Boot Windows
+6. Edit the file sb_set_siglists.ps1 and uncomment the lines related to the manufacturer of the machine and which reference the certfiicates names gethered from step 2.
+5. execute from admin command prompt
powershell -ExecutionPolicy Bypass -File sb_set_siglists.ps1
It sets in PK (platform key) - DCS_platform
It sets in KEK (key exchange key) - DCS_key_exchange
-It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27
+It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27 and the other certificates specific to your machine.
All DCS modules are protected by DCS_sign.
All Windows modules are protected by MicWinProPCA2011_2011-10-19
diff --git a/SecureBoot/sb_set_siglists.ps1 b/SecureBoot/sb_set_siglists.ps1
index ae53ca8..ccb25ab 100644
--- a/SecureBoot/sb_set_siglists.ps1
+++ b/SecureBoot/sb_set_siglists.ps1
@@ -1,22 +1,101 @@
Set-ExecutionPolicy Bypass -Force
Import-Module secureboot
-Set-SecureBootUEFI -Name PK -Time 2015-09-11 -Content $null
-Set-SecureBootUEFI -Name KEK -Time 2015-09-11 -Content $null
-Set-SecureBootUEFI -Name db -Time 2015-09-11 -Content $null
-Set-SecureBootUEFI -Name dbx -Time 2015-09-11 -Content $null
+$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition
-Write-Host "Setting self-signed PK..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_platform_SigList.bin -SignedFilePath siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK
+try
+{
+ Set-SecureBootUEFI -Name dbx -Time 2018-07-05T00:00:00Z -Content $null
+ Set-SecureBootUEFI -Name db -Time 2018-07-05T00:00:00Z -Content $null
+ Set-SecureBootUEFI -Name KEK -Time 2018-07-05T00:00:00Z -Content $null
+ Set-SecureBootUEFI -Name PK -Time 2018-07-05T00:00:00Z -Content $null
+}
+catch
+{
+}
-Write-Host "Setting PK-signed KEK..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_key_exchange_SigList.bin -SignedFilePath siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK
+Write-Host "Setting KEK-signed content of dbx..."
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\dbx_list_SigList.bin -SignedFilePath $scriptPath\siglists\dbx_list_SigList_Serialization.bin.p7 -Name dbx
Write-Host "Setting KEK-signed DCS cert in db..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_sign_SigList.bin -SignedFilePath siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\DCS_sign_SigList.bin -SignedFilePath $scriptPath\siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db
Write-Host "Setting KEK-signed MS cert in db..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath $scriptPath\siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
Write-Host "Setting KEK-signed MS UEFI cert in db..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath $scriptPath\siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+# Add any additional certificate that already existed in your original db variable (see output of dumpEfiVars tool)
+# Below is a list of commands for each manufacturer. Uncommand only the lines that correspond to your configuration
+# as displayed by dumpEfiVars tool
+
+############### Acer ###############
+# Write-Host "Setting KEK-signed Acer certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_2012-05-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_2012-05-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Database_2013-07-10_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Database_2013-07-10_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_db_Manufacture_2015-06-17_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2018-04-19_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Quanta_NB4_2012-07-18_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_ABO_2010-12-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_ABO_2010-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_DisablePW_2012-12-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09-standalone_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### ASUS ###############
+# Write-Host "Setting KEK-signed ASUS certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList.bin -SignedFilePath $scriptPath\siglists\ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList.bin -SignedFilePath $scriptPath\siglists\ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Canonical_Master_CA_2012_04_12_SigList.bin -SignedFilePath $scriptPath\siglists\Canonical_Master_CA_2012_04_12_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### DELL ###############
+# Write-Host "Setting KEK-signed Dell cert in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Dell_UEFI_DB_2016_06_03_SigList.bin -SignedFilePath $scriptPath\siglists\Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Dell_CompalA31CSMB_2012-07-17_SigList.bin -SignedFilePath $scriptPath\siglists\Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### HP ###############
+# Write-Host "Setting KEK-signed HP cert in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList.bin -SignedFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList.bin -SignedFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### Intel ###############
+# Write-Host "Setting KEK-signed Intel cert in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Intel_CISD_FW_Update_2017-08-30_SigList.bin -SignedFilePath $scriptPath\siglists\Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+
+############### Lenovo ###############
+# Write-Host "Setting KEK-signed Lenovo certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_1T110-1415ISK-2016-02-17_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_DCU31-80E31-80_2015-03-03_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_ThinkPad_Product_CA_2012-06-29_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_UEFI_CA_2014-01-24_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_2JYoga910_2015-12-02_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_LCFC_2015-05-29_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_LCFC_2015-05-29_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_Mocca_2012-06-20_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_Mocca_2012-06-20_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_4MYoga720-15IKB_2016-11-09_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### MSI ###############
+# Write-Host "Setting KEK-signed MSI certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\MSI_SHIP_OWN_CA_2012-06-09_SigList.bin -SignedFilePath $scriptPath\siglists\MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### OriginPC ###############
+# Write-Host "Setting KEK-signed OriginPC certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\OriginPC_OWN_CA_2018-01-09_SigList.bin -SignedFilePath $scriptPath\siglists\OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### Panasonic ###############
+# Write-Host "Setting KEK-signed Panasonic certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Panasonic_Corporation_db_CA_2013-03-31_SigList.bin -SignedFilePath $scriptPath\siglists\Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### Toshiba ###############
+# Write-Host "Setting KEK-signed Toshiba certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Toshiba_Corporation_Utility_CA_2012-08-10_SigList.bin -SignedFilePath $scriptPath\siglists\Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Toshiba_QCI_2012-07-24_SigList.bin -SignedFilePath $scriptPath\siglists\Toshiba_QCI_2012-07-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Toshiba_QCI_Shell_2012-07-24_SigList.bin -SignedFilePath $scriptPath\siglists\Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+Write-Host "Setting PK-signed KEK..."
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\DCS_key_exchange_SigList.bin -SignedFilePath $scriptPath\siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK
+
+Write-Host "Setting self-signed PK..."
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\DCS_platform_SigList.bin -SignedFilePath $scriptPath\siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK
+
diff --git a/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList.bin b/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList.bin
new file mode 100644
index 0000000..d1ba71c
--- /dev/null
+++ b/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin b/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin
new file mode 100644
index 0000000..ad5283e
--- /dev/null
+++ b/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 b/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..f24a7f8
--- /dev/null
+++ b/SecureBoot/siglists/ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList.bin b/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList.bin
new file mode 100644
index 0000000..72b0935
--- /dev/null
+++ b/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin b/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin
new file mode 100644
index 0000000..a93a198
--- /dev/null
+++ b/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 b/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..5e95d12
--- /dev/null
+++ b/SecureBoot/siglists/ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_2012-05-31_SigList.bin b/SecureBoot/siglists/Acer_2012-05-31_SigList.bin
new file mode 100644
index 0000000..8644ef3
--- /dev/null
+++ b/SecureBoot/siglists/Acer_2012-05-31_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.bin b/SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.bin
new file mode 100644
index 0000000..9e3759c
--- /dev/null
+++ b/SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..70606b1
--- /dev/null
+++ b/SecureBoot/siglists/Acer_2012-05-31_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList.bin b/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList.bin
new file mode 100644
index 0000000..db88eae
--- /dev/null
+++ b/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.bin b/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.bin
new file mode 100644
index 0000000..9fd45eb
--- /dev/null
+++ b/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..1a1da86
--- /dev/null
+++ b/SecureBoot/siglists/Acer_ABO_2010-12-31_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Database_2013-07-10_SigList.bin b/SecureBoot/siglists/Acer_Database_2013-07-10_SigList.bin
new file mode 100644
index 0000000..183d0ed
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Database_2013-07-10_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.bin b/SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.bin
new file mode 100644
index 0000000..8f3d373
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..a719426
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Database_2013-07-10_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList.bin b/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList.bin
new file mode 100644
index 0000000..20db064
--- /dev/null
+++ b/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.bin b/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.bin
new file mode 100644
index 0000000..08d0376
--- /dev/null
+++ b/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..47acae1
--- /dev/null
+++ b/SecureBoot/siglists/Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList.bin b/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList.bin
new file mode 100644
index 0000000..13c7aeb
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin b/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin
new file mode 100644
index 0000000..d29d5a0
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..48f20f5
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList.bin b/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList.bin
new file mode 100644
index 0000000..e991ce3
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.bin b/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.bin
new file mode 100644
index 0000000..5eea957
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..ddb4793
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin
new file mode 100644
index 0000000..c69e029
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin
new file mode 100644
index 0000000..b8b6aa8
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..60247bf
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList.bin b/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList.bin
new file mode 100644
index 0000000..d535398
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin b/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin
new file mode 100644
index 0000000..bb76d7c
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..e862e2c
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin
new file mode 100644
index 0000000..8b315e7
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin
new file mode 100644
index 0000000..f6ad491
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..19e3455
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList.bin b/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList.bin
new file mode 100644
index 0000000..5105d7a
--- /dev/null
+++ b/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin b/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin
new file mode 100644
index 0000000..7b89dba
--- /dev/null
+++ b/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..1c4aa51
--- /dev/null
+++ b/SecureBoot/siglists/Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList.bin b/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList.bin
new file mode 100644
index 0000000..d170947
--- /dev/null
+++ b/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.bin b/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.bin
new file mode 100644
index 0000000..addf8ab
--- /dev/null
+++ b/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..dfc53c4
--- /dev/null
+++ b/SecureBoot/siglists/Canonical_Master_CA_2012_04_12_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin b/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin
index 1cffcf0..a8c1a91 100644
--- a/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin
+++ b/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin.p7 b/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin.p7
index 1e9d29a..3e3087a 100644
--- a/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin.p7
+++ b/SecureBoot/siglists/DCS_key_exchange_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin b/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin
index e8fbf79..18e17e0 100644
--- a/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin
+++ b/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin.p7 b/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin.p7
index 19cb86d..7299f14 100644
--- a/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin.p7
+++ b/SecureBoot/siglists/DCS_platform_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin b/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin
index de58d77..c6218bf 100644
--- a/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin
+++ b/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin.p7 b/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin.p7
index 01753a8..05d02fd 100644
--- a/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin.p7
+++ b/SecureBoot/siglists/DCS_sign_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList.bin b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList.bin
new file mode 100644
index 0000000..59fbcce
--- /dev/null
+++ b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin
new file mode 100644
index 0000000..0c74499
--- /dev/null
+++ b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..c0b0378
--- /dev/null
+++ b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList.bin b/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList.bin
new file mode 100644
index 0000000..8079217
--- /dev/null
+++ b/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin b/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin
new file mode 100644
index 0000000..83b237c
--- /dev/null
+++ b/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..cbea703
--- /dev/null
+++ b/SecureBoot/siglists/Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList.bin b/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList.bin
new file mode 100644
index 0000000..ff2a46b
--- /dev/null
+++ b/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin b/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin
new file mode 100644
index 0000000..7c89478
--- /dev/null
+++ b/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin.p7 b/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..c88b445
--- /dev/null
+++ b/SecureBoot/siglists/HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList.bin b/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList.bin
new file mode 100644
index 0000000..8780d61
--- /dev/null
+++ b/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin b/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin
new file mode 100644
index 0000000..a89606e
--- /dev/null
+++ b/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin.p7 b/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..99fbed7
--- /dev/null
+++ b/SecureBoot/siglists/HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList.bin b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList.bin
new file mode 100644
index 0000000..426dec3
--- /dev/null
+++ b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin
new file mode 100644
index 0000000..3ca95db
--- /dev/null
+++ b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..80b2c69
--- /dev/null
+++ b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList.bin b/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList.bin
new file mode 100644
index 0000000..6c7b9a1
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin
new file mode 100644
index 0000000..d0a5259
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..0ae7bf8
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList.bin b/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList.bin
new file mode 100644
index 0000000..87614b5
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin
new file mode 100644
index 0000000..04b6efe
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..ee782e4
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList.bin b/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList.bin
new file mode 100644
index 0000000..e2afe35
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin
new file mode 100644
index 0000000..fbf3a92
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..3b2129a
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList.bin b/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList.bin
new file mode 100644
index 0000000..5b8b629
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin
new file mode 100644
index 0000000..526838b
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..7bc4fa9
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList.bin b/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList.bin
new file mode 100644
index 0000000..30d793b
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.bin
new file mode 100644
index 0000000..2335a89
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..c4aadff
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_LCFC_2015-05-29_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList.bin b/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList.bin
new file mode 100644
index 0000000..9443b4b
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.bin
new file mode 100644
index 0000000..f9748e0
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..c5e9aeb
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_Mocca_2012-06-20_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList.bin b/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList.bin
new file mode 100644
index 0000000..b29b3a1
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin
new file mode 100644
index 0000000..397558a
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..58a7f0a
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList.bin b/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList.bin
new file mode 100644
index 0000000..eb93739
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin b/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin
new file mode 100644
index 0000000..ec5325a
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..d73db14
--- /dev/null
+++ b/SecureBoot/siglists/Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList.bin b/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList.bin
new file mode 100644
index 0000000..5ddec7d
--- /dev/null
+++ b/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin b/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin
new file mode 100644
index 0000000..983b55e
--- /dev/null
+++ b/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin.p7 b/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..eeccfed
--- /dev/null
+++ b/SecureBoot/siglists/MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin b/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin
index 413ccab..37325b0 100644
--- a/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin
+++ b/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin b/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin
index 735d962..ab778bf 100644
--- a/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin
+++ b/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 b/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7
index ed8cefd..0874726 100644
--- a/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7
+++ b/SecureBoot/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList.bin b/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList.bin
index ac542ca..58cb0a1 100644
--- a/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList.bin
+++ b/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin b/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin
index 9138dae..11a0b3e 100644
--- a/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin
+++ b/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 b/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7
index b08c60a..17561bf 100644
--- a/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7
+++ b/SecureBoot/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList.bin b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList.bin
new file mode 100644
index 0000000..81a82ad
--- /dev/null
+++ b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin
new file mode 100644
index 0000000..8294bfc
--- /dev/null
+++ b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7 b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..1632b02
--- /dev/null
+++ b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList.bin b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList.bin
new file mode 100644
index 0000000..70a3321
--- /dev/null
+++ b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin
new file mode 100644
index 0000000..64c1cc7
--- /dev/null
+++ b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..6527a83
--- /dev/null
+++ b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList.bin b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList.bin
new file mode 100644
index 0000000..f5ebfab
--- /dev/null
+++ b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin
new file mode 100644
index 0000000..802ea0d
--- /dev/null
+++ b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..b6a7d17
--- /dev/null
+++ b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList.bin b/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList.bin
new file mode 100644
index 0000000..b476fc7
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin b/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin
new file mode 100644
index 0000000..017e05c
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..2fb61bb
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList.bin b/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList.bin
new file mode 100644
index 0000000..e6ab766
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.bin b/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.bin
new file mode 100644
index 0000000..b98e938
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..959d143
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_QCI_2012-07-24_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList.bin b/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList.bin
new file mode 100644
index 0000000..d9c4dfb
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin b/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin
new file mode 100644
index 0000000..8792188
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..bf98806
--- /dev/null
+++ b/SecureBoot/siglists/Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin.p7
Binary files differ
diff --git a/SecureBoot/siglists/dbx_list_SigList.bin b/SecureBoot/siglists/dbx_list_SigList.bin
new file mode 100644
index 0000000..8c3cf6d
--- /dev/null
+++ b/SecureBoot/siglists/dbx_list_SigList.bin
Binary files differ
diff --git a/SecureBoot/siglists/dbx_list_SigList_Serialization.bin b/SecureBoot/siglists/dbx_list_SigList_Serialization.bin
new file mode 100644
index 0000000..fffa8b1
--- /dev/null
+++ b/SecureBoot/siglists/dbx_list_SigList_Serialization.bin
Binary files differ
diff --git a/SecureBoot/siglists/dbx_list_SigList_Serialization.bin.p7 b/SecureBoot/siglists/dbx_list_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..1ee3110
--- /dev/null
+++ b/SecureBoot/siglists/dbx_list_SigList_Serialization.bin.p7
Binary files differ