54 files changed, 660 insertions, 221 deletions
diff --git a/DcsBoot/DcsBoot.c b/DcsBoot/DcsBoot.c
index 664afaa..7029a10 100644
--- a/DcsBoot/DcsBoot.c
+++ b/DcsBoot/DcsBoot.c
@@ -29,6 +29,7 @@ CHAR16            *gEfiExecCmdDefault = L"\\EFI\\Microsoft\\Boot\\Bootmgfw_ms.vc
 CHAR16            *gEfiExecCmdMS = L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi";
 CHAR16            *gEfiExecCmd = NULL;
 CHAR8             gDoExecCmdMsg[256];
+CONST CHAR8* 	  g_szMsBootString = "bootmgfw.pdb";
 
 EFI_STATUS
 DoExecCmd() 
@@ -58,6 +59,39 @@ DoExecCmd()
 	return res;
 }
 
+EFI_STATUS
+ExecMSWindowsLoader() {
+	
+	if (!EFI_ERROR(FileExist(NULL, gEfiExecCmdDefault)))
+		return EfiExec(NULL, gEfiExecCmdDefault);
+	else
+	{
+		if (!EFI_ERROR(FileExist(NULL, gEfiExecCmdMS)))
+		{
+			/* check if it is Microsoft one */
+			UINT8*      fileData = NULL;
+			UINTN       fileSize = 0;
+			BOOLEAN		bFound = FALSE;
+			if (!EFI_ERROR(FileLoad(NULL, gEfiExecCmdMS, &fileData, &fileSize)))
+			{
+				if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+				{
+					bFound = TRUE;
+				}
+			}
+			
+			MEM_FREE(fileData);
+			
+			if (bFound)
+				return EfiExec(NULL, gEfiExecCmdMS);
+		}
+
+		ERR_PRINT(L"Could not find the original Windows loader\r\n");
+		
+		return EFI_NOT_READY;
+	}
+}
+
 //////////////////////////////////////////////////////////////////////////
 // BML
 //////////////////////////////////////////////////////////////////////////
@@ -165,9 +199,33 @@ DcsBootMain(
 	EfiSetVar(L"DcsExecPartGuid", NULL, &ImagePartGuid, sizeof(EFI_GUID), EFI_VARIABLE_BOOTSERVICE_ACCESS);
 	EfiSetVar(L"DcsExecCmd", NULL, gEfiExecCmdDefault, (StrLen(gEfiExecCmdDefault) + 1) * 2, EFI_VARIABLE_BOOTSERVICE_ACCESS);
 	// Authorize
+	gBS->SetWatchdogTimer(0, 0, 0, NULL);
 	res = EfiExec(NULL, L"\\EFI\\VeraCrypt\\DcsInt.dcs");
-   if (EFI_ERROR(res)) {
+   if (EFI_ERROR(res) && (res != EFI_DCS_POSTEXEC_REQUESTED)) {
+
+      // Clear DcsExecPartGuid before execute OS to avoid problem in VirtualBox with reboot.
+      EfiSetVar(L"DcsExecPartGuid", NULL, NULL, 0, EFI_VARIABLE_BOOTSERVICE_ACCESS);
+      EfiSetVar(L"DcsExecCmd", NULL, NULL, 0, EFI_VARIABLE_BOOTSERVICE_ACCESS);
       // ERR_PRINT(L"\nDcsInt.efi %r\n",res);
+	  if (res == EFI_DCS_SHUTDOWN_REQUESTED)
+	  {
+		res = EFI_SUCCESS;
+		gST->RuntimeServices->ResetSystem(EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+	  }
+	  else if (res == EFI_DCS_REBOOT_REQUESTED)
+	  {
+		res = EFI_SUCCESS;
+		gST->RuntimeServices->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
+	  }
+	  else if (res == EFI_DCS_HALT_REQUESTED)
+	  {
+		  EfiCpuHalt();
+	  }
+	  else if (res == EFI_DCS_USER_CANCELED)
+	  {
+		  /* If user cancels password prompt, call original Windows loader */
+		  res = ExecMSWindowsLoader ();
+	  }
       return res;
    }
 
diff --git a/DcsCfg/DcsCfg.h b/DcsCfg/DcsCfg.h
index 4152fe9..379a8c0 100644
--- a/DcsCfg/DcsCfg.h
+++ b/DcsCfg/DcsCfg.h
@@ -89,18 +89,18 @@ OuterInit();
 extern UINTN gSecRigonCount;
 
 EFI_STATUS
-SecRigionMark();
+SecRegionMark();
 
 EFI_STATUS
-SecRigionWipe();
+SecRegionWipe();
 
 EFI_STATUS
-SecRigionAdd(
+SecRegionAdd(
 	IN UINTN       regIdx
 	);
 
 EFI_STATUS
-SecRigionDump(
+SecRegionDump(
 	IN EFI_HANDLE   hBio,
 	IN CHAR16       *prefix
 	);
diff --git a/DcsCfg/DcsCfg.inf b/DcsCfg/DcsCfg.inf
index c057b96..2557418 100644
--- a/DcsCfg/DcsCfg.inf
+++ b/DcsCfg/DcsCfg.inf
@@ -83,6 +83,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS    =  /D_UEFI
 DEBUG_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 NOOPT_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 
+RELEASE_VS2017_X64_CC_FLAGS  = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS    = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS    = /D_UEFI
+
 DEBUG_VS2010x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 RELEASE_VS2010x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
 NOOPT_VS2010x86_X64_DLINK_FLAGS    == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
@@ -91,6 +95,10 @@ DEBUG_VS2015x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
 RELEASE_VS2015x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
 NOOPT_VS2015x86_X64_DLINK_FLAGS    == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 
+DEBUG_VS2017_X64_DLINK_FLAGS    == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+RELEASE_VS2017_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
+NOOPT_VS2017_X64_DLINK_FLAGS    == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+
 [FeaturePcd]
 
 [Pcd]
diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c
index 390f5ca..986824d 100644
--- a/DcsCfg/DcsCfgCrypt.c
+++ b/DcsCfg/DcsCfgCrypt.c
@@ -60,7 +60,7 @@ AskEA() {
 	CHAR16 name[128];
 	for (ea = EAGetFirst(); ea != 0; ea = EAGetNext(ea))
 	{
-		EAGetName(name, ea, 1);
+		EAGetName(name, 128, ea, 1);
 		OUT_PRINT(L"(%d) %s\n", ea, name);
 	}
 	ea = (int)AskUINTN(":", EAGetFirst());
@@ -167,12 +167,19 @@ ChangePassword(
 			ZeroMem(&confirmPassword, sizeof(newPassword));
 			VCAskPwd(AskPwdNew, &newPassword);
 			if (gAuthPwdCode == AskPwdRetCancel) {
-				return EFI_NOT_READY;
+				return EFI_DCS_USER_CANCELED;
+			}
+			if (gAuthPwdCode == AskPwdRetTimeout) {
+				return EFI_TIMEOUT;
 			}
 			VCAskPwd(AskPwdConfirm, &confirmPassword);
 			if (gAuthPwdCode == AskPwdRetCancel) {
 				MEM_BURN(&newPassword, sizeof(newPassword));
-				return EFI_NOT_READY;
+				return EFI_DCS_USER_CANCELED;
+			}
+			if (gAuthPwdCode == AskPwdRetTimeout) {
+				MEM_BURN(&newPassword, sizeof(newPassword));
+				return EFI_TIMEOUT;
 			}
 			if (newPassword.Length == confirmPassword.Length) {
 				if (CompareMem(newPassword.Text, confirmPassword.Text, confirmPassword.Length) == 0) {
@@ -1601,7 +1608,7 @@ UsbScApdu(
 	EFI_STATUS res;
 	CE(InitUsb());
 	CE(UsbGetIO(gUSBHandles[UsbIndex], &UsbIo));
-	StrHexToBytes(cmd + sizeof(CCID_HEADER_OUT), &cmdLen, hexString);
+	DcsStrHexToBytes(cmd + sizeof(CCID_HEADER_OUT), &cmdLen, hexString);
 	CE(UsbScTransmit(UsbIo, cmd, cmdLen + sizeof(CCID_HEADER_OUT), resp, &respLen, &statusSc));
 	PrintBytes(resp, respLen);
 	return res;
@@ -1657,7 +1664,7 @@ UpdateDcsBoot() {
 UINTN gSecRigonCount = 0;
 
 EFI_STATUS
-SecRigionMark() 
+SecRegionMark() 
 {
 	UINT32      crc;
 	EFI_STATUS  res;
@@ -1700,7 +1707,7 @@ SecRigionMark()
 }
 
 EFI_STATUS
-SecRigionWipe()
+SecRegionWipe()
 {
 	EFI_STATUS  res;
 	CHAR8*      buf;
@@ -1754,7 +1761,7 @@ error:
 }
 
 EFI_STATUS
-SecRigionDump(
+SecRegionDump(
 	IN EFI_HANDLE   hBio,
 	IN CHAR16       *prefix
 	)
@@ -1763,9 +1770,9 @@ SecRigionDump(
 	EFI_BLOCK_IO_PROTOCOL*  bio;
 	DCS_AUTH_DATA_MARK*     adm = NULL;
 	UINT32                  crc;
-	UINT8*                  SecRegionData = NULL;
-	UINTN                   SecRegionSize = 0;
-	UINTN                   SecRegionOffset = 0;
+	UINT8*                  SecRegionDumpData = NULL;
+	UINTN                   SecRegionDumpSize = 0;
+	UINTN                   SecRegionDumpOffset = 0;
 	UINTN                   saveSize = 0;
 	UINTN                   idx = 0;
 	CHAR16                  name[128];
@@ -1790,42 +1797,42 @@ SecRigionDump(
 		res = EFI_INVALID_PARAMETER;
 	}
 
-	SecRegionSize = adm->AuthDataSize * 128 * 1024;
-	SecRegionData = MEM_ALLOC(SecRegionSize);
-	if (SecRegionData == NULL) {
+	SecRegionDumpSize = adm->AuthDataSize * 128 * 1024;
+	SecRegionDumpData = MEM_ALLOC(SecRegionDumpSize);
+	if (SecRegionDumpData == NULL) {
 		res = EFI_BUFFER_TOO_SMALL;
 		goto err;
 	}
-	CE(bio->ReadBlocks(bio, bio->Media->MediaId, 62, SecRegionSize, SecRegionData));
+	CE(bio->ReadBlocks(bio, bio->Media->MediaId, 62, SecRegionDumpSize, SecRegionDumpData));
 
 	do {
 		// EFI tables?
-		if (TablesVerify(SecRegionSize - SecRegionOffset, SecRegionData + SecRegionOffset)) {
-			EFI_TABLE_HEADER *mhdr = (EFI_TABLE_HEADER *)(SecRegionData + SecRegionOffset);
+		if (TablesVerify(SecRegionDumpSize - SecRegionDumpOffset, SecRegionDumpData + SecRegionDumpOffset)) {
+			EFI_TABLE_HEADER *mhdr = (EFI_TABLE_HEADER *)(SecRegionDumpData + SecRegionDumpOffset);
 			UINTN tblZones = (mhdr->HeaderSize + 1024 * 128 - 1) / (1024 * 128);
 			saveSize = tblZones * 1024 * 128;
 		}		else {
 			saveSize = 1024 * 128;
 		}
 		UnicodeSPrint(name, sizeof(name), L"%s%d", prefix, idx);
-		CE(FileSave(NULL, name, SecRegionData + SecRegionOffset, saveSize));
+		CE(FileSave(NULL, name, SecRegionDumpData + SecRegionDumpOffset, saveSize));
 		OUT_PRINT(L"%s saved\n", name);
 		idx += saveSize / (1024 * 128);
-		SecRegionOffset += saveSize;
-	} while (SecRegionOffset < SecRegionSize);
+		SecRegionDumpOffset += saveSize;
+	} while (SecRegionDumpOffset < SecRegionDumpSize);
 
 err:
 	if (EFI_ERROR(res)) {
 		ERR_PRINT(L"%r\n", res);
 	}
 	MEM_FREE(adm);
-	MEM_FREE(SecRegionData);
+	MEM_FREE(SecRegionDumpData);
 	return res;
 }
 
 
 EFI_STATUS
-SecRigionAdd(
+SecRegionAdd(
 	IN UINTN       regIdx
 )
 {
diff --git a/DcsCfg/DcsCfgMain.c b/DcsCfg/DcsCfgMain.c
index 5e5d819..8e3ad81 100644
--- a/DcsCfg/DcsCfgMain.c
+++ b/DcsCfg/DcsCfgMain.c
@@ -707,7 +707,7 @@ DcsCfgMain(
 			CONST CHAR16* opt = NULL;
 			opt = ShellCommandLineGetValue(Package, OPT_SECREGION_MARK);
 			gSecRigonCount = StrDecimalToUintn(opt);
-			SecRigionMark();
+			SecRegionMark();
 		}	else {
 			ERR_PRINT(L"Select disk and security region count");
 			return EFI_INVALID_PARAMETER;
@@ -719,7 +719,7 @@ DcsCfgMain(
 			CONST CHAR16* opt = NULL;
 			opt = ShellCommandLineGetValue(Package, OPT_SECREGION_WIPE);
 			gSecRigonCount = StrDecimalToUintn(opt);
-			SecRigionWipe();
+			SecRegionWipe();
 		}
 		else {
 			ERR_PRINT(L"Select disk and security region count");
@@ -734,7 +734,7 @@ DcsCfgMain(
 			UINTN secRegionIdx;
 			opt = ShellCommandLineGetValue(Package, OPT_SECREGION_ADD);
 			secRegionIdx = StrDecimalToUintn(opt);
-			SecRigionAdd(secRegionIdx);
+			SecRegionAdd(secRegionIdx);
 		}
 		else {
 			ERR_PRINT(L"Select disk and GPT file");
@@ -746,7 +746,7 @@ DcsCfgMain(
 		if (ShellCommandLineGetFlag(Package, OPT_DISK_START)) {
 			CONST CHAR16* opt = NULL;
 			opt = ShellCommandLineGetValue(Package, OPT_SECREGION_DUMP);
-			SecRigionDump(gBIOHandles[BioIndexStart], (CHAR16*)opt);
+			SecRegionDump(gBIOHandles[BioIndexStart], (CHAR16*)opt);
 		}	else {
 			ERR_PRINT(L"Select disk");
 			return EFI_INVALID_PARAMETER;
diff --git a/DcsInfo/DcsInfo.inf b/DcsInfo/DcsInfo.inf
index 64eadee..1a7789a 100644
--- a/DcsInfo/DcsInfo.inf
+++ b/DcsInfo/DcsInfo.inf
@@ -71,6 +71,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS    =  /D_UEFI
 DEBUG_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 NOOPT_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 
+RELEASE_VS2017_X64_CC_FLAGS    =  /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS    = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS    = /D_UEFI
+
 [FeaturePcd]
 
 [Pcd]
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c
index f7c3965..a8fe493 100644
--- a/DcsInt/DcsInt.c
+++ b/DcsInt/DcsInt.c
@@ -84,7 +84,7 @@ UINTN                   SecRegionOffset = 0;
 PCRYPTO_INFO            SecRegionCryptInfo = NULL;
 
 VOID
-CleanSensitiveData()
+CleanSensitiveData(BOOLEAN bClearBootParams)
 {
 	if (SecRegionCryptInfo != NULL) {
 		MEM_BURN(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
@@ -97,6 +97,10 @@ CleanSensitiveData()
 	if (SecRegionData != NULL) {
 		MEM_BURN(SecRegionData, SecRegionSize);
 	}
+	
+	if (bootParams != NULL && bClearBootParams) {
+		MEM_BURN(bootParams, sizeof(*bootParams));
+	}
 
 	if (gAutoPassword != NULL) {
 		MEM_BURN(gAutoPassword, MAX_PASSWORD);
@@ -105,7 +109,7 @@ CleanSensitiveData()
 
 void HaltPrint(const CHAR16* Msg)
 {
-	CleanSensitiveData();
+	CleanSensitiveData(TRUE);
 	Print(L"%s - system Halted\n", Msg);
 	EfiCpuHalt();
 }
@@ -160,29 +164,33 @@ PrepareBootParams(
 	IN PCRYPTO_INFO   cryptoInfo)
 {
 	BootArguments           *bootArgs;
-	if (bootParams == NULL) return EFI_UNSUPPORTED;
-	bootArgs = &bootParams->BootArgs;
-	TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
-	bootArgs->BootLoaderVersion = VERSION_NUM;
-	bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
-	bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
-	bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
-	CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
-	bootArgs->HiddenSystemPartitionStart = 0;
-	bootArgs->DecoySystemPartitionStart = 0;
-	bootArgs->BootDriveSignature = bootDriveSignature;
-	bootArgs->Flags = (uint32)(gAuthPim << 16);
-	bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
-	bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
-	bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
-	bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
-	SetSecRegionParamsMemory();
+	EFI_STATUS              status;
+	if (bootParams == NULL) status = EFI_UNSUPPORTED;
+	else {
+		bootArgs = &bootParams->BootArgs;
+		TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
+		bootArgs->BootLoaderVersion = VERSION_NUM;
+		bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
+		bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
+		bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
+		CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
+		bootArgs->HiddenSystemPartitionStart = 0;
+		bootArgs->DecoySystemPartitionStart = 0;
+		bootArgs->BootDriveSignature = bootDriveSignature;
+		bootArgs->Flags = (uint32)(gAuthPim << 16);
+		bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
+		bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
+		bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
+		bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
+		SetSecRegionParamsMemory();
+		status = EFI_SUCCESS;
+	}
 
 	// Clean auth data
 	MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
 	MEM_BURN(&gAuthPim, sizeof(gAuthPim));
 
-	return EFI_SUCCESS;
+	return status;
 }
 
 void GetIntersection(uint64 start1, uint32 length1, uint64 start2, uint64 end2, uint64 *intersectStart, uint32 *intersectLength)
@@ -563,12 +571,19 @@ SecRegionChangePwd() {
 		ZeroMem(&confirmPassword, sizeof(newPassword));
 		VCAskPwd(AskPwdNew, &newPassword);
 		if (gAuthPwdCode == AskPwdRetCancel) {
-			return EFI_NOT_READY;
+			return EFI_DCS_USER_CANCELED;
+		}
+		if (gAuthPwdCode == AskPwdRetTimeout) {
+			return EFI_TIMEOUT;
 		}
 		VCAskPwd(AskPwdConfirm, &confirmPassword);
 		if (gAuthPwdCode == AskPwdRetCancel) {
 			MEM_BURN(&newPassword, sizeof(newPassword));
-			return EFI_NOT_READY;
+			return EFI_DCS_USER_CANCELED;
+		}
+		if (gAuthPwdCode == AskPwdRetTimeout) {
+			MEM_BURN(&newPassword, sizeof(newPassword));
+			return EFI_TIMEOUT;
 		}
 		if (newPassword.Length == confirmPassword.Length) {
 			if (CompareMem(newPassword.Text, confirmPassword.Text, confirmPassword.Length) == 0) {
@@ -627,7 +642,7 @@ SecRegionChangePwd() {
 		if (key.UnicodeChar == 'r') {
 			MEM_BURN(&newPassword, sizeof(newPassword));
 			MEM_BURN(&confirmPassword, sizeof(confirmPassword));
-			CleanSensitiveData();
+			CleanSensitiveData(TRUE);
 			gST->RuntimeServices->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
 		}
 	}
@@ -675,7 +690,10 @@ SecRegionTryDecrypt()
 		SecRegionOffset = 0;
 		VCAuthAsk();
 		if (gAuthPwdCode == AskPwdRetCancel) {
-			return EFI_NOT_READY;
+			return EFI_DCS_USER_CANCELED;
+		}
+		if (gAuthPwdCode == AskPwdRetTimeout) {
+			return EFI_TIMEOUT;
 		}
 		OUT_PRINT(L"%a", gAuthStartMsg);
 		do {
@@ -698,6 +716,10 @@ SecRegionTryDecrypt()
 			break;
 		}	else {
 			ERR_PRINT(L"%a", gAuthErrorMsg);
+			// clear previous failed authentication information
+			MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+			if (gAuthPimRqt)
+				MEM_BURN(&gAuthPim, sizeof(gAuthPim));
 		}
 		retry--;
 	} while (vcres != 0 && retry > 0);
@@ -793,6 +815,8 @@ SecRegionTryDecrypt()
 enum OnExitTypes{
 	OnExitAuthFaild = 1,
 	OnExitAuthNotFound,
+	OnExitAuthTimeout,
+	OnExitAuthCancelled,
 	OnExitSuccess
 };
 
@@ -820,7 +844,7 @@ AsciiStrNStr(
 			++posp;
 			++pos2;
 		}
-		if (*pos2 == 0) return NULL;
+		if (*pos2 == 0 && *posp) return NULL;
 		if (*posp == 0) return pos1;
 		++pos1;
 	}
@@ -866,10 +890,17 @@ OnExit(
 	CHAR8* delayStr = NULL;
 	EFI_GUID *guid = NULL;
 	CHAR16  *fileStr  = NULL;
+	
+	if (EFI_ERROR(retValue))
+	{
+		CleanSensitiveData(TRUE);
+	}
+	
 	if (action == NULL) return retValue;
+
 	if (OnExitGetParam(action, "guid", &guidStr, NULL)) {
 		EFI_GUID tmp;
-		if (AsciiStrToGuid(&tmp, guidStr)) {
+		if (DcsAsciiStrToGuid(&tmp, guidStr)) {
 			guid = MEM_ALLOC(sizeof(EFI_GUID));
 			CopyMem(guid, &tmp, sizeof(EFI_GUID));
 		}
@@ -905,29 +936,43 @@ OnExit(
 	}
 
 	if (AsciiStrNStr(action, "halt") == action) {
-		EfiCpuHalt();
+		retValue = EFI_DCS_HALT_REQUESTED;
+	}
+
+	else if (AsciiStrNStr(action, "shutdown") == action) {
+		retValue = EFI_DCS_SHUTDOWN_REQUESTED;
+	}
+	
+	else if (AsciiStrNStr(action, "reboot") == action) {
+		retValue = EFI_DCS_REBOOT_REQUESTED;
 	}
 
-	if (AsciiStrNStr(action, "exec") == action) {
+	else if (AsciiStrNStr(action, "exec") == action) {
 		if (guid != NULL) {
 			EFI_STATUS res;
 			EFI_HANDLE h;
 			res = EfiFindPartByGUID(guid, &h);
 			if (EFI_ERROR(res)) {
 				ERR_PRINT(L"\nCan't find start partition\n");
-				EfiCpuHalt();
+				CleanSensitiveData(TRUE);
+				retValue = EFI_DCS_HALT_REQUESTED;
+				goto exit;
 			}
 			// Try to exec
 			if (fileStr != NULL) {				
 				res = EfiExec(h, fileStr);
 				if (EFI_ERROR(res)) {
 					ERR_PRINT(L"\nStart %s - %r\n", fileStr, res);
-					EfiCpuHalt();
+					CleanSensitiveData(TRUE);
+					retValue = EFI_DCS_HALT_REQUESTED;
+					goto exit;
 				}
 			}
 			else {
 				ERR_PRINT(L"\nNo EFI execution path specified. Halting!\n");
-				EfiCpuHalt();
+				CleanSensitiveData(TRUE);
+				retValue = EFI_DCS_HALT_REQUESTED;
+				goto exit;
 			}
 		}		
 
@@ -937,17 +982,19 @@ OnExit(
 		goto exit;
 	}
 
-	if (AsciiStrNStr(action, "postexec") == action) {
+	else if (AsciiStrNStr(action, "postexec") == action) {
 		if (guid != NULL) {
 			EfiSetVar(L"DcsExecPartGuid", NULL, &guid, sizeof(EFI_GUID), EFI_VARIABLE_BOOTSERVICE_ACCESS);
 		}
 		if (fileStr != NULL) {
 			EfiSetVar(L"DcsExecCmd", NULL, fileStr, (StrLen(fileStr) + 1) * 2, EFI_VARIABLE_BOOTSERVICE_ACCESS);
 		}
+
+		retValue = EFI_DCS_POSTEXEC_REQUESTED;
 		goto exit;
 	}
 
-	if (AsciiStrStr(action, "exit") == action) {
+	else if (AsciiStrStr(action, "exit") == action) {
 		goto exit;
 	}
 
@@ -973,7 +1020,7 @@ VirtualNotifyEvent(
 	)
 {
 	// Clean all sensible info and keys before transfer to OS
-	CleanSensitiveData();
+	CleanSensitiveData(FALSE);
 }
 
 //////////////////////////////////////////////////////////////////////////
@@ -1151,7 +1198,16 @@ UefiMain(
 	gST->ConIn->Reset(gST->ConIn, FALSE);
 
 	if (EFI_ERROR(res)) {
-		return OnExit(gOnExitFailed, OnExitAuthFaild, res);
+		// clear buffers with potential authentication data
+		MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+		MEM_BURN(&gAuthPim, sizeof(gAuthPim));
+
+		if (res == EFI_TIMEOUT)
+			return OnExit(gOnExitTimeout, OnExitAuthTimeout, res);
+		else if (res == EFI_DCS_USER_CANCELED)
+			return OnExit(gOnExitCancelled, OnExitAuthCancelled, res);
+		else
+			return OnExit(gOnExitFailed, OnExitAuthFaild, res);
 	}
 
 	res = PrepareBootParams(BootDriveSignature, SecRegionCryptInfo);
diff --git a/DcsInt/DcsInt.inf b/DcsInt/DcsInt.inf
index e79dcc6..1fa0a4c 100644
--- a/DcsInt/DcsInt.inf
+++ b/DcsInt/DcsInt.inf
@@ -78,6 +78,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS    =  /D_UEFI
 DEBUG_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 NOOPT_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 
+RELEASE_VS2017_X64_CC_FLAGS    =  /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS    = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS    = /D_UEFI
+
 DEBUG_VS2010x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 RELEASE_VS2010x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
 NOOPT_VS2010x86_X64_DLINK_FLAGS    == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
@@ -86,6 +90,9 @@ DEBUG_VS2015x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
 RELEASE_VS2015x86_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
 NOOPT_VS2015x86_X64_DLINK_FLAGS    == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 
+DEBUG_VS2017_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+RELEASE_VS2017_X64_DLINK_FLAGS  == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
+NOOPT_VS2017_X64_DLINK_FLAGS    == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 
 [FeaturePcd]
 
diff --git a/DcsRe/DcsRe.c b/DcsRe/DcsRe.c
index 7f4096f..aa6f2ed 100644
--- a/DcsRe/DcsRe.c
+++ b/DcsRe/DcsRe.c
@@ -21,11 +21,15 @@ https://opensource.org/licenses/LGPL-3.0
 #include "common/Tcdefs.h"
 
 #ifdef _M_X64
+#define ARCHdot L"x64."
 #define ARCHdotEFI L"x64.efi"
 #else
+#define ARCHdot L"IA32."
 #define ARCHdotEFI L"IA32.efi"
 #endif
 
+CONST CHAR8* g_szMsBootString = "bootmgfw.pdb";
+CONST CHAR16* g_szVcBootString = L"VeraCrypt";
 
 //////////////////////////////////////////////////////////////////////////
 // Menu
@@ -48,48 +52,56 @@ SelectEfiVolume()
 	EFI_FILE     *file;
 	EFI_FILE     **efiVolumes;
 	UINTN        efiVolumesCount = 0;
-	EFI_HANDLE   startHandle;
 	if (EfiBootVolume != NULL) return;
-	res = EfiGetStartDevice(&startHandle);
-	if (EFI_ERROR(res)) {
-		ERR_PRINT(L"GetStartDevice %r", res);
-		return;
-	}
+
 	efiVolumes = MEM_ALLOC(sizeof(EFI_FILE*) * gFSCount);
 	for (i = 0; i < gFSCount; ++i) {
+		if (gFSHandles[i] == gFileRootHandle)
+			continue;
 		res = FileOpenRoot(gFSHandles[i], &file);
-		if(EFI_ERROR(res)) continue;
-		if (!EFI_ERROR(FileExist(file, L"EFI\\Boot\\boot" ARCHdotEFI))) {
+		if(EFI_ERROR(res)) { ERR_PRINT(L"FileOpenRoot %r\n", res); continue;}
+		if (	!EFI_ERROR(FileExist(file, L"EFI\\Boot\\boot" ARCHdotEFI))
+			||	!EFI_ERROR(FileExist(file, L"EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+			||	!EFI_ERROR(FileExist(file, L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc"))
+			) 
+		{
 			efiVolumesCount++;
 			efiVolumes[i] = file;
-			if (gFSHandles[i] != startHandle) {
-				EfiBootVolumeIndex = i;
-				EfiBootVolume = file;
-			}
+			EfiBootVolumeIndex = i;
+			EfiBootVolume = file;
 		}	else {
 			FileClose(file);
 		}
 	}
-
-	for (i = 0; i < gFSCount; ++i) {
-		OUT_PRINT(L"%H%d)%N ", i);
-		if (efiVolumes[i] != NULL) {
-			if (gFSHandles[i] == startHandle) {
-				OUT_PRINT(L"%V [Boot Rescue] %N");
-			}
-			else {
+	
+	if (efiVolumesCount > 1)
+	{
+		for (i = 0; i < gFSCount; ++i) {
+			OUT_PRINT(L"%H%d)%N ", i);
+			if (efiVolumes[i] != NULL) {
 				OUT_PRINT(L"%V [Boot] %N");
 			}
+			EfiPrintDevicePath(gFSHandles[i]);
+			OUT_PRINT(L"\n");
 		}
-		EfiPrintDevicePath(gFSHandles[i]);
-		OUT_PRINT(L"\n");
-	}
 
-	do {
-		EfiBootVolumeIndex = AskUINTN("Select EFI boot volume:", EfiBootVolumeIndex);
-		if (EfiBootVolumeIndex >= gFSCount) continue;
-		EfiBootVolume = efiVolumes[EfiBootVolumeIndex];
-	} while (EfiBootVolume == NULL);
+		do {
+			EfiBootVolumeIndex = AskUINTN("Select EFI boot volume:", EfiBootVolumeIndex);
+			if (EfiBootVolumeIndex >= gFSCount) continue;
+			EfiBootVolume = efiVolumes[EfiBootVolumeIndex];
+		} while (EfiBootVolume == NULL);
+		
+		/* free unused descriptors */
+		for (i = 0; i < gFSCount; ++i) {
+			if (efiVolumes[i] != NULL && efiVolumes[i] != EfiBootVolume) {
+				FileClose(efiVolumes[i]);
+			}
+		}
+
+		OUT_PRINT (L"\n");
+	}
+	
+	
 	MEM_FREE(efiVolumes);
 }
 
@@ -113,6 +125,54 @@ ActionDcsBoot(IN VOID* ctx) {
 	return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\VeraCrypt\\DcsBoot.efi");
 }
 
+EFI_STATUS
+ActionWindowsBoot(IN VOID* ctx) {
+	if (AskConfirm("If Windows is encrypted, Windows original loader will fail to start.\r\nDo you want to continue? [N]", 1))
+	{
+		SelectEfiVolume();
+		if (EfiBootVolume == NULL) return EFI_NOT_READY;
+		if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc")))
+			return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc");
+		else
+		{
+			if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi")))
+			{
+				/* check if it is Microsoft one */
+				UINT8*      fileData = NULL;
+				UINTN       fileSize = 0;
+				BOOLEAN		bFound = FALSE;
+				if (!EFI_ERROR(FileLoad(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi", &fileData, &fileSize)))
+				{
+					if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+					{
+						bFound = TRUE;
+					}
+				}
+				
+				MEM_FREE(fileData);
+				
+				if (bFound)
+					return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw.efi");
+			}
+			
+			/* copy our backup copy and then boot from it*/
+			if (!EFI_ERROR(FileExist(NULL, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup")))
+			{
+				if (!EFI_ERROR(FileCopy(NULL, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup", EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", 1024 * 1024)))
+				{
+					return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc");
+				}
+			}
+
+			ERR_PRINT(L"Could not find the original Windows loader\r\n");
+			
+			return EFI_NOT_READY;
+		}
+	}
+	else
+		return EFI_SUCCESS;
+}
+
 CHAR16* DcsBootBins[] = {
 	L"EFI\\VeraCrypt\\DcsBoot.efi",
 	L"EFI\\VeraCrypt\\DcsInt.dcs",
@@ -130,11 +190,73 @@ ActionRestoreDcsLoader(IN VOID* ctx) {
 	UINTN i;
 	SelectEfiVolume();
 	if (EfiBootVolume == NULL) return EFI_NOT_READY;
+	
+	DirectoryCreate (EfiBootVolume, L"EFI\\VeraCrypt");
+	
 	for (i = 0; i < sizeof(DcsBootBins) / sizeof(CHAR16*); ++i) {
 		res = FileCopy(NULL, DcsBootBins[i], EfiBootVolume, DcsBootBins[i], 1024 * 1024);
 		if (EFI_ERROR(res)) return res;
 	}
-	return res;
+	/* restore standard boot file */
+	if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI)))
+	{
+		/* check if it is Microsoft one or ours */
+		UINT8*      fileData = NULL;
+		UINTN       fileSize = 0;
+		res = EFI_SUCCESS;
+		if (!EFI_ERROR(FileLoad(EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, &fileData, &fileSize)))
+		{
+			if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+			{
+				res = FileCopy(EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, EfiBootVolume, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup", 1024 * 1024);
+				if (!EFI_ERROR(res))
+					res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, 1024 * 1024);				
+			}
+			else if ((fileSize <= 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szVcBootString, StrLen (g_szVcBootString) * 2)))
+			{
+				res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, 1024 * 1024);
+			}
+			MEM_FREE(fileData);
+			
+			if (EFI_ERROR(res)) return res;
+		}		
+	}
+	else if (!EFI_ERROR(FileExist(EfiBootVolume, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup")))
+	{
+		res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"EFI\\Boot\\boot" ARCHdotEFI, 1024 * 1024);
+		if (EFI_ERROR(res)) return res;
+	}
+	
+	if (!EFI_ERROR(FileExist(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi")))
+	{
+		/* check if it is Microsoft one */
+		UINT8*      fileData = NULL;
+		UINTN       fileSize = 0;
+		res = EFI_SUCCESS;
+		if (!EFI_ERROR(FileLoad(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi", &fileData, &fileSize)))
+		{
+			if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+			{
+				res = FileCopy(EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw.efi", EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", 1024 * 1024);				
+			}
+
+			MEM_FREE(fileData);
+			
+			if (EFI_ERROR(res)) return res;
+		}
+
+		res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", 1024 * 1024);
+		if (EFI_ERROR(res)) return res;
+	}
+	else if (!EFI_ERROR(FileExist(EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc")))		
+	{
+		res = FileCopy(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi", EfiBootVolume, L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", 1024 * 1024);
+		if (EFI_ERROR(res)) return res;
+	}
+	
+	OUT_PRINT (L"\nVeraCrypt Loader restored to disk successfully\n\n");
+	
+	return EFI_SUCCESS;
 }
 
 CHAR16* sDcsBootEfi = L"EFI\\VeraCrypt\\DcsBoot.efi";
@@ -236,54 +358,67 @@ DcsReMain(
       ERR_PRINT(L"InitFS %r\n", res);
 		return res;
    }
+   
+	if (!EFI_ERROR(DirectoryExists(NULL, L"EFI\\VeraCrypt")))
+	{
+		item = DcsMenuAppend(NULL, L"Decrypt OS", 'd', ActionDecryptOS, NULL);
+		gMenu = item;
+		item = DcsMenuAppend(item, L"Restore VeraCrypt loader to boot menu", 'm', ActionRestoreDcsBootMenu, NULL);
+		item = DcsMenuAppend(item, L"Remove VeraCrypt loader from boot menu", 'z' , ActionRemoveDcsBootMenu, NULL);
+
+		if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsProp"))) {
+			item = DcsMenuAppend(item, L"Restore VeraCrypt loader configuration to system disk", 'c', ActionRestoreDcsProp, NULL);
+		}
 
-	item = DcsMenuAppend(NULL, L"Decrypt OS", 'd', ActionDecryptOS, NULL);
-	gMenu = item;
-	item = DcsMenuAppend(item, L"Restore VeraCrypt loader to boot menu", 'm', ActionRestoreDcsBootMenu, NULL);
-	item = DcsMenuAppend(item, L"Remove VeraCrypt loader from boot menu", 'z' , ActionRemoveDcsBootMenu, NULL);
-
-	if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsProp"))) {
-		item = DcsMenuAppend(item, L"Restore VeraCrypt loader configuration to system disk", 'c', ActionRestoreDcsProp, NULL);
-	}
-
-	if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\svh_bak"))) {
-		item = DcsMenuAppend(item, L"Restore OS header keys", 'k', ActionRestoreHeader, NULL);
-	}
+		if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\svh_bak"))) {
+			item = DcsMenuAppend(item, L"Restore OS header keys", 'k', ActionRestoreHeader, NULL);
+		}
 
-	if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi"))) {
-		item = DcsMenuAppend(item, L"Restore VeraCrypt loader binaries to system disk", 'r', ActionRestoreDcsLoader, NULL);
-		item = DcsMenuAppend(item, L"Boot VeraCrypt loader from rescue disk", 'v', ActionDcsBoot, NULL);
-	}
+		if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi"))) {
+			item = DcsMenuAppend(item, L"Restore VeraCrypt loader binaries to system disk", 'r', ActionRestoreDcsLoader, NULL);
+			item = DcsMenuAppend(item, L"Boot VeraCrypt loader from rescue disk", 'v', ActionDcsBoot, NULL);
+		}
+		
+		item = DcsMenuAppend(item, L"Boot Original Windows Loader", 'o', ActionWindowsBoot, NULL);
 
-	if (!EFI_ERROR(FileExist(NULL, L"EFI\\Boot\\WinPE_boot" ARCHdotEFI))) {
-		item = DcsMenuAppend(item, L"Boot Windows PE from rescue disk", 'w', ActionBootWinPE, NULL);
-	}
+		if (!EFI_ERROR(FileExist(NULL, L"EFI\\Boot\\WinPE_boot" ARCHdotEFI))) {
+			item = DcsMenuAppend(item, L"Boot Windows PE from rescue disk", 'w', ActionBootWinPE, NULL);
+		}
 
-	if (!EFI_ERROR(FileExist(NULL, L"EFI\\Shell\\Shell.efi"))) {
-		item = DcsMenuAppend(item, L"Boot Shell.efi from rescue disk", 's', ActionShell, NULL);
-	}
+		if (!EFI_ERROR(FileExist(NULL, L"EFI\\Shell\\Shell.efi"))) {
+			item = DcsMenuAppend(item, L"Boot Shell.efi from rescue disk", 's', ActionShell, NULL);
+		}
 
-	item = DcsMenuAppend(item, L"Help", 'h', ActionHelp, NULL);
-	item = DcsMenuAppend(item, L"Exit", 'e', ActionExit, NULL);
-	OUT_PRINT(L"%V%a rescue disk %a%N\n", TC_APP_NAME, VERSION_STRING);
-	gBS->SetWatchdogTimer(0, 0, 0, NULL);
-	do {
-		DcsMenuPrint(gMenu);
-		item = NULL;
-		key.UnicodeChar = 0;
-		while (item == NULL) {
-			item = gMenu;
-			key = GetKey();
-			while (item != NULL) {
-				if (item->Select == key.UnicodeChar) break;
-				item = item->Next;
+		item = DcsMenuAppend(item, L"Help", 'h', ActionHelp, NULL);
+		item = DcsMenuAppend(item, L"Exit", 'e', ActionExit, NULL);
+		OUT_PRINT(L"%V%a rescue disk %a%N\n", TC_APP_NAME, VERSION_STRING);
+		gBS->SetWatchdogTimer(0, 0, 0, NULL);
+		do {
+			DcsMenuPrint(gMenu);
+			item = NULL;
+			key.UnicodeChar = 0;
+			while (item == NULL) {
+				item = gMenu;
+				key = GetKey();
+				while (item != NULL) {
+					if (item->Select == key.UnicodeChar) break;
+					item = item->Next;
+				}
 			}
-		}
-		OUT_PRINT(L"%c\n",key.UnicodeChar);
-		res = item->Action(item->Context);
+			OUT_PRINT(L"%c\n",key.UnicodeChar);
+			res = item->Action(item->Context);
+			if (EFI_ERROR(res)) {
+				ERR_PRINT(L"%r\n", res);
+			}
+		} while (gContiniue);
+	}
+	else
+	{
+		/* No VeraCrypt folder. Boot directly from the hard drive */
+		res = ActionDcsBoot (NULL);
 		if (EFI_ERROR(res)) {
 			ERR_PRINT(L"%r\n", res);
 		}
-	} while (gContiniue);
+	}
 	return EFI_INVALID_PARAMETER;
 }
diff --git a/DcsRe/DcsRe.inf b/DcsRe/DcsRe.inf
index e103865..5aa63f5 100644
--- a/DcsRe/DcsRe.inf
+++ b/DcsRe/DcsRe.inf
@@ -68,6 +68,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS    =  /D_UEFI
 DEBUG_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 NOOPT_VS2015x86_X64_CC_FLAGS    = /D_UEFI
 
+RELEASE_VS2017_X64_CC_FLAGS    =  /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS    = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS    = /D_UEFI
+
 [FeaturePcd]
 
 [Pcd]
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h
index 9a15afd..2cf10d3 100644
--- a/Include/Library/CommonLib.h
+++ b/Include/Library/CommonLib.h
@@ -25,6 +25,16 @@ https://opensource.org/licenses/LGPL-3.0
 #include <Uefi/UefiGpt.h>
 
 //////////////////////////////////////////////////////////////////////////
+// Custom error codes
+//////////////////////////////////////////////////////////////////////////
+
+#define EFI_DCS_SHUTDOWN_REQUESTED	ENCODE_ERROR(0xDC50001)
+#define EFI_DCS_REBOOT_REQUESTED	ENCODE_ERROR(0xDC50002)
+#define EFI_DCS_HALT_REQUESTED		ENCODE_ERROR(0xDC50003)
+#define EFI_DCS_USER_CANCELED		ENCODE_ERROR(0xDC50004)
+#define EFI_DCS_POSTEXEC_REQUESTED	ENCODE_ERROR(0xDC50005)
+
+//////////////////////////////////////////////////////////////////////////
 // Check error 
 //////////////////////////////////////////////////////////////////////////
 extern UINTN gCELine;
@@ -72,6 +82,13 @@ PrepareMemory(
    IN UINTN    len,
    OUT VOID**  mem
    );
+   
+EFI_STATUS
+MemoryHasPattern (
+	CONST VOID* buffer,
+	UINTN bufferLen,
+	CONST VOID* pattern,
+	UINTN patternLen);
 
 //////////////////////////////////////////////////////////////////////////
 // handles
@@ -412,7 +429,7 @@ AsciiHexToByte(
 	);
 
 BOOLEAN
-AsciiStrToGuid(
+DcsAsciiStrToGuid(
 	OUT EFI_GUID  *guid, 
 	IN  CHAR8     *str
 	);
@@ -425,7 +442,7 @@ AsciiHexToBytes(
 	);
 
 BOOLEAN
-StrHexToBytes(
+DcsStrHexToBytes(
 	OUT UINT8  *b,
 	IN  UINTN  *bytesLen,
 	IN  CHAR16  *str
@@ -643,6 +660,18 @@ EFI_STATUS
 InitFS();
 
 EFI_STATUS
+DirectoryCreate(
+   IN    EFI_FILE*   root,
+   IN    CHAR16*     name
+   );
+   
+EFI_STATUS
+DirectoryExists(
+   IN    EFI_FILE*   root,
+   IN    CHAR16*     name
+   );
+
+EFI_STATUS
 FileOpenRoot(
    IN    EFI_HANDLE rootHandle,
    OUT   EFI_FILE** rootFile);
@@ -677,7 +706,7 @@ EFI_STATUS
 FileWrite(
    IN       EFI_FILE*   f,
    IN       VOID*       data,
-   IN OUT   UINTN*      bytes,
+   IN OUT   UINTN       bytes,
    IN OUT   UINT64*     position);
 
 UINTN
diff --git a/Include/Library/PasswordLib.h b/Include/Library/PasswordLib.h
index 25ee1aa..6289763 100644
--- a/Include/Library/PasswordLib.h
+++ b/Include/Library/PasswordLib.h
@@ -25,6 +25,7 @@ extern UINTN	gPasswordPictureCharsLen;
 extern UINT8	gPasswordVisible;
 extern UINT8	gPasswordProgress;
 extern int		gPasswordTimeout;
+extern UINTN	gKeyboardInputDelay;
 
 extern int		gPasswordShowMark;
 extern VOID*	gPictPwdBmp;
@@ -43,7 +44,8 @@ enum AskPwdType {
 enum AskPwdRetCode {
 	AskPwdRetCancel = 0,
 	AskPwdRetLogin  = 1,
-	AskPwdRetChange
+	AskPwdRetChange = 2,
+	AskPwdRetTimeout
 };
 
 VOID
diff --git a/Library/CommonLib/EfiConsole.c b/Library/CommonLib/EfiConsole.c
index 0d94235..daf087f 100644
--- a/Library/CommonLib/EfiConsole.c
+++ b/Library/CommonLib/EfiConsole.c
@@ -175,7 +175,7 @@ ConsoleShowTip(
 
 	// remove tip
 	for (i = 0; i < StrLen(tip); ++i) {
-		OUT_PRINT(L"\b \b", tip);
+		OUT_PRINT(L"\b \b");
 	}
 }
 
@@ -366,7 +366,7 @@ AsciiHexToByte(
 }
 
 BOOLEAN
-AsciiStrToGuid(
+DcsAsciiStrToGuid(
 	OUT EFI_GUID  *guid,
 	IN  CHAR8     *str
 	)
@@ -428,7 +428,7 @@ AsciiHexToBytes(
 }
 
 BOOLEAN
-StrHexToBytes(
+DcsStrHexToBytes(
 	OUT UINT8  *b,
 	IN  UINTN  *bytesLen,
 	IN  CHAR16  *str
diff --git a/Library/CommonLib/EfiFile.c b/Library/CommonLib/EfiFile.c
index fdc999c..4ea164e 100644
--- a/Library/CommonLib/EfiFile.c
+++ b/Library/CommonLib/EfiFile.c
@@ -42,6 +42,38 @@ InitFS() {
 }
 
 EFI_STATUS
+DirectoryCreate(
+   IN    EFI_FILE*   root,
+   IN    CHAR16*     name
+   )
+{
+   EFI_FILE*      file;
+   EFI_STATUS     res;
+   if (!name) { return EFI_INVALID_PARAMETER; }
+
+   res = FileOpen(root, name, &file, EFI_FILE_MODE_READ | EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE, EFI_FILE_DIRECTORY);
+   if (EFI_ERROR(res)) return res;
+   FileClose(file);
+   return res;
+}
+
+EFI_STATUS
+DirectoryExists(
+   IN    EFI_FILE*   root,
+   IN    CHAR16*     name
+   )
+{
+   EFI_FILE*      file;
+   EFI_STATUS     res;
+   if (!name) { return EFI_INVALID_PARAMETER; }
+
+   res = FileOpen(root, name, &file, EFI_FILE_MODE_READ, EFI_FILE_DIRECTORY);
+   if (EFI_ERROR(res)) return res;
+   FileClose(file);
+   return EFI_SUCCESS;
+}
+
+EFI_STATUS
 FileOpenRoot(
    IN    EFI_HANDLE rootHandle,
    OUT   EFI_FILE** rootFile)
@@ -131,12 +163,14 @@ EFI_STATUS
 FileWrite(
    IN       EFI_FILE*   f, 
    IN       VOID*       data,
-   IN OUT   UINTN*      bytes, 
+   IN OUT   UINTN      bytes, 
    IN OUT   UINT64*     position) 
 {
    EFI_STATUS res;
+   UINTN remaining;
+   UINT8* pbData = (UINT8*) data;
 
-   if (!f || !data || !bytes) { 
+   if (!f || !data) { 
       return EFI_INVALID_PARAMETER; 
    }
    if (position != NULL) {
@@ -145,7 +179,20 @@ FileWrite(
          return res;
       }
    }
-   res = f->Write(f, bytes, data);
+   remaining = bytes;
+   res = f->Write(f, &bytes, pbData);
+   if (!EFI_ERROR(res)) {
+	   remaining -= bytes;
+	   pbData += bytes;
+	   bytes = remaining;
+	   while ((remaining > 0) && !EFI_ERROR(res))
+	   {
+		   res = f->Write(f, &bytes, pbData);
+		   remaining -= bytes;
+		   pbData += bytes;
+		   bytes = remaining;
+ 	   }
+   }
    if (position != NULL) {
       f->GetPosition(f, position);
    }
@@ -265,12 +312,11 @@ FileSave(
 {
    EFI_FILE*      file;
    EFI_STATUS     res;
-   UINTN          sz = size;
    if (!data || !name) { return EFI_INVALID_PARAMETER; }
    FileDelete(root, name);
    res = FileOpen(root, name, &file, EFI_FILE_MODE_READ | EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE, 0);
    if (EFI_ERROR(res)) return res;
-   res = FileWrite(file, data, &sz, NULL);
+   res = FileWrite(file, data, size, NULL);
    FileClose(file);
    return res;
 }
@@ -348,7 +394,8 @@ FileCopy(
 		res = EFI_BUFFER_TOO_SMALL;
 		goto copyerr;
 	}
-
+	
+	FileDelete (dstroot, dst);
 	res = FileOpen(dstroot, dst, &dstfile, EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, 0);
 	if (EFI_ERROR(res)) goto copyerr;
 
@@ -356,7 +403,7 @@ FileCopy(
 		datasz = remains > bufSz ? bufSz : remains;
 		res =FileRead(srcfile, data, &datasz, NULL);
 		if (EFI_ERROR(res)) goto copyerr;
-		res = FileWrite(dstfile, data, &datasz, NULL);
+		res = FileWrite(dstfile, data, datasz, NULL);
 		if (EFI_ERROR(res)) goto copyerr;
 		remains -= datasz;
 	} while (remains > 0);
diff --git a/Library/CommonLib/EfiMem.c b/Library/CommonLib/EfiMem.c
index d9386c0..872d3de 100644
--- a/Library/CommonLib/EfiMem.c
+++ b/Library/CommonLib/EfiMem.c
@@ -72,3 +72,30 @@ PrepareMemory(
    *mem = buf;
    return status;
 }
+
+//////////////////////////////////////////////////////////////////////////
+// Memory misc
+//////////////////////////////////////////////////////////////////////////
+EFI_STATUS MemoryHasPattern (
+	CONST VOID* buffer,
+	UINTN bufferLen,
+	CONST VOID* pattern,
+	UINTN patternLen)
+{
+	EFI_STATUS status = EFI_NOT_FOUND;
+	if (patternLen <= bufferLen)
+	{
+		UINTN i;
+		CONST UINT8* memPtr = (CONST UINT8*) buffer;
+		for (i = 0; i <= (bufferLen - patternLen); ++i)
+		{
+			if (CompareMem (&memPtr[i], pattern, patternLen) == 0)
+			{
+				status = EFI_SUCCESS;
+				break;
+			}
+		}
+	}
+
+	return status;
+}
diff --git a/Library/DcsCfgLib/DcsCfgLib.inf b/Library/DcsCfgLib/DcsCfgLib.inf
index d199bb1..2dd0aab 100644
--- a/Library/DcsCfgLib/DcsCfgLib.inf
+++ b/Library/DcsCfgLib/DcsCfgLib.inf
@@ -74,6 +74,10 @@ DEBUG_VS2015x86_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE
 RELEASE_VS2015x86_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
 NOOPT_VS2015x86_X64_CC_FLAGS       == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
 
+DEBUG_VS2017_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS       == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+
 RELEASE_VS2010x86_X64_NASM_FLAGS    = -Xvc -d_UEFI=1
 DEBUG_VS2010x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
 NOOPT_VS2010x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
@@ -81,3 +85,7 @@ NOOPT_VS2010x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
 RELEASE_VS2015x86_X64_NASM_FLAGS    = -Xvc -d_UEFI=1
 DEBUG_VS2015x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
 NOOPT_VS2015x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
+
+RELEASE_VS2017_X64_NASM_FLAGS    = -Xvc -d_UEFI=1
+DEBUG_VS2017_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
+NOOPT_VS2017_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c
index bae8f1e..1cb2b35 100644
--- a/Library/DcsCfgLib/GptEdit.c
+++ b/Library/DcsCfgLib/GptEdit.c
@@ -161,7 +161,7 @@ GptLoadFromDisk(
 		EFI_PARTITION_ENTRY *part;
 		part = &GptMainEntrys[i];
 		if (CompareMem(&gEfiPartTypeSystemPartGuid, &part->PartitionTypeGUID, sizeof(EFI_GUID)) == 0) {
-			CHAR16*   defExec = L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi";
+			CHAR16*   defExec = L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc";
 			DeExecParams = MEM_ALLOC(sizeof(*DeExecParams));
 			ZeroMem(DeExecParams, sizeof(*DeExecParams));
 			CopyMem(&DeExecParams->ExecPartGuid, &part->UniquePartitionGUID, sizeof(EFI_GUID));
@@ -289,13 +289,13 @@ DeListSaveToFile() {
 				UINTN pad;
 				len = (UINTN)DeList->DE[i].Length;
 				pad = (((len + 511) >> 9) << 9) - len;
-				res = FileWrite(file, DeData[i], &len, NULL);
+				res = FileWrite(file, DeData[i], len, NULL);
 				if (EFI_ERROR(res)) {
 					ERR_PRINT(L"Write: %r\n", res);
 					goto error;
 				}
 				if (pad > 0) {
-					res = FileWrite(file, pad512buf, &pad, NULL);
+					res = FileWrite(file, pad512buf, pad, NULL);
 					if (EFI_ERROR(res)) {
 						ERR_PRINT(L"Write: %r\n", res);
 						goto error;
@@ -636,7 +636,7 @@ GptAskGUID(
 		ok = TRUE;
 	}
 	else {
-		ok = AsciiStrToGuid(&result, buf);
+		ok = DcsAsciiStrToGuid(&result, buf);
 		if (ok) {
 			CopyMem(guid, &result, sizeof(result));
 		}
diff --git a/Library/DcsTpmLib/Tpm20.c b/Library/DcsTpmLib/Tpm20.c
index 3ddc4df..182742e 100644
--- a/Library/DcsTpmLib/Tpm20.c
+++ b/Library/DcsTpmLib/Tpm20.c
@@ -539,7 +539,7 @@ DcsTpm2NvRead(
 {
 	EFI_STATUS                res;
 	TPMI_SH_AUTH_SESSION      SessionHandle = 0;
-	UINT32                    PcrMask,
+	UINT32                    PcrMask;
 
 	CE(DcsTpm2NVReadPcrMask(&PcrMask));
 
diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c
index 43e03e6..8270290 100644
--- a/Library/PasswordLib/ConsolePassword.c
+++ b/Library/PasswordLib/ConsolePassword.c
@@ -29,6 +29,8 @@ AskConsolePwdInt(
 	EFI_INPUT_KEY key;
 	UINT32 count = 0;
 	UINTN i;
+	
+	if ((asciiLine != NULL) && (line_max >= 1)) asciiLine[0] = '\0';
 
 	gST->ConOut->EnableCursor(gST->ConOut, TRUE);
 	if (gPasswordTimeout) {
@@ -36,20 +38,21 @@ AskConsolePwdInt(
 		UINTN          EventIndex = 0;
 		InputEvents[0] = gST->ConIn->WaitForKey;
 		gBS->CreateEvent(EVT_TIMER, 0, (EFI_EVENT_NOTIFY)NULL, NULL, &InputEvents[1]);
-		gBS->SetTimer(InputEvents[1], TimerPeriodic, 10000000 * gPasswordTimeout);
+		gBS->SetTimer(InputEvents[1], TimerRelative, 10000000 * gPasswordTimeout);
 		gBS->WaitForEvent(2, InputEvents, &EventIndex);
-		gPasswordTimeout = 0;
+		gBS->SetTimer(InputEvents[1], TimerCancel, 0);
 		gBS->CloseEvent(InputEvents[1]);
 		if (EventIndex == 1) {
-			*retCode = AskPwdRetCancel;
+			*retCode = AskPwdRetTimeout;
 			return ;
 		}
 	}
 
 	do {
 		key = GetKey();
-		// Remove dirty chars 0.1s
-		FlushInputDelay(100000);
+		// Remove dirty chars
+		if (gKeyboardInputDelay)
+			FlushInputDelay(gKeyboardInputDelay * 1000);
 		
 		if (key.ScanCode == SCAN_ESC) {
 			*retCode = AskPwdRetCancel;
@@ -63,19 +66,21 @@ AskConsolePwdInt(
 
 		if (key.ScanCode == SCAN_F5) {
 			show = show ? 0 : 1;
-			if (show) {
-				for (i = 0; i < count; i++) {
-					OUT_PRINT(L"\b");
-				}
-				OUT_PRINT(L"%a", asciiLine);
-			}
-			else {
-				for (i = 0; i < count; i++) {
-					OUT_PRINT(L"\b");
+			if (count > 0) {
+				if (show) {
+					for (i = 0; i < count; i++) {
+						OUT_PRINT(L"\b");
+					}
+					OUT_PRINT(L"%a", asciiLine);
 				}
-				if (gPasswordProgress) {
+				else {
 					for (i = 0; i < count; i++) {
-						OUT_PRINT(L"*");
+						OUT_PRINT(L"\b");
+					}
+					if (gPasswordProgress) {
+						for (i = 0; i < count; i++) {
+							OUT_PRINT(L"*");
+						}
 					}
 				}
 			}
diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c
index b2d8fad..7ce4014 100644
--- a/Library/PasswordLib/PicturePassword.c
+++ b/Library/PasswordLib/PicturePassword.c
@@ -32,6 +32,7 @@ UINT8		gPasswordVisible = 0;
 int		gPasswordShowMark = 1;
 UINT8		gPasswordProgress = 1;
 int		gPasswordTimeout = 0;
+UINTN     gKeyboardInputDelay = 100;
 
 int		gPlatformLocked = 0;
 int		gTPMLocked = 0;
@@ -285,7 +286,6 @@ AskPictPwdInt(
 	CHAR8          pwdNewChar = 0;
 
 	if (gPasswordTimeout) {
-		UINTN          EventIndex = 0;
 		InputEvents[0] = gST->ConIn->WaitForKey;
 		eventsCount = 2;
 		if (gTouchPointer != NULL) {
diff --git a/Library/VeraCryptLib/DcsProp b/Library/VeraCryptLib/DcsProp
index e0b6691..c9ca1ff 100644
--- a/Library/VeraCryptLib/DcsProp
+++ b/Library/VeraCryptLib/DcsProp
@@ -6,7 +6,7 @@
          0 - text message is displayed
          PasswordMsg to specify message
          1 - touch picture password if touch is supported by EFI. check PlatformInfo
-         PasswordPicture to specify bitmap
+         PasswordPicture to specify bitmap (only support BITMAPINFOHEADER format)
     -->
     <config key="PasswordType">0</config>
     <config key="PasswordMsg">Password:</config>
@@ -179,4 +179,4 @@ Hash:</config-->
     <config key="BeepControl">1</config>
 
   </configuration>
-</VeraCrypt>
-\ No newline at end of file
+</VeraCrypt>
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c
index 5d9be88..c165d9f 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.c
+++ b/Library/VeraCryptLib/DcsVeraCrypt.c
@@ -81,13 +81,15 @@ UINT8 gForcePasswordProgress = 1;
 CHAR8* gOnExitFailed = NULL;
 CHAR8* gOnExitSuccess = NULL;
 CHAR8* gOnExitNotFound = NULL;
+CHAR8* gOnExitTimeout = NULL;
+CHAR8* gOnExitCancelled = NULL;
 
 //////////////////////////////////////////////////////////////////////////
 // Authorize
 /////////////////////////////////////////////////////////////////////////
 
 #define VCCONFIG_ALLOC(data, size)       \
-        if(data == NULL) MEM_FREE(data); \
+        if(data != NULL) MEM_FREE(data); \
         data = MEM_ALLOC(size);
 
 VOID
@@ -147,7 +149,8 @@ VCAuthLoadConfig()
 	gPasswordProgress = (UINT8)ConfigReadInt("AuthorizeProgress", 1); // print "*"
 	gPasswordVisible = (UINT8)ConfigReadInt("AuthorizeVisible", 0);   // show chars
 	gPasswordShowMark = ConfigReadInt("AuthorizeMarkTouch", 1);       // show touch points
-	gPasswordTimeout = (UINT8)ConfigReadInt("PasswordTimeout", 0);   // If no password for <seconds> => <ESC>
+	gPasswordTimeout = (UINTN)ConfigReadInt("PasswordTimeout", 180);   // If no password for <seconds> => <ESC>
+	gKeyboardInputDelay = (UINTN)ConfigReadInt("KeyboardInputDelay", 100); // minimum number of ms between two valid key strokes, anything between is discarded
 
 	gDcsBootForce = ConfigReadInt("DcsBootForce", 1);                 // Ask password even if no USB marked found. 
 
@@ -181,12 +184,16 @@ VCAuthLoadConfig()
 	ConfigReadString("ActionNotFound", "Exit", gOnExitNotFound, MAX_MSG);
 	VCCONFIG_ALLOC(gOnExitFailed, MAX_MSG);
 	ConfigReadString("ActionFailed", "Exit", gOnExitFailed, MAX_MSG);
+	VCCONFIG_ALLOC(gOnExitTimeout, MAX_MSG);
+	ConfigReadString("ActionTimeout", "Shutdown", gOnExitTimeout, MAX_MSG);
+	VCCONFIG_ALLOC(gOnExitCancelled, MAX_MSG);
+	ConfigReadString("ActionCancelled", "Exit", gOnExitCancelled, MAX_MSG);
 
 	strTemp = MEM_ALLOC(MAX_MSG);
 	ConfigReadString("PartitionGuidOS", "", strTemp, MAX_MSG);
 	if (strTemp[0] != 0) {
 		EFI_GUID g;
-		if (AsciiStrToGuid(&g, strTemp)) {
+		if (DcsAsciiStrToGuid(&g, strTemp)) {
 			VCCONFIG_ALLOC(gPartitionGuidOS, sizeof(EFI_GUID));
 			if (gPartitionGuidOS != NULL) {
 				memcpy(gPartitionGuidOS, &g, sizeof(g));
@@ -321,7 +328,7 @@ VCAskPwd(
 						ERR_PRINT(L"%r\n", res);
 					}
 				} while (gCfgMenuContinue);
-				if (gAuthPwdCode == AskPwdRetCancel) {
+				if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
 					return;
 				}
 			}
@@ -331,7 +338,7 @@ VCAskPwd(
 			gAutoLogin = 0;
 			gAuthPwdCode = AskPwdRetLogin;
 			vcPwd->Length = (unsigned int)strlen(gAutoPassword);
-			strcpy(vcPwd->Text, gAutoPassword);
+			AsciiStrCpyS(vcPwd->Text, sizeof(vcPwd->Text), gAutoPassword);
 		}
 		else {
 			if (gAuthPasswordType == 1 &&
@@ -355,7 +362,7 @@ VCAskPwd(
 				AskConsolePwdInt(&vcPwd->Length, vcPwd->Text, &gAuthPwdCode, sizeof(vcPwd->Text), gPasswordVisible);
 			}
 
-			if (gAuthPwdCode == AskPwdRetCancel) {
+			if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
 				return;
 			}
 		}
@@ -394,9 +401,11 @@ VCAskPwd(
 VOID
 VCAuthAsk() 
 {
+	MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
 	VCAskPwd(AskPwdLogin, &gAuthPassword);
 
-	if (gAuthPwdCode == AskPwdRetCancel) {
+	if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
+		MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
 		return;
 	}
 
@@ -414,7 +423,7 @@ VCAuthAsk()
 	if (gAuthHashRqt) {
 		do {
 			gAuthHash = AskInt(gAuthHashMsg, gPasswordVisible);
-		} while (gAuthHash < 0 || gAuthHash > 4);
+		} while (gAuthHash < 0 || gAuthHash > 5);
 	}
 }
 
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.h b/Library/VeraCryptLib/DcsVeraCrypt.h
index f7a3c8f..1f25ae9 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.h
+++ b/Library/VeraCryptLib/DcsVeraCrypt.h
@@ -74,6 +74,8 @@ extern UINT8 gForcePasswordProgress;
 extern CHAR8* gOnExitFailed;
 extern CHAR8* gOnExitSuccess;
 extern CHAR8* gOnExitNotFound;
+extern CHAR8* gOnExitTimeout;
+extern CHAR8* gOnExitCancelled;
 
 void
 VCAuthAsk();
diff --git a/Library/VeraCryptLib/VeraCryptLib.inf b/Library/VeraCryptLib/VeraCryptLib.inf
index 359782c..5006cfc 100644
--- a/Library/VeraCryptLib/VeraCryptLib.inf
+++ b/Library/VeraCryptLib/VeraCryptLib.inf
@@ -42,8 +42,11 @@ crypto\Aestab.h
 crypto\Aes_hw_cpu.nasm
 crypto\Aes_hw_cpu.h
 crypto\config.h
-crypto\Rmd160.c
-crypto\Rmd160.h
+crypto\blake2s.c
+crypto\blake2s_SSE2.c
+crypto\blake2s_SSE41.c
+crypto\blake2s_SSSE3.c
+crypto\blake2.h
 crypto\Serpent.c
 crypto\Serpent.h
 crypto\Sha2.c
@@ -52,8 +55,6 @@ crypto\Twofish.c
 crypto\Twofish.h
 crypto\Whirlpool.c
 crypto\Whirlpool.h
-crypto\GostCipher.c
-crypto\GostCipher.h
 crypto\Streebog.c
 crypto\Streebog.h
 crypto\kuznyechik.c
@@ -69,7 +70,6 @@ DcsVeraCrypt.h
 
 [Sources.X64]
 crypto\Aes_x64.nasm
-crypto\Gost89_x64.nasm
 
 [Sources.IA32]
 llmath.c
@@ -120,6 +120,10 @@ DEBUG_VS2015x86_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE
 RELEASE_VS2015x86_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
 NOOPT_VS2015x86_X64_CC_FLAGS       == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
 
+DEBUG_VS2017_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS     == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS       == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+
 RELEASE_VS2010x86_X64_NASM_FLAGS    = -Xvc -d_UEFI=1
 DEBUG_VS2010x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
 NOOPT_VS2010x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
@@ -127,3 +131,7 @@ NOOPT_VS2010x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
 RELEASE_VS2015x86_X64_NASM_FLAGS    = -Xvc -d_UEFI=1
 DEBUG_VS2015x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
 NOOPT_VS2015x86_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
+
+RELEASE_VS2017_X64_NASM_FLAGS    = -Xvc -d_UEFI=1
+DEBUG_VS2017_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
+NOOPT_VS2017_X64_NASM_FLAGS      = -Xvc -d_UEFI=1
diff --git a/Library/VeraCryptLib/mklinks_src.bat b/Library/VeraCryptLib/mklinks_src.bat
index f87bc60..ca28f5b 100644
--- a/Library/VeraCryptLib/mklinks_src.bat
+++ b/Library/VeraCryptLib/mklinks_src.bat
@@ -41,9 +41,6 @@ call :create_link common\Xts.c
 call :create_link common\Xts.h
 
 if NOT EXIST crypto mkdir crypto
-call :create_link crypto\GostCipher.c
-call :create_link crypto\GostCipher.h
-call :create_link crypto\Gost89_x64.asm Gost89_x64.nasm
 call :create_link crypto\Streebog.c
 call :create_link crypto\Streebog.h
 call :create_link crypto\kuznyechik.c
@@ -61,8 +58,15 @@ call :create_link crypto\cpu.h
 call :create_link crypto\cpu.c
 call :create_link crypto\config.h
 call :create_link crypto\misc.h
-call :create_link crypto\Rmd160.c
-call :create_link crypto\Rmd160.h
+call :create_link crypto\blake2s.c
+call :create_link crypto\blake2.h
+call :create_link crypto\blake2-impl.h
+call :create_link crypto\blake2s_SSE2.c
+call :create_link crypto\blake2s_SSE41.c
+call :create_link crypto\blake2s_SSSE3.c
+call :create_link crypto\blake2s-load-sse2.h
+call :create_link crypto\blake2s-load-sse41.h
+call :create_link crypto\blake2s-round.h
 call :create_link crypto\Serpent.c
 call :create_link crypto\Serpent.h
 call :create_link crypto\Sha2.c
diff --git a/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt b/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt
new file mode 100644
index 0000000..0ea2204
--- /dev/null
+++ b/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt
diff --git a/SecureBoot/certs/Acer_Wistron_Secure_Flash_2013-05-17.crt b/SecureBoot/certs/Acer_Wistron_Secure_Flash_2013-05-17.crt
new file mode 100644
index 0000000..ef90358
--- /dev/null
+++ b/SecureBoot/certs/Acer_Wistron_Secure_Flash_2013-05-17.crt
diff --git a/SecureBoot/certs/Dell_CompalA31CSMB_2012-07-17.crt b/SecureBoot/certs/Dell_CompalA31CSMB_2012-07-17.crt
new file mode 100644
index 0000000..cd79bf3
--- /dev/null
+++ b/SecureBoot/certs/Dell_CompalA31CSMB_2012-07-17.crt
diff --git a/SecureBoot/certs/Intel_CISD_FW_Update_2017-08-30.crt b/SecureBoot/certs/Intel_CISD_FW_Update_2017-08-30.crt
new file mode 100644
index 0000000..020b6f9
--- /dev/null
+++ b/SecureBoot/certs/Intel_CISD_FW_Update_2017-08-30.crt
diff --git a/SecureBoot/certs/OriginPC_OWN_CA_2018-01-09.crt b/SecureBoot/certs/OriginPC_OWN_CA_2018-01-09.crt
new file mode 100644
index 0000000..7f84964
--- /dev/null
+++ b/SecureBoot/certs/OriginPC_OWN_CA_2018-01-09.crt
diff --git a/SecureBoot/certs/Panasonic_Corporation_db_CA_2013-03-31.crt b/SecureBoot/certs/Panasonic_Corporation_db_CA_2013-03-31.crt
new file mode 100644
index 0000000..d839ce2
--- /dev/null
+++ b/SecureBoot/certs/Panasonic_Corporation_db_CA_2013-03-31.crt
diff --git a/SecureBoot/certs/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05.crt b/SecureBoot/certs/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05.crt
new file mode 100644
index 0000000..ca4ebf0
--- /dev/null
+++ b/SecureBoot/certs/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05.crt
diff --git a/SecureBoot/sb_set_siglists.ps1 b/SecureBoot/sb_set_siglists.ps1
index e4b66de..ccb25ab 100644
--- a/SecureBoot/sb_set_siglists.ps1
+++ b/SecureBoot/sb_set_siglists.ps1
@@ -1,6 +1,8 @@
 Set-ExecutionPolicy Bypass -Force
 Import-Module secureboot
 
+$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition
+
 try
 {
 	Set-SecureBootUEFI -Name dbx -Time 2018-07-05T00:00:00Z -Content $null
@@ -13,16 +15,16 @@ catch
 }
 
 Write-Host "Setting KEK-signed content of dbx..."
-Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\dbx_list_SigList.bin -SignedFilePath siglists\dbx_list_SigList_Serialization.bin.p7 -Name dbx
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\dbx_list_SigList.bin -SignedFilePath $scriptPath\siglists\dbx_list_SigList_Serialization.bin.p7 -Name dbx
 
 Write-Host "Setting KEK-signed DCS cert in db..."
-Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\DCS_sign_SigList.bin -SignedFilePath siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\DCS_sign_SigList.bin -SignedFilePath $scriptPath\siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db
 
 Write-Host "Setting KEK-signed MS cert in db..."
-Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath $scriptPath\siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 Write-Host "Setting KEK-signed MS UEFI cert in db..."
-Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath $scriptPath\siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 # Add any additional certificate that already existed in your original db variable (see output of dumpEfiVars tool)
 # Below is a list of commands for each manufacturer. Uncommand only the lines that correspond to your configuration
@@ -30,53 +32,70 @@ Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\MicCorUE
 
 ############### Acer ###############
 # Write-Host "Setting KEK-signed Acer certs in db..."
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Acer_2012-05-31_SigList.bin -SignedFilePath siglists\Acer_2012-05-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Acer_Database_2013-07-10_SigList.bin -SignedFilePath siglists\Acer_Database_2013-07-10_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Acer_db_Manufacture_2015-06-17_SigList.bin -SignedFilePath siglists\Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Acer_LINPUS_2012-10-09_SigList.bin -SignedFilePath siglists\Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Acer_Quanta_NB4_2012-07-18_SigList.bin -SignedFilePath siglists\Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Acer_ABO_2010-12-31_SigList.bin -SignedFilePath siglists\Acer_ABO_2010-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Acer_DisablePW_2012-12-31_SigList.bin -SignedFilePath siglists\Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_2012-05-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_2012-05-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Database_2013-07-10_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Database_2013-07-10_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_db_Manufacture_2015-06-17_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2018-04-19_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Quanta_NB4_2012-07-18_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_ABO_2010-12-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_ABO_2010-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_DisablePW_2012-12-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09-standalone_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 ############### ASUS ###############
 # Write-Host "Setting KEK-signed ASUS certs in db..."
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList.bin -SignedFilePath siglists\ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList.bin -SignedFilePath siglists\ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Canonical_Master_CA_2012_04_12_SigList.bin -SignedFilePath siglists\Canonical_Master_CA_2012_04_12_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList.bin -SignedFilePath $scriptPath\siglists\ASUSTeK_MotherBoard_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList.bin -SignedFilePath $scriptPath\siglists\ASUSTeK_Notebook_SW_Key_Certificate_2011-12_27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Canonical_Master_CA_2012_04_12_SigList.bin -SignedFilePath $scriptPath\siglists\Canonical_Master_CA_2012_04_12_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 ############### DELL ###############
 # Write-Host "Setting KEK-signed Dell cert in db..."
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Dell_UEFI_DB_2016_06_03_SigList.bin -SignedFilePath siglists\Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Dell_UEFI_DB_2016_06_03_SigList.bin -SignedFilePath $scriptPath\siglists\Dell_UEFI_DB_2016_06_03_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Dell_CompalA31CSMB_2012-07-17_SigList.bin -SignedFilePath $scriptPath\siglists\Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 ############### HP ###############
 # Write-Host "Setting KEK-signed HP cert in db..."
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList.bin -SignedFilePath siglists\HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList.bin -SignedFilePath siglists\HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList.bin -SignedFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_2013_DB_key_2013_08_23_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList.bin -SignedFilePath $scriptPath\siglists\HP_UEFI_Secure_Boot_DB_2017_2017-01-20_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### Intel ###############
+# Write-Host "Setting KEK-signed Intel cert in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Intel_CISD_FW_Update_2017-08-30_SigList.bin -SignedFilePath $scriptPath\siglists\Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
 
 ############### Lenovo ###############
 # Write-Host "Setting KEK-signed Lenovo certs in db..."
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_1T110-1415ISK-2016-02-17_SigList.bin -SignedFilePath siglists\Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_DCU31-80E31-80_2015-03-03_SigList.bin -SignedFilePath siglists\Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_ThinkPad_Product_CA_2012-06-29_SigList.bin -SignedFilePath siglists\Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_UEFI_CA_2014-01-24_SigList.bin -SignedFilePath siglists\Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_2JYoga910_2015-12-02_SigList.bin -SignedFilePath siglists\Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_LCFC_2015-05-29_SigList.bin -SignedFilePath siglists\Lenovo_LCFC_2015-05-29_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_Mocca_2012-06-20_SigList.bin -SignedFilePath siglists\Lenovo_Mocca_2012-06-20_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Lenovo_4MYoga720-15IKB_2016-11-09_SigList.bin -SignedFilePath siglists\Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_1T110-1415ISK-2016-02-17_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_1T110-1415ISK-2016-02-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_DCU31-80E31-80_2015-03-03_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_DCU31-80E31-80_2015-03-03_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_ThinkPad_Product_CA_2012-06-29_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_ThinkPad_Product_CA_2012-06-29_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_UEFI_CA_2014-01-24_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_UEFI_CA_2014-01-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_2JYoga910_2015-12-02_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_2JYoga910_2015-12-02_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_LCFC_2015-05-29_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_LCFC_2015-05-29_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_Mocca_2012-06-20_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_Mocca_2012-06-20_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Lenovo_4MYoga720-15IKB_2016-11-09_SigList.bin -SignedFilePath $scriptPath\siglists\Lenovo_4MYoga720-15IKB_2016-11-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 ############### MSI ###############
 # Write-Host "Setting KEK-signed MSI certs in db..."
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\MSI_SHIP_OWN_CA_2012-06-09_SigList.bin -SignedFilePath siglists\MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\MSI_SHIP_OWN_CA_2012-06-09_SigList.bin -SignedFilePath $scriptPath\siglists\MSI_SHIP_OWN_CA_2012-06-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### OriginPC ###############
+# Write-Host "Setting KEK-signed OriginPC certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\OriginPC_OWN_CA_2018-01-09_SigList.bin -SignedFilePath $scriptPath\siglists\OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+############### Panasonic ###############
+# Write-Host "Setting KEK-signed Panasonic certs in db..."
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Panasonic_Corporation_db_CA_2013-03-31_SigList.bin -SignedFilePath $scriptPath\siglists\Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 ############### Toshiba ###############
 # Write-Host "Setting KEK-signed Toshiba certs in db..."
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Toshiba_Corporation_Utility_CA_2012-08-10_SigList.bin -SignedFilePath siglists\Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Toshiba_QCI_2012-07-24_SigList.bin -SignedFilePath siglists\Toshiba_QCI_2012-07-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\Toshiba_QCI_Shell_2012-07-24_SigList.bin -SignedFilePath siglists\Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Toshiba_Corporation_Utility_CA_2012-08-10_SigList.bin -SignedFilePath $scriptPath\siglists\Toshiba_Corporation_Utility_CA_2012-08-10_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Toshiba_QCI_2012-07-24_SigList.bin -SignedFilePath $scriptPath\siglists\Toshiba_QCI_2012-07-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Toshiba_QCI_Shell_2012-07-24_SigList.bin -SignedFilePath $scriptPath\siglists\Toshiba_QCI_Shell_2012-07-24_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
 
 Write-Host "Setting PK-signed KEK..."
-Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\DCS_key_exchange_SigList.bin -SignedFilePath siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\DCS_key_exchange_SigList.bin -SignedFilePath $scriptPath\siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK
 
 Write-Host "Setting self-signed PK..."
-Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath siglists\DCS_platform_SigList.bin -SignedFilePath siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK
+Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\DCS_platform_SigList.bin -SignedFilePath $scriptPath\siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK
 
diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin
new file mode 100644
index 0000000..c69e029
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin
diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin
new file mode 100644
index 0000000..b8b6aa8
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin
diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..60247bf
--- /dev/null
+++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7
diff --git a/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin
new file mode 100644
index 0000000..8b315e7
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin
diff --git a/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin
new file mode 100644
index 0000000..f6ad491
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin
diff --git a/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..19e3455
--- /dev/null
+++ b/SecureBoot/siglists/Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7
diff --git a/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList.bin b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList.bin
new file mode 100644
index 0000000..59fbcce
--- /dev/null
+++ b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList.bin
diff --git a/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin
new file mode 100644
index 0000000..0c74499
--- /dev/null
+++ b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin
diff --git a/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..c0b0378
--- /dev/null
+++ b/SecureBoot/siglists/Dell_CompalA31CSMB_2012-07-17_SigList_Serialization.bin.p7
diff --git a/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList.bin b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList.bin
new file mode 100644
index 0000000..426dec3
--- /dev/null
+++ b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList.bin
diff --git a/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin
new file mode 100644
index 0000000..3ca95db
--- /dev/null
+++ b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin
diff --git a/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..80b2c69
--- /dev/null
+++ b/SecureBoot/siglists/Intel_CISD_FW_Update_2017-08-30_SigList_Serialization.bin.p7
diff --git a/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList.bin b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList.bin
new file mode 100644
index 0000000..81a82ad
--- /dev/null
+++ b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList.bin
diff --git a/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin
new file mode 100644
index 0000000..8294bfc
--- /dev/null
+++ b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin
diff --git a/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7 b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..1632b02
--- /dev/null
+++ b/SecureBoot/siglists/OriginPC_OWN_CA_2018-01-09_SigList_Serialization.bin.p7
diff --git a/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList.bin b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList.bin
new file mode 100644
index 0000000..70a3321
--- /dev/null
+++ b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList.bin
diff --git a/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin
new file mode 100644
index 0000000..64c1cc7
--- /dev/null
+++ b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin
diff --git a/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..6527a83
--- /dev/null
+++ b/SecureBoot/siglists/Panasonic_Corporation_db_CA_2013-03-31_SigList_Serialization.bin.p7
diff --git a/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList.bin b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList.bin
new file mode 100644
index 0000000..f5ebfab
--- /dev/null
+++ b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList.bin
diff --git a/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin
new file mode 100644
index 0000000..802ea0d
--- /dev/null
+++ b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin
diff --git a/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin.p7
new file mode 100644
index 0000000..b6a7d17
--- /dev/null
+++ b/SecureBoot/siglists/Samsung_SEC_PRODUCTION_KeyUEFI_2012-07-05_SigList_Serialization.bin.p7