Windows: Add DCS EFI Bootloader files that are signed. Add certificates and powershell script to update Secure Boot configuration.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2016-08-14 23:45:10 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2016-08-15 01:09:19 +0200
commit: 67031da928735e1d3b6bfca8d393a07d98e478dd (patch)
tree: f3ac60427bf39de06357eb41e5ebe4da8cdee157 /src/Boot/EFI/Readme.txt
parent: 87ee61bcb1fcad9e18f703485a04781ff9f6fa53 (diff)
download: VeraCrypt-67031da928735e1d3b6bfca8d393a07d98e478dd.tar.gz
VeraCrypt-67031da928735e1d3b6bfca8d393a07d98e478dd.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/src/Boot/EFI/Readme.txt b/src/Boot/EFI/Readme.txt
new file mode 100644
index 00000000..882c247a
--- /dev/null
+++ b/src/Boot/EFI/Readme.txt
@@ -0,0 +1,13 @@
+To update secure boot configuration
+1. Enter BIOS configuration
+2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key.
+3. Boot Windows
+4. execute from admin command prompt
+   powershell -File sb_set_siglists.ps1
+It sets in PK (platform key) - DCS_platform
+It sets in KEK (key exchange key) - DCS_key_exchange
+It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27 
+
+All DCS modules are protected by DCS_sign. 
+All Windows modules are protected by MicWinProPCA2011_2011-10-19
+All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27 
+\ No newline at end of file
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2016-08-14 23:45:10 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2016-08-15 01:09:19 +0200
commit	67031da928735e1d3b6bfca8d393a07d98e478dd (patch)
tree	f3ac60427bf39de06357eb41e5ebe4da8cdee157 /src/Boot/EFI/Readme.txt
parent	87ee61bcb1fcad9e18f703485a04781ff9f6fa53 (diff)
download	VeraCrypt-67031da928735e1d3b6bfca8d393a07d98e478dd.tar.gz VeraCrypt-67031da928735e1d3b6bfca8d393a07d98e478dd.zip