diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-08-14 23:45:10 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-08-15 01:09:19 +0200 |
| commit | 67031da928735e1d3b6bfca8d393a07d98e478dd (patch) | |
| tree | f3ac60427bf39de06357eb41e5ebe4da8cdee157 /src/Boot/EFI/sb_set_siglists.ps1 | |
| parent | 87ee61bcb1fcad9e18f703485a04781ff9f6fa53 (diff) | |
| download | VeraCrypt-67031da928735e1d3b6bfca8d393a07d98e478dd.tar.gz VeraCrypt-67031da928735e1d3b6bfca8d393a07d98e478dd.zip | |
Windows: Add DCS EFI Bootloader files that are signed. Add certificates and powershell script to update Secure Boot configuration.
Diffstat (limited to 'src/Boot/EFI/sb_set_siglists.ps1')
| -rw-r--r-- | src/Boot/EFI/sb_set_siglists.ps1 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/Boot/EFI/sb_set_siglists.ps1 b/src/Boot/EFI/sb_set_siglists.ps1 new file mode 100644 index 00000000..5f664f21 --- /dev/null +++ b/src/Boot/EFI/sb_set_siglists.ps1 @@ -0,0 +1,22 @@ +Set-ExecutionPolicy Bypass -Force +Import-Module secureboot + +Set-SecureBootUEFI -Name PK -Time 2015-09-11 -Content $null +Set-SecureBootUEFI -Name KEK -Time 2015-09-11 -Content $null +Set-SecureBootUEFI -Name db -Time 2015-09-11 -Content $null +Set-SecureBootUEFI -Name dbx -Time 2015-09-11 -Content $null + +Write-Host "Setting self-signed PK..." +Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_platform_SigList.bin -SignedFilePath siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK + +Write-Host "Setting PK-signed KEK..." +Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_key_exchange_SigList.bin -SignedFilePath siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK + +Write-Host "Setting KEK-signed DCS cert in db..." +Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_sign_SigList.bin -SignedFilePath siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db + +Write-Host "Setting KEK-signed MS cert in db..." +Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true + +Write-Host "Setting KEK-signed MS UEFI cert in db..." +Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true |