VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Boot/EFI/Readme.txt
diff options
context:
space:
mode:
Diffstat (limited to 'src/Boot/EFI/Readme.txt')
-rw-r--r--src/Boot/EFI/Readme.txt9
1 files changed, 4 insertions, 5 deletions
diff --git a/src/Boot/EFI/Readme.txt b/src/Boot/EFI/Readme.txt
index f396b324..9ba94023 100644
--- a/src/Boot/EFI/Readme.txt
+++ b/src/Boot/EFI/Readme.txt
@@ -17,19 +17,18 @@ Here the steps to build VeraCrypt-DCS (Visual Studio 2010 SP1 should be installe
* After the build is finished, EFI bootloader files will be present at edk2\Build\DcsPkg\RELEASE_VS2010x86\X64
Secure Boot:
-In order to allow VeraCrypt EFI bootloader to run when EFI Secure Boot is enabled, VeraCrypt EFI bootloader files are signed
-using a custom key whose public part can be loader into Secure Boot to allow the verification of VeraCrypt EFI files.
+In order to allow VeraCrypt EFI bootloader to run when EFI Secure Boot is enabled, VeraCrypt EFI bootloader files are signed by custom key(DCS_sign) whose public part can be loaded into Secure Boot to allow verification of VeraCrypt EFI files.
-below are instruction to update Secure Boot configuration:
+to update Secure Boot configuration steps:
1. Enter BIOS configuration
2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key.
3. Boot Windows
4. execute from admin command prompt
- powershell -File sb_set_siglists.ps1
+ powershell -ExecutionPolicy Bypass -File sb_set_siglists.ps1
It sets in PK (platform key) - DCS_platform
It sets in KEK (key exchange key) - DCS_key_exchange
It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27
All DCS modules are protected by DCS_sign.
All Windows modules are protected by MicWinProPCA2011_2011-10-19
-All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27 \ No newline at end of file
+All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27 \ No newline at end of file