diff options
Diffstat (limited to 'src/Boot/EFI')
37 files changed, 3 insertions, 46 deletions
diff --git a/src/Boot/EFI/DcsBml.efi b/src/Boot/EFI/DcsBml.efi Binary files differdeleted file mode 100644 index d03dc4a7..00000000 --- a/src/Boot/EFI/DcsBml.efi +++ /dev/null diff --git a/src/Boot/EFI/DcsBml32.efi b/src/Boot/EFI/DcsBml32.efi Binary files differdeleted file mode 100644 index 81b604c0..00000000 --- a/src/Boot/EFI/DcsBml32.efi +++ /dev/null diff --git a/src/Boot/EFI/DcsBoot.efi b/src/Boot/EFI/DcsBoot.efi Binary files differindex 412a1876..02884df9 100644 --- a/src/Boot/EFI/DcsBoot.efi +++ b/src/Boot/EFI/DcsBoot.efi diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi Binary files differindex ce819931..1447e98b 100644 --- a/src/Boot/EFI/DcsBoot32.efi +++ b/src/Boot/EFI/DcsBoot32.efi diff --git a/src/Boot/EFI/DcsCfg.efi b/src/Boot/EFI/DcsCfg.efi Binary files differindex 0f52f191..82dc446a 100644 --- a/src/Boot/EFI/DcsCfg.efi +++ b/src/Boot/EFI/DcsCfg.efi diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi Binary files differindex f8164886..899197ff 100644 --- a/src/Boot/EFI/DcsCfg32.efi +++ b/src/Boot/EFI/DcsCfg32.efi diff --git a/src/Boot/EFI/DcsInfo.efi b/src/Boot/EFI/DcsInfo.efi Binary files differindex 900b3b16..15810f4d 100644 --- a/src/Boot/EFI/DcsInfo.efi +++ b/src/Boot/EFI/DcsInfo.efi diff --git a/src/Boot/EFI/DcsInfo32.efi b/src/Boot/EFI/DcsInfo32.efi Binary files differindex b0b02fe4..ddb1e64b 100644 --- a/src/Boot/EFI/DcsInfo32.efi +++ b/src/Boot/EFI/DcsInfo32.efi diff --git a/src/Boot/EFI/DcsInt.efi b/src/Boot/EFI/DcsInt.efi Binary files differindex 5a16f531..3816327a 100644 --- a/src/Boot/EFI/DcsInt.efi +++ b/src/Boot/EFI/DcsInt.efi diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi Binary files differindex 7a3447a5..36d7b61f 100644 --- a/src/Boot/EFI/DcsInt32.efi +++ b/src/Boot/EFI/DcsInt32.efi diff --git a/src/Boot/EFI/DcsRe.efi b/src/Boot/EFI/DcsRe.efi Binary files differindex be6860c3..599f7026 100644 --- a/src/Boot/EFI/DcsRe.efi +++ b/src/Boot/EFI/DcsRe.efi diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi Binary files differindex b0e6817f..f2a935b7 100644 --- a/src/Boot/EFI/DcsRe32.efi +++ b/src/Boot/EFI/DcsRe32.efi diff --git a/src/Boot/EFI/LegacySpeaker.efi b/src/Boot/EFI/LegacySpeaker.efi Binary files differindex 5f49a76a..034c760b 100644 --- a/src/Boot/EFI/LegacySpeaker.efi +++ b/src/Boot/EFI/LegacySpeaker.efi diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi Binary files differindex e92ec411..5b52ba9f 100644 --- a/src/Boot/EFI/LegacySpeaker32.efi +++ b/src/Boot/EFI/LegacySpeaker32.efi diff --git a/src/Boot/EFI/Readme.txt b/src/Boot/EFI/Readme.txt index 9ba94023..ed732bc2 100644 --- a/src/Boot/EFI/Readme.txt +++ b/src/Boot/EFI/Readme.txt @@ -1,34 +1,16 @@ The source code for VeraCrypt EFI bootloader files is available at: https://github.com/veracrypt/VeraCrypt-DCS -Use tag "VeraCrypt_1.18" to extract the sources that were used when building VeraCrypt 1.18. -VeraCrypt-DCS uses EDK II as its UEFI development environement. +VeraCrypt-DCS uses EDK II as its UEFI development environment. VeraCrypt-DCS is licensed under LGPL: https://github.com/veracrypt/VeraCrypt-DCS/blob/master/LICENSE Here the steps to build VeraCrypt-DCS (Visual Studio 2010 SP1 should be installed) - * Clone EDK: git clone https://github.com/tianocore/tianocore.github.io.git edk2 + * Clone EDK: git clone https://github.com/tianocore/edk2.git edk2 * Switch to UDK2015 branche: git checkout UDK2015 - * Clone VeraCrypt-DCS as DcsPkg inside edk2 folder: git clone https://github.com/veracrypt/VeraCrypt-DCS.git DcsPkg + * Clone VeraCrypt-DCS as DcsPkg inside edk2 folder: git clone https://github.com/veracrypt/VeraCrypt-DCS.git DcsPkg * Switch to VeraCrypt_1.18 branche: git checkout VeraCrypt_1.18 * Setup EDK by typing edksetup.bat at the root of folder edk2 * change directoty to DcsPkg and then type setenv.bat. * change directory to DcsPkg\Library\VeraCryptLib and then type mklinks_src.bat: you will be asked to provide the path to VeraCrypt src folder. * change directory to DcsPkg and then type dcs_bld.bat X64Rel * After the build is finished, EFI bootloader files will be present at edk2\Build\DcsPkg\RELEASE_VS2010x86\X64 - -Secure Boot: -In order to allow VeraCrypt EFI bootloader to run when EFI Secure Boot is enabled, VeraCrypt EFI bootloader files are signed by custom key(DCS_sign) whose public part can be loaded into Secure Boot to allow verification of VeraCrypt EFI files. - -to update Secure Boot configuration steps: -1. Enter BIOS configuration -2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key. -3. Boot Windows -4. execute from admin command prompt - powershell -ExecutionPolicy Bypass -File sb_set_siglists.ps1 -It sets in PK (platform key) - DCS_platform -It sets in KEK (key exchange key) - DCS_key_exchange -It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27 - -All DCS modules are protected by DCS_sign. -All Windows modules are protected by MicWinProPCA2011_2011-10-19 -All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27
\ No newline at end of file diff --git a/src/Boot/EFI/certs/DCS_key_exchange.crt b/src/Boot/EFI/certs/DCS_key_exchange.crt Binary files differdeleted file mode 100644 index 80bc7ca4..00000000 --- a/src/Boot/EFI/certs/DCS_key_exchange.crt +++ /dev/null diff --git a/src/Boot/EFI/certs/DCS_platform.crt b/src/Boot/EFI/certs/DCS_platform.crt Binary files differdeleted file mode 100644 index a7cf8ce9..00000000 --- a/src/Boot/EFI/certs/DCS_platform.crt +++ /dev/null diff --git a/src/Boot/EFI/certs/DCS_sign.crt b/src/Boot/EFI/certs/DCS_sign.crt Binary files differdeleted file mode 100644 index f0538dbb..00000000 --- a/src/Boot/EFI/certs/DCS_sign.crt +++ /dev/null diff --git a/src/Boot/EFI/certs/MicCorUEFCA2011_2011-06-27.crt b/src/Boot/EFI/certs/MicCorUEFCA2011_2011-06-27.crt Binary files differdeleted file mode 100644 index 9aa6ac6c..00000000 --- a/src/Boot/EFI/certs/MicCorUEFCA2011_2011-06-27.crt +++ /dev/null diff --git a/src/Boot/EFI/certs/MicWinProPCA2011_2011-10-19.crt b/src/Boot/EFI/certs/MicWinProPCA2011_2011-10-19.crt Binary files differdeleted file mode 100644 index a6d001c2..00000000 --- a/src/Boot/EFI/certs/MicWinProPCA2011_2011-10-19.crt +++ /dev/null diff --git a/src/Boot/EFI/certs/Readme.txt b/src/Boot/EFI/certs/Readme.txt deleted file mode 100644 index 6663a5d1..00000000 --- a/src/Boot/EFI/certs/Readme.txt +++ /dev/null @@ -1,3 +0,0 @@ -Apart from DCS certificates, there are two public DB entries - one for Windows and one for the UEFI Certificate Authority (CA). -Windows DB: http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt -UEFI DB: http://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt diff --git a/src/Boot/EFI/sb_set_siglists.ps1 b/src/Boot/EFI/sb_set_siglists.ps1 deleted file mode 100644 index 5f664f21..00000000 --- a/src/Boot/EFI/sb_set_siglists.ps1 +++ /dev/null @@ -1,22 +0,0 @@ -Set-ExecutionPolicy Bypass -Force -Import-Module secureboot - -Set-SecureBootUEFI -Name PK -Time 2015-09-11 -Content $null -Set-SecureBootUEFI -Name KEK -Time 2015-09-11 -Content $null -Set-SecureBootUEFI -Name db -Time 2015-09-11 -Content $null -Set-SecureBootUEFI -Name dbx -Time 2015-09-11 -Content $null - -Write-Host "Setting self-signed PK..." -Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_platform_SigList.bin -SignedFilePath siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK - -Write-Host "Setting PK-signed KEK..." -Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_key_exchange_SigList.bin -SignedFilePath siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK - -Write-Host "Setting KEK-signed DCS cert in db..." -Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_sign_SigList.bin -SignedFilePath siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db - -Write-Host "Setting KEK-signed MS cert in db..." -Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true - -Write-Host "Setting KEK-signed MS UEFI cert in db..." -Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true diff --git a/src/Boot/EFI/siglists/DCS_key_exchange_SigList.bin b/src/Boot/EFI/siglists/DCS_key_exchange_SigList.bin Binary files differdeleted file mode 100644 index 62f5cc6f..00000000 --- a/src/Boot/EFI/siglists/DCS_key_exchange_SigList.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin b/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin Binary files differdeleted file mode 100644 index 1cffcf0c..00000000 --- a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin.p7 Binary files differdeleted file mode 100644 index 1e9d29ae..00000000 --- a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin.p7 +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_platform_SigList.bin b/src/Boot/EFI/siglists/DCS_platform_SigList.bin Binary files differdeleted file mode 100644 index 0b6d7e12..00000000 --- a/src/Boot/EFI/siglists/DCS_platform_SigList.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin b/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin Binary files differdeleted file mode 100644 index e8fbf79a..00000000 --- a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin.p7 Binary files differdeleted file mode 100644 index 19cb86db..00000000 --- a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin.p7 +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_sign_SigList.bin b/src/Boot/EFI/siglists/DCS_sign_SigList.bin Binary files differdeleted file mode 100644 index 9a3f568b..00000000 --- a/src/Boot/EFI/siglists/DCS_sign_SigList.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin b/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin Binary files differdeleted file mode 100644 index de58d77d..00000000 --- a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin.p7 Binary files differdeleted file mode 100644 index 01753a8b..00000000 --- a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin.p7 +++ /dev/null diff --git a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin b/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin Binary files differdeleted file mode 100644 index 413ccab9..00000000 --- a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin b/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin Binary files differdeleted file mode 100644 index 735d9626..00000000 --- a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 Binary files differdeleted file mode 100644 index ed8cefda..00000000 --- a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 +++ /dev/null diff --git a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList.bin b/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList.bin Binary files differdeleted file mode 100644 index ac542ca0..00000000 --- a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin b/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin Binary files differdeleted file mode 100644 index 9138dae9..00000000 --- a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin +++ /dev/null diff --git a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 Binary files differdeleted file mode 100644 index b08c60a3..00000000 --- a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 +++ /dev/null |