From 67031da928735e1d3b6bfca8d393a07d98e478dd Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 14 Aug 2016 23:45:10 +0200
Subject: Windows: Add DCS EFI Bootloader files that are signed. Add
 certificates and powershell script to update Secure Boot configuration.

---
 src/Boot/EFI/Readme.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 src/Boot/EFI/Readme.txt

(limited to 'src/Boot/EFI/Readme.txt')

diff --git a/src/Boot/EFI/Readme.txt b/src/Boot/EFI/Readme.txt
new file mode 100644
index 00000000..882c247a
--- /dev/null
+++ b/src/Boot/EFI/Readme.txt
@@ -0,0 +1,13 @@
+To update secure boot configuration
+1. Enter BIOS configuration
+2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key.
+3. Boot Windows
+4. execute from admin command prompt
+   powershell -File sb_set_siglists.ps1
+It sets in PK (platform key) - DCS_platform
+It sets in KEK (key exchange key) - DCS_key_exchange
+It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27 
+
+All DCS modules are protected by DCS_sign. 
+All Windows modules are protected by MicWinProPCA2011_2011-10-19
+All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27 
\ No newline at end of file
-- 
cgit v1.2.3