From 67031da928735e1d3b6bfca8d393a07d98e478dd Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 14 Aug 2016 23:45:10 +0200
Subject: Windows: Add DCS EFI Bootloader files that are signed. Add
 certificates and powershell script to update Secure Boot configuration.

---
 src/Boot/EFI/sb_set_siglists.ps1 | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 src/Boot/EFI/sb_set_siglists.ps1

(limited to 'src/Boot/EFI/sb_set_siglists.ps1')

diff --git a/src/Boot/EFI/sb_set_siglists.ps1 b/src/Boot/EFI/sb_set_siglists.ps1
new file mode 100644
index 00000000..5f664f21
--- /dev/null
+++ b/src/Boot/EFI/sb_set_siglists.ps1
@@ -0,0 +1,22 @@
+Set-ExecutionPolicy Bypass -Force
+Import-Module secureboot
+
+Set-SecureBootUEFI -Name PK -Time 2015-09-11 -Content $null
+Set-SecureBootUEFI -Name KEK -Time 2015-09-11 -Content $null
+Set-SecureBootUEFI -Name db -Time 2015-09-11 -Content $null
+Set-SecureBootUEFI -Name dbx -Time 2015-09-11 -Content $null
+
+Write-Host "Setting self-signed PK..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_platform_SigList.bin -SignedFilePath siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK
+
+Write-Host "Setting PK-signed KEK..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_key_exchange_SigList.bin -SignedFilePath siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK
+
+Write-Host "Setting KEK-signed DCS cert in db..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_sign_SigList.bin -SignedFilePath siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db
+
+Write-Host "Setting KEK-signed MS cert in db..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+Write-Host "Setting KEK-signed MS UEFI cert in db..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-- 
cgit v1.2.3