diff options
author | Alex <kavsrf@gmail.com> | 2016-08-15 17:11:31 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-08-15 17:14:26 +0200 |
commit | b87fc6b140772ba3017de311c7063c259424264c (patch) | |
tree | 41ad139e7469380704361ae757a155464e8b68e3 /SecureBoot/sb_set_siglists.ps1 | |
parent | 68ea2f72cfe6a9b34212ced97882e488c73c8f1d (diff) | |
download | VeraCrypt-DCS-b87fc6b140772ba3017de311c7063c259424264c.tar.gz VeraCrypt-DCS-b87fc6b140772ba3017de311c7063c259424264c.zip |
First public release. Used by VeraCrypt 1.18.VeraCrypt_1.18_PreRelease
Diffstat (limited to 'SecureBoot/sb_set_siglists.ps1')
-rw-r--r-- | SecureBoot/sb_set_siglists.ps1 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/SecureBoot/sb_set_siglists.ps1 b/SecureBoot/sb_set_siglists.ps1 new file mode 100644 index 0000000..ae53ca8 --- /dev/null +++ b/SecureBoot/sb_set_siglists.ps1 @@ -0,0 +1,22 @@ +Set-ExecutionPolicy Bypass -Force
+Import-Module secureboot
+
+Set-SecureBootUEFI -Name PK -Time 2015-09-11 -Content $null
+Set-SecureBootUEFI -Name KEK -Time 2015-09-11 -Content $null
+Set-SecureBootUEFI -Name db -Time 2015-09-11 -Content $null
+Set-SecureBootUEFI -Name dbx -Time 2015-09-11 -Content $null
+
+Write-Host "Setting self-signed PK..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_platform_SigList.bin -SignedFilePath siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK
+
+Write-Host "Setting PK-signed KEK..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_key_exchange_SigList.bin -SignedFilePath siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK
+
+Write-Host "Setting KEK-signed DCS cert in db..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_sign_SigList.bin -SignedFilePath siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db
+
+Write-Host "Setting KEK-signed MS cert in db..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+
+Write-Host "Setting KEK-signed MS UEFI cert in db..."
+Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
|