From 10ddedbbac7acb326fb9447c6a1c5f1706017e4b Mon Sep 17 00:00:00 2001 From: kavsrf Date: Sun, 26 Feb 2017 11:42:59 +0300 Subject: PasswordTimeout and infodelay keys in DcsProp DcsProp documented included in VeraCrypt Beta2 patch 1 --- SecureBoot/readme.txt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'SecureBoot') diff --git a/SecureBoot/readme.txt b/SecureBoot/readme.txt index 6e2dc43..ce2d3d3 100644 --- a/SecureBoot/readme.txt +++ b/SecureBoot/readme.txt @@ -1,13 +1,17 @@ -To update secure boot configuration +Secure Boot: +In order to allow VeraCrypt EFI bootloader to run when EFI Secure Boot is enabled, VeraCrypt EFI bootloader files are signed by custom key(DCS_sign) +whose public part can be loaded into Secure Boot to allow verification of VeraCrypt EFI files. + +to update Secure Boot configuration steps: 1. Enter BIOS configuration 2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key. 3. Boot Windows 4. execute from admin command prompt - powershell -File sb_set_siglists.ps1 + powershell -ExecutionPolicy Bypass -File sb_set_siglists.ps1 It sets in PK (platform key) - DCS_platform It sets in KEK (key exchange key) - DCS_key_exchange It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27 All DCS modules are protected by DCS_sign. All Windows modules are protected by MicWinProPCA2011_2011-10-19 -All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27 \ No newline at end of file +All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27 \ No newline at end of file -- cgit v1.2.3