VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Boot/EFI
diff options
context:
space:
mode:
Diffstat (limited to 'src/Boot/EFI')
-rw-r--r--src/Boot/EFI/DcsBml.efibin8544 -> 0 bytes
-rw-r--r--src/Boot/EFI/DcsBml32.efibin6912 -> 0 bytes
-rw-r--r--src/Boot/EFI/DcsBoot.efibin12704 -> 25160 bytes
-rw-r--r--src/Boot/EFI/DcsBoot32.efibin10080 -> 0 bytes
-rw-r--r--src/Boot/EFI/DcsCfg.efibin523264 -> 976168 bytes
-rw-r--r--src/Boot/EFI/DcsCfg32.efibin492928 -> 0 bytes
-rw-r--r--src/Boot/EFI/DcsInfo.efibin0 -> 38216 bytes
-rw-r--r--src/Boot/EFI/DcsInt.efibin493440 -> 934744 bytes
-rw-r--r--src/Boot/EFI/DcsInt32.efibin479520 -> 0 bytes
-rw-r--r--src/Boot/EFI/DcsRe.efibin18656 -> 29576 bytes
-rw-r--r--src/Boot/EFI/DcsRe32.efibin14688 -> 0 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker.efibin2784 -> 10888 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker32.efibin2528 -> 0 bytes
-rw-r--r--src/Boot/EFI/Readme.txt25
-rw-r--r--src/Boot/EFI/certs/DCS_key_exchange.crtbin1093 -> 0 bytes
-rw-r--r--src/Boot/EFI/certs/DCS_platform.crtbin1341 -> 0 bytes
-rw-r--r--src/Boot/EFI/certs/DCS_sign.crtbin826 -> 0 bytes
-rw-r--r--src/Boot/EFI/certs/MicCorUEFCA2011_2011-06-27.crtbin1556 -> 0 bytes
-rw-r--r--src/Boot/EFI/certs/MicWinProPCA2011_2011-10-19.crtbin1499 -> 0 bytes
-rw-r--r--src/Boot/EFI/certs/Readme.txt3
-rw-r--r--src/Boot/EFI/sb_set_siglists.ps122
-rw-r--r--src/Boot/EFI/siglists/DCS_key_exchange_SigList.binbin1137 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.binbin1179 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin.p7bin1996 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_platform_SigList.binbin1385 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.binbin1425 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin.p7bin1996 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_sign_SigList.binbin870 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.binbin910 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin.p7bin1492 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList.binbin1600 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.binbin1640 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7bin1492 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList.binbin1543 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.binbin1583 -> 0 bytes
-rw-r--r--src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7bin1492 -> 0 bytes
36 files changed, 3 insertions, 47 deletions
diff --git a/src/Boot/EFI/DcsBml.efi b/src/Boot/EFI/DcsBml.efi
deleted file mode 100644
index 8775ce4c..00000000
--- a/src/Boot/EFI/DcsBml.efi
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/DcsBml32.efi b/src/Boot/EFI/DcsBml32.efi
deleted file mode 100644
index 8b3df11d..00000000
--- a/src/Boot/EFI/DcsBml32.efi
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/DcsBoot.efi b/src/Boot/EFI/DcsBoot.efi
index d6703d23..02884df9 100644
--- a/src/Boot/EFI/DcsBoot.efi
+++ b/src/Boot/EFI/DcsBoot.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi
deleted file mode 100644
index 93806f24..00000000
--- a/src/Boot/EFI/DcsBoot32.efi
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg.efi b/src/Boot/EFI/DcsCfg.efi
index 30490532..82dc446a 100644
--- a/src/Boot/EFI/DcsCfg.efi
+++ b/src/Boot/EFI/DcsCfg.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi
deleted file mode 100644
index 4fd3dcae..00000000
--- a/src/Boot/EFI/DcsCfg32.efi
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo.efi b/src/Boot/EFI/DcsInfo.efi
new file mode 100644
index 00000000..15810f4d
--- /dev/null
+++ b/src/Boot/EFI/DcsInfo.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt.efi b/src/Boot/EFI/DcsInt.efi
index 1f22ce10..3816327a 100644
--- a/src/Boot/EFI/DcsInt.efi
+++ b/src/Boot/EFI/DcsInt.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi
deleted file mode 100644
index f0a58235..00000000
--- a/src/Boot/EFI/DcsInt32.efi
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/DcsRe.efi b/src/Boot/EFI/DcsRe.efi
index 2208851d..599f7026 100644
--- a/src/Boot/EFI/DcsRe.efi
+++ b/src/Boot/EFI/DcsRe.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi
deleted file mode 100644
index 100a3d8b..00000000
--- a/src/Boot/EFI/DcsRe32.efi
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker.efi b/src/Boot/EFI/LegacySpeaker.efi
index 5f49a76a..034c760b 100644
--- a/src/Boot/EFI/LegacySpeaker.efi
+++ b/src/Boot/EFI/LegacySpeaker.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi
deleted file mode 100644
index e92ec411..00000000
--- a/src/Boot/EFI/LegacySpeaker32.efi
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/Readme.txt b/src/Boot/EFI/Readme.txt
index f396b324..ed732bc2 100644
--- a/src/Boot/EFI/Readme.txt
+++ b/src/Boot/EFI/Readme.txt
@@ -1,35 +1,16 @@
The source code for VeraCrypt EFI bootloader files is available at: https://github.com/veracrypt/VeraCrypt-DCS
-Use tag "VeraCrypt_1.18" to extract the sources that were used when building VeraCrypt 1.18.
-VeraCrypt-DCS uses EDK II as its UEFI development environement.
+VeraCrypt-DCS uses EDK II as its UEFI development environment.
VeraCrypt-DCS is licensed under LGPL: https://github.com/veracrypt/VeraCrypt-DCS/blob/master/LICENSE
Here the steps to build VeraCrypt-DCS (Visual Studio 2010 SP1 should be installed)
- * Clone EDK: git clone https://github.com/tianocore/tianocore.github.io.git edk2
+ * Clone EDK: git clone https://github.com/tianocore/edk2.git edk2
* Switch to UDK2015 branche: git checkout UDK2015
- * Clone VeraCrypt-DCS as DcsPkg inside edk2 folder: git clone https://github.com/veracrypt/VeraCrypt-DCS.git DcsPkg
+ * Clone VeraCrypt-DCS as DcsPkg inside edk2 folder: git clone https://github.com/veracrypt/VeraCrypt-DCS.git DcsPkg
* Switch to VeraCrypt_1.18 branche: git checkout VeraCrypt_1.18
* Setup EDK by typing edksetup.bat at the root of folder edk2
* change directoty to DcsPkg and then type setenv.bat.
* change directory to DcsPkg\Library\VeraCryptLib and then type mklinks_src.bat: you will be asked to provide the path to VeraCrypt src folder.
* change directory to DcsPkg and then type dcs_bld.bat X64Rel
* After the build is finished, EFI bootloader files will be present at edk2\Build\DcsPkg\RELEASE_VS2010x86\X64
-
-Secure Boot:
-In order to allow VeraCrypt EFI bootloader to run when EFI Secure Boot is enabled, VeraCrypt EFI bootloader files are signed
-using a custom key whose public part can be loader into Secure Boot to allow the verification of VeraCrypt EFI files.
-
-below are instruction to update Secure Boot configuration:
-1. Enter BIOS configuration
-2. Switch Secure boot to setup mode (or custom mode). It deletes PK (platform certificate) and allows to load DCS platform key.
-3. Boot Windows
-4. execute from admin command prompt
- powershell -File sb_set_siglists.ps1
-It sets in PK (platform key) - DCS_platform
-It sets in KEK (key exchange key) - DCS_key_exchange
-It sets in db - DCS_sign MicWinProPCA2011_2011-10-19 MicCorUEFCA2011_2011-06-27
-
-All DCS modules are protected by DCS_sign.
-All Windows modules are protected by MicWinProPCA2011_2011-10-19
-All SHIM(linux) modules are protected by MicCorUEFCA2011_2011-06-27 \ No newline at end of file
diff --git a/src/Boot/EFI/certs/DCS_key_exchange.crt b/src/Boot/EFI/certs/DCS_key_exchange.crt
deleted file mode 100644
index 80bc7ca4..00000000
--- a/src/Boot/EFI/certs/DCS_key_exchange.crt
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/certs/DCS_platform.crt b/src/Boot/EFI/certs/DCS_platform.crt
deleted file mode 100644
index a7cf8ce9..00000000
--- a/src/Boot/EFI/certs/DCS_platform.crt
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/certs/DCS_sign.crt b/src/Boot/EFI/certs/DCS_sign.crt
deleted file mode 100644
index f0538dbb..00000000
--- a/src/Boot/EFI/certs/DCS_sign.crt
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/certs/MicCorUEFCA2011_2011-06-27.crt b/src/Boot/EFI/certs/MicCorUEFCA2011_2011-06-27.crt
deleted file mode 100644
index 9aa6ac6c..00000000
--- a/src/Boot/EFI/certs/MicCorUEFCA2011_2011-06-27.crt
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/certs/MicWinProPCA2011_2011-10-19.crt b/src/Boot/EFI/certs/MicWinProPCA2011_2011-10-19.crt
deleted file mode 100644
index a6d001c2..00000000
--- a/src/Boot/EFI/certs/MicWinProPCA2011_2011-10-19.crt
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/certs/Readme.txt b/src/Boot/EFI/certs/Readme.txt
deleted file mode 100644
index 6663a5d1..00000000
--- a/src/Boot/EFI/certs/Readme.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Apart from DCS certificates, there are two public DB entries - one for Windows and one for the UEFI Certificate Authority (CA).
-Windows DB: http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt
-UEFI DB: http://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt
diff --git a/src/Boot/EFI/sb_set_siglists.ps1 b/src/Boot/EFI/sb_set_siglists.ps1
deleted file mode 100644
index 5f664f21..00000000
--- a/src/Boot/EFI/sb_set_siglists.ps1
+++ /dev/null
@@ -1,22 +0,0 @@
-Set-ExecutionPolicy Bypass -Force
-Import-Module secureboot
-
-Set-SecureBootUEFI -Name PK -Time 2015-09-11 -Content $null
-Set-SecureBootUEFI -Name KEK -Time 2015-09-11 -Content $null
-Set-SecureBootUEFI -Name db -Time 2015-09-11 -Content $null
-Set-SecureBootUEFI -Name dbx -Time 2015-09-11 -Content $null
-
-Write-Host "Setting self-signed PK..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_platform_SigList.bin -SignedFilePath siglists\DCS_platform_SigList_Serialization.bin.p7 -Name PK
-
-Write-Host "Setting PK-signed KEK..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_key_exchange_SigList.bin -SignedFilePath siglists\DCS_key_exchange_SigList_Serialization.bin.p7 -Name KEK
-
-Write-Host "Setting KEK-signed DCS cert in db..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\DCS_sign_SigList.bin -SignedFilePath siglists\DCS_sign_SigList_Serialization.bin.p7 -Name db
-
-Write-Host "Setting KEK-signed MS cert in db..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicWinProPCA2011_2011-10-19_SigList.bin -SignedFilePath siglists\MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
-
-Write-Host "Setting KEK-signed MS UEFI cert in db..."
-Set-SecureBootUEFI -Time 2016-08-08T00:00:00Z -ContentFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList.bin -SignedFilePath siglists\MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
diff --git a/src/Boot/EFI/siglists/DCS_key_exchange_SigList.bin b/src/Boot/EFI/siglists/DCS_key_exchange_SigList.bin
deleted file mode 100644
index 62f5cc6f..00000000
--- a/src/Boot/EFI/siglists/DCS_key_exchange_SigList.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin b/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin
deleted file mode 100644
index 1cffcf0c..00000000
--- a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin.p7
deleted file mode 100644
index 1e9d29ae..00000000
--- a/src/Boot/EFI/siglists/DCS_key_exchange_SigList_Serialization.bin.p7
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_platform_SigList.bin b/src/Boot/EFI/siglists/DCS_platform_SigList.bin
deleted file mode 100644
index 0b6d7e12..00000000
--- a/src/Boot/EFI/siglists/DCS_platform_SigList.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin b/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin
deleted file mode 100644
index e8fbf79a..00000000
--- a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin.p7
deleted file mode 100644
index 19cb86db..00000000
--- a/src/Boot/EFI/siglists/DCS_platform_SigList_Serialization.bin.p7
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_sign_SigList.bin b/src/Boot/EFI/siglists/DCS_sign_SigList.bin
deleted file mode 100644
index 9a3f568b..00000000
--- a/src/Boot/EFI/siglists/DCS_sign_SigList.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin b/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin
deleted file mode 100644
index de58d77d..00000000
--- a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin.p7
deleted file mode 100644
index 01753a8b..00000000
--- a/src/Boot/EFI/siglists/DCS_sign_SigList_Serialization.bin.p7
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin b/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin
deleted file mode 100644
index 413ccab9..00000000
--- a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin b/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin
deleted file mode 100644
index 735d9626..00000000
--- a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7
deleted file mode 100644
index ed8cefda..00000000
--- a/src/Boot/EFI/siglists/MicCorUEFCA2011_2011-06-27_SigList_Serialization.bin.p7
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList.bin b/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList.bin
deleted file mode 100644
index ac542ca0..00000000
--- a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin b/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin
deleted file mode 100644
index 9138dae9..00000000
--- a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin
+++ /dev/null
Binary files differ
diff --git a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7 b/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7
deleted file mode 100644
index b08c60a3..00000000
--- a/src/Boot/EFI/siglists/MicWinProPCA2011_2011-10-19_SigList_Serialization.bin.p7
+++ /dev/null
Binary files differ