Thanks. I think you know this stuff better than I do! Do you have any experience with crypto functions - I would like to emulate the digital signing check of ASUS EFIs (as done in UEFICAPSULE.EXE) but I don't know exactly how to do it. A
Is it possible to integrate the idea of using the signing key to sign Aptio EFIs with modded modules (no SLIC)??
I don't think so. I don't think its an RSA private key. But I know very little about crypto so could be wrong A
andyp, I haven't any big experience with cryptography too, but I think we can only verify validity of the capsule, because we don't have ASUS/Asrock/etc. private keys. There are definitely RSA2048 and SHA256 there, look at his definitions. Code: typedef struct { WIN_CERTIFICATE Hdr; EFI_GUID CertType; // UINT8 CertData[1]; // EFI_CERT_BLOCK_RSA_2048_SHA256 CertData; } WIN_CERTIFICATE_UEFI_GUID_1; typedef struct { WIN_CERTIFICATE_UEFI_GUID_1 Hdr; // 24 EFI_CERT_BLOCK_RSA_2048_SHA256 CertData; // 16+256+256 } AMI_CERTIFICATE_RSA2048_SHA256; typedef struct { AMI_CERTIFICATE_RSA2048_SHA256 SignCert; // 24+16+256+256 EFI_CERT_BLOCK_RSA_2048_SHA256 RootCert; // 16+256+256 } FW_CERTIFICATE; I don't know exactly, if the capsule can be signed with out own key - I hope so, but for there is no need to do it, because "afuwin64 /gan" disables the header verification and flashes modified image as is.
Hi We can only verify. But it would be handy as often people mod ASUS EFIs and then get caught by the verification failed msg. I didn't know about the /gan flag though. I have found those structs. Was having a play last night but didn't get far. Thanks Andy
I have a P4m900-M4 rev6.2 biostar motherboard with supposedly phoenix Technologies,LTD bios and the tool reports not phoenix bios? am I missing something?