I used the tutorial and the PowerShell scripts in UefiSecureBootManualTests.zip(EnableSecureBoot.ps1 and append_LostCA_db.ps1) found here to sign an .efi file and enable SecureBoot to see if the system boots(it all worked well).
Now I'm trying to take the winload file from system32, sign it using the same scripts, and then overwrite the keys and see if SecureBoot lets me boot only with the winload I signed. This time I am using the same scripts, except I modified Set-SecureBootUEFI command in the append_LostCA_db.ps1 deleting -AppendWrite parameter so it can overwrite.
But now I am receiving an error:
Set-SecureBootUEFI : Incorrect authentication data: 0xC0000022
At F:\SecureBoot\AllowNewCertificate\suprascriu_LostCA_db.ps1:13 char:5
+ Set-SecureBootUEFI -Name db -Time 2011-05-21T13:30:00z -ContentFilePath Lost ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (Microsoft.Secur...BootUefiCommand:SetSecureBootUefiCommand) [Set-Secu
reBootUEFI], UnauthorizedAccessException
+ FullyQualifiedErrorId : SetFWVarFailed,Microsoft.SecureBoot.Commands.SetSecureBootUefiCommand
How can I fix this?
I am using a HP desktop with Win8.1 x64
LATER EDIT: It would REALLY help if someone could give me an unsinged winload for 8.1 x64
One of the things that these signatures tell you is that the content has not been modified(that means it is still secure/valid/trustable). So that is the reason why I could not sign a file already signed(the loader used at boot and signed by Microsoft). That's why I was getting the UnauthorizedAccessException.
There is no workaround for this.