You are here: [UEFI Full Disk Encryption Guide]
Click [HERE] to return to the Homepage

Note: You will need an USB stick for this method.

Part1. Getting the Certificates.
First thing you'll need is VeraCrypt, wich is available here:
Secondly, you'll need the certificates:

Note: the link is version specific, so if you are using a higher version you'll need the edit the link according to the veracrypt version. (In my test i've used v.1.21)

On the github page press the "Clone or Download" button and select "Download ZIP"
It will download a ZIP file to your device, now go to the folder where you have saved it.
Extract the ZIP file and browse to ( ../src/Boot/EFI ) and copy the certs folder to your USB.

Part 2.
Install VeraCrypt and follow the instructions as normally.
Note: AES(Twofish(Serpent)) is the strongest encryption method up to date (26/11/2017)

Note: its important that your system doesn't shutdown, restart may happen.
If it shuts down after the pre-test, just press it on.

After the pre-test the actual encryption procedure will start.
When the encryption has finished, in windows 10 settings go to:
Update & Security > Recovery > Advanced startup > Restart now

When restarted in the options menu, choose the following options:
Troubleshoot > Advanced options > UEFI Firmware Settings
Press the "Restart" button, this will boot you into the UEFI Setting's.

Now go to the "Security" tab and go to "Secure Boot Menu" and select the option "secure boot" to enable it (if not enabled by default)
And set the"Secure Boot Mode" option to "Custom"

Go to "Key Management" and select "Delete all Secure Boot Variables" (Important!)
Okay, so now we are going to import the certificates (Finally)

The First certificate we're going to import is for (from the usb, part 1) the "Platform Key(PK)" select that option and select "Set New Key"

If it asks to load factory default keys, select "No" for all certificates.
It will ask where the look for the certs (storage), select your USB device,
You'll just have to find out wich device it is...
On your USB device, select the Certs folder (from part 1) and select the "DCS_platform" cert.
Now it will give you 2 options, select the "Public Key Certificate" option and hit enter.

To install the next certificate, select "Key Exchange Keys"
Just like the previous steps, set new key, browse to the certs folder on your USB and select the "DCS_key_exchange" certificate, and again, select "Public Key Certificate"

The next 3 certificates are really simple, select "Authorized Signatures"
For the first one select "Set New Key" and in the Certs folder select the "DCS_Sign" certificate, and select "Public Key Certificate"

For the next 2 certificates:
"MicCorUEFCA2011_2011-06-27" and "MicWinProPCA2011_2011-10-19"

Select "Authorized Signatures" and select "Append Key" select your
usb device and select the above certificates.
You have to append them seperately since you can't select 2 files at once. And finally select "Public Key Certificate"

The last thing you'll have to do is to select "Save changes & Exit"
when you leave the UEFI setting and boot back into the OS.

This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More