-
Notifications
You must be signed in to change notification settings - Fork 0
/
Check-Dbx-Simplified.ps1
64 lines (55 loc) · 2.44 KB
/
Check-Dbx-Simplified.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# From https://gist.github.com/out0xb2/f8e0bae94214889a89ac67fceb37f8c0#file-check-dbx-ps1
# Modified by github.com/cjee21
$patchfile = $args[0]
if ($patchfile -eq $null) {
$patchfile = ".\dbx-2023-May-9.bin"
Write-Host "Patchfile not specified, using latest $patchfile`n"
}
$patchfile = (gci -literalpath $patchfile).FullName
Import-Module -Force .\Get-UEFIDatabaseSignatures.ps1
$DbxRaw = Get-SecureBootUEFI dbx
$DbxFound = $DbxRaw | Get-UEFIDatabaseSignatures
$DbxBytesRequired = [IO.File]::ReadAllBytes($patchfile)
$DbxRequired = Get-UEFIDatabaseSignatures -BytesIn $DbxBytesRequired
# Flatten into an array of required EfiSignatureData data objects
$RequiredArray = foreach ($EfiSignatureList in $DbxRequired) {
Write-Verbose $EfiSignatureList
foreach ($RequiredSignatureData in $EfiSignatureList.SignatureList) {
Write-Verbose $RequiredSignatureData
$RequiredSignatureData.SignatureData
}
}
Write-Information "Required `n" $RequiredArray
# Flatten into an array of EfiSignatureData data objects (read from dbx)
$FoundArray = foreach ($EfiSignatureList in $DbxFound) {
Write-Verbose $EfiSignatureList
foreach ($FoundSignatureData in $EfiSignatureList.SignatureList) {
Write-Verbose $FoundSignatureData
$FoundSignatureData.SignatureData
}
}
Write-Information "Found `n" $FoundArray
$successes = 0
$failures = 0
$requiredCount = $RequiredArray.Count
foreach ($RequiredSig in $RequiredArray) {
if ($FoundArray -contains $RequiredSig) {
Write-Information "FOUND: $RequiredSig"
$successes++
} else {
Write-Information "!!! NOT FOUND`n$RequiredSig`n!!!`n"
$failures++
}
$i = $successes + $failures
Write-Progress -Activity 'Checking if all patches applied' -Status "Checking element $i of $requiredCount" -PercentComplete ($i/$requiredCount *100)
}
if ($failures -ne 0) {
Write-Host "FAIL: $failures failures, $successes successes detected" -ForegroundColor Red
# $DbxRaw.Bytes | sc -encoding Byte dbx_found.bin
} elseif ($successes -ne $RequiredArray.Count) {
Write-Error "!!! Unexpected: $successes != $requiredCount expected successes!"
} elseif ($successes -eq 0) {
Write-Error "!!! Unexpected failure: no successes detected, check command-line usage."
} else {
Write-Host "SUCCESS: $successes successes detected" -ForegroundColor Green
}