From 498ef431e82ee853613967b3ae5d0f8ecabde300 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Sun, 7 Jun 2026 18:06:34 +0200
Subject: [PATCH 01/11] Check against latest DBX revocations only

- Check against latest DBX revocations (Staged or GitHub)
- Refresh view by looping
- Clarify SVN origin
- Simplify arch check (faster runtime)
- Remove hardcoded bin file names, new expected pattern: "DBXUpdate_{YYYY-MM-DD}_{Version}_{Arch}.bin"

DBXUpdate_2025-02-25_v1.4.0_arm.bin
DBXUpdate_2025-02-25_v1.4.0_arm64.bin
DBXUpdate_2025-10-14_v1.6.0_amd64.bin
DBXUpdate_2025-10-14_v1.6.0_x86.bin
---
 ...in => DBXUpdate_2025-02-25_v1.4.0_arm.bin} | Bin
 ... => DBXUpdate_2025-02-25_v1.4.0_arm64.bin} | Bin
 ... => DBXUpdate_2025-10-14_v1.6.0_amd64.bin} | Bin
 ...in => DBXUpdate_2025-10-14_v1.6.0_x86.bin} | Bin
 dbx_bin/x64_DBXUpdate_2023-03-14.bin          | Bin 13922 -> 0 bytes
 dbx_bin/x64_DBXUpdate_2023-05-09.bin          | Bin 21170 -> 0 bytes
 dbx_bin/x64_DBXUpdate_2025-01-14.bin          | Bin 15125 -> 0 bytes
 dbx_bin/x64_DBXUpdate_2025-06-11.bin          | Bin 24005 -> 0 bytes
 ps/Check UEFI PK, KEK, DB and DBX.ps1         | 107 +++++++++---------
 9 files changed, 51 insertions(+), 56 deletions(-)
 rename dbx_bin/{arm_DBXUpdate_2025-02-25.bin => DBXUpdate_2025-02-25_v1.4.0_arm.bin} (100%)
 rename dbx_bin/{arm64_DBXUpdate_2025-02-25.bin => DBXUpdate_2025-02-25_v1.4.0_arm64.bin} (100%)
 rename dbx_bin/{x64_DBXUpdate_2025-10-14.bin => DBXUpdate_2025-10-14_v1.6.0_amd64.bin} (100%)
 rename dbx_bin/{x86_DBXUpdate_2025-10-14.bin => DBXUpdate_2025-10-14_v1.6.0_x86.bin} (100%)
 delete mode 100644 dbx_bin/x64_DBXUpdate_2023-03-14.bin
 delete mode 100644 dbx_bin/x64_DBXUpdate_2023-05-09.bin
 delete mode 100644 dbx_bin/x64_DBXUpdate_2025-01-14.bin
 delete mode 100644 dbx_bin/x64_DBXUpdate_2025-06-11.bin

diff --git a/dbx_bin/arm_DBXUpdate_2025-02-25.bin b/dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm.bin
similarity index 100%
rename from dbx_bin/arm_DBXUpdate_2025-02-25.bin
rename to dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm.bin
diff --git a/dbx_bin/arm64_DBXUpdate_2025-02-25.bin b/dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm64.bin
similarity index 100%
rename from dbx_bin/arm64_DBXUpdate_2025-02-25.bin
rename to dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm64.bin
diff --git a/dbx_bin/x64_DBXUpdate_2025-10-14.bin b/dbx_bin/DBXUpdate_2025-10-14_v1.6.0_amd64.bin
similarity index 100%
rename from dbx_bin/x64_DBXUpdate_2025-10-14.bin
rename to dbx_bin/DBXUpdate_2025-10-14_v1.6.0_amd64.bin
diff --git a/dbx_bin/x86_DBXUpdate_2025-10-14.bin b/dbx_bin/DBXUpdate_2025-10-14_v1.6.0_x86.bin
similarity index 100%
rename from dbx_bin/x86_DBXUpdate_2025-10-14.bin
rename to dbx_bin/DBXUpdate_2025-10-14_v1.6.0_x86.bin
diff --git a/dbx_bin/x64_DBXUpdate_2023-03-14.bin b/dbx_bin/x64_DBXUpdate_2023-03-14.bin
deleted file mode 100644
index e211fbcf72be9eba7fa23d2c60e41d91200f97ea..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 13922
zcmd6sbyQr@mgXtk-GXayC|pBumteu&wb0=15E5KNaQEOA++BhsB)D79B<PUW{kq@W
z>Yn~%)~q!w7R9;ucfY&q);{0aXV+IGI7B=g0+@gPT%$kz2YZH@JzJx&YI7nVQ^w=Z
z|Jt$y9D@E876jtN0%IVem_*2dEaBi`K?pElG(;5U2)T$~7$782ZV2izI0XJ490IqU
z3kM5=g~j83l4Jau+1Qv|!Ik-sn=t-W`1eadXio~kL7Zq{6ht^Jctku{Ee%dQFwWlr
zG9Ie7shf?hleIg<i4z-)`S&0a9+JAHg(Jktf|CMF_V)-X9)Ys0xhupCV&zUH32}9X
zxSG1#K3%~KX8d~|4v+f3JWr)4tw<#)PQ?Z0<OEX?VQ_JQdBMD#f?T{{e!Zt5_tTK)
z--qDfi2o-cg2C+n79zuchNx}pWC8JXqtcR=k*89$^rn*bGPf~xvbOv?0Ed8R{`K)a
zeE@JFAS{@t<EXG9AP~%q&-qQhKXS3c&^%un`ooT`SmB|G=%wo$hu<agDn%J0uL(&j
z=akgGjCqTIWcV>79IdG0uThUKFKS6sH;$3`O}=O;!}NljnmB*CFwawQsrUuOy__7D
zj+R;T2nFLes97MzJT^TD(&w7he`BpH*P@AxjG~mgU3-}sbp3;P>*3lqw;GdDvHVoR
z0F8oM*S2*0B%?aKxx+BeOoyIoNj+$sunjZO+KblELh2o<Z}^@{&w(&T{#7c<^S1l&
ztn!0o9o}6Rk>Ef0&tHS&VMftO&r!u_-C1e+z8%9$p=4V}S)8hF?db@hrbv{i<iHek
zlyi@qs2FfXF8!(3fQ19WfC@rDR!>jF42=Kubjj)AG5#hg3nB;}6vD3x0+ateiV05$
zkKe56^EkNq;gfO!lg#E1$P(9x$2M5{?`a%(QLsp%5Ln=!X@>USr5WKr?gEd1_mn|`
zf_$7TJp5oVH!qm-uM90bF_<t2-|S9uB3HC<%o=xAe_5;2cf2Xa7_9LZpoCWfD}d#4
zWpbq=By8N>orO3!JUu<x9silq?B)<h4rhB?h_f4qxvK-mQ=&X2`BUynivP`A<G+8{
zz<g|6JnT=W!6t~vPj3_f0SN?x*95DBU;T3ohK-Q=AN4I=-QE7rcW?)z{|y@t1bT#r
z1;hMnE<R1=r(6WVSR7(7ksfk-7hoyMyn1QY^4hU#e^mz=S=Pk=*#he4OGd3Ol9G?#
zv0Ya;ZK{%v%H}F;zTIx)<1YqAIK?7Q_Zvx>hjI?YD8argofH?NetU0htRoivk=w|k
z`)qw8Cyb3`aCl|@-qtMFw6qJt<0PhP_)D+TZ&X+jw+%5cE6!Vbii*d%T4FrViD|Xm
zCC(_!9^w6Pnj%Ej`)#uKvoMz$IvuL_)^4|ij}v!XdQ=HlbVH$|SP$2qF{kF2cC~&=
zSbq#nw~?_QWg_nq<4N$KBx*LDP|mIK{o|TsqF%>D)lyp(T)e2E=*K&nJu<{4x~m#j
z?_vCL=+et)7z+;^g0S~wfYbkGfT*UZGg1HWJvhL_0tYAjKQR?yu;9~2^yGV7|7j}!
z;)_(8Hny%7RIf~3-My)lO<nCR-JKmw%`K_aArSY!M)+ihd|W(SPv*xZ_}2*e{%y$n
zcliH<SN~5I*uU2p(^aMYy!LtD!S1cLj})vS62@1BZFlCKTC5|-!=u2~O+9liKO7=e
z%uTcs0fMA=gI8-|b(vYLyI0K#3n=Rw-SDNAV6s)Y3&dBM7A0zd!{Ms$sUjvHIM#C>
zL%NUmCnhg7?97DFBwIJ=?;jBU%=hD0;B3%F$2m6_k}DroZ-2NU>|N{`o8Rl_*v>ei
zi-kLiJC8l+Q@EAH!9@#bludM4*@2HfyyAvG#0D|DZ2t+x6M3XZ;jnol^Vp{Pd8NvQ
zS*QFKbJqLCR+gpkI1_WuovUvCVRho^H7{P!AnehW@p$%|iBt2$o*HklFz?8~P4&{f
zY+oeX_XPj6K-DJ;R0L!Hhw~AD;GdRcn18Xq|I(J8{l^9Pu<+;<s4yBZ9x!Gwk}%>=
zF8Va}vEcv8M1ZmW!v_$+a8GvdzZssimAd45fDTUAg33o)Eo5OK8oN@k!QU$=;kCdT
zV6|M;T;&MGe>bEj<AOH4f4H5qE5yRX{69?TDRrOn_9<zfa`mtCf!UsZ!My)>&c|W?
zFShsJ-@zR)ec?i$9_D;l)D?a*G3+R_$Srds8Tw-G%-Np0Rq087qlZsCOgUTO8@&VX
z=2m_?HD7Ft>vfBBSnJQfN=dys+a{xQEYKIUho2P~BP@IyoVJ~mQ{-wsG@J!rbzil#
zc_9_BJY;?2c^!5XGFmN8@BG1j{~;c0F_m(AH<|JiGkTojBO?>G@2^F_qM0|X2*cjT
zSn-J;dLLFH0S;Kc^F7kvdDKz`v9^s~FA*c8ULqAs)aQEMBR@NLc|D#JL0cF(R(!7$
zFmG#3kPr}j9*DP%5gQ{C8Fsii*(teQ#TJ(I&W=UTPwGa!Jb0LmtbI*=6$a;b=8GPa
z+I8;6f~XnGXQ(8*m41aiA(1KqbsQK2_>qwNIQ9;~rrn*swXF$;u+wCTQ>NH>8FArY
zQtPEZlDd{-7#;U8iK>?#!X;&Ncdx|7yw})NQSBJsIH@0}+WOXD{fb1GmhP?6zz?Rp
z1;dx~^O=5CuqEYLvN>LWopMM<pPO=^@vf@-*#Va?V^Y?S)Jq+5c7ML-&1KTHR9QrW
zuQ=MXq<HB6Qk(bFj;cpPtqB~BMs<QW`9hXBB|(Iy^QRveyjXs<Jg#kNCc;0x5A#2f
z8RiqVL=NneUN@%ELj-a*6K-O>)B9{On+wRO5Ym2+;#b2g_Fr`4V|&>1<dQaKm|Pgt
z4rr_J&2oixedG)Q^*>Fs?x)Ha9Gw3Dfjj=U1^2&}?Eg}KKNXPhAt0C#T$9E>V_uI+
zJe7K}nC}D;4cWe!E@BB!TfQ8whE2K@q+hBTTIr^q49yGHNqs4>c5M~XZ{+4{W*c4}
zRx(@OBZ+I`<$9pM5ZEcUJ|3ELNTI(ywz=|)E->(VGL~*$A`xdS%qLRzx6coX_siW!
zsn2g1vntB>Hcqz^XRf`sOF^r?FGKx(eo+#THhm)wil`~2eZfwN6uApdM2Qkt%^rL6
z-N;c24px}U6aw4->)WyjxrO$8&E~=CHG?%Rvtgt4p}wS|_DUj=OwS&Jh3x(9=ZP%^
z78Vx8xs7{b#{7?c(&4CHfkc^Aa6{StGSib^3|1L;uS7y#eF!^|9Dh#O-=p*@QLM5|
z{10D}B%=Y-KbCA5@Y73Y=8dN=9G7yZ3FGDNdoRVHhGkpME)3ZFgkp+kGpgi;>N}2~
z#NL*gD2r1jTIQev`74glf}0Pw3yD~+jC9|&;G}tG^}~_q?1fYOE1gIueSrMH@={*J
z#xNU7O*u0pklig3L)79Is|xa|wYOau7FH*aCpijhQFO2@!lf$v>=K-+4yML1TbL7(
z%lKf=q{o7a2;}?9GG#CdEpoN{bR0t`uP&>Ro3RDGkE6NV*?t~tpj!cXo!exR)0BK&
z$@*JkdhFcQms?6YBSxq#@R3X&HWg_uKwcxEFaH*Y8n(EcVuilib3Mlpf--?}^66Cu
zP1l5O;sKCfcuo*NZs!u)Lst=(@7HdL#F{JQYftarIo4@%ZFDgM<fqM#7_S4`G|nv8
zy8Iux2Md_LN935`JrJ_9a-EHBI|6y8!9(>15uv<T)}>>oQWL*Zk(>3l2OLWegYzBy
zFa;?fAAh@xX}iEJ7AH!CZo~EM(=5sw13klP(+m086xZTQB_NLtsXUlEx>o@UyI%(7
z2BmLI2eBkU-VM1=QeO~8*n9x;L@GjP`jUgiNbPfCst7z3FQx>|tS6IyH)68WmVHe`
z2l6Z#Q_m&X6Ce1DyA=B{7?2%4t}FUL9;I$M?BhYU8G=Bb-8sQJqWG7a8f6JFWd#<w
zbEEbk7ke4)r_#Ar7PT6GApdeQD`!>oXSSw#?H{A9;NIq+j_yKk-Y#12obl`?McshB
z>^QP1!v<nz#F~)(DeFA;?*TnW`)_>IHhrY5o6LHvK;Gp%9x_WKAD~$vV^%?zb~lVo
z<%xBLXS2V#+%<M@?g8XOz6nn@Tq8?PW~cSdL{4Psich@Q!^YHsuzY>ZuWf7%<YN}(
zbk9;6ui|RTlhN!<tt%INqMY8#Bv}x-QV-}#w*vXNclps%yQpMH6>gSej3;Wxb0X)j
z9QUGbs}?Z3g5=16eDz^9ry2vU+i^-cyETsBF=tu0HCTw7CjB=*O4%2^JRskX(pf3%
zQML3fv7Dx{nfUf?a-Iw;<$fVyt6>axRPP;-A0+B2tvg{3CSz<YB~=Pt9EsIOXJ8~Z
zg+)5tN$gDx1o9(T+*U*_yMIE{H1S5#&d}Trp9e1Gp|@^!b`4rre2WG07TWsDxL%p;
z_*Jj3c_`Iu?0=*Gk%IBk_1OQZ!e+534dkVVhO0eLr`qN2_|^R_aKBq9S1%=qOvKQQ
zD2Llxuf7BF!ArMFAK86E=q>FPL)@Cj3Ts8r_YbMoa+wI}j`G?ffP5?SdHM=6e3sXc
zd*Xr?sSEldb5+5j@3sue7MItllQNKB&#n&bW`{81>C7L_kbBZLTpeKYdLw<2dT})H
zM}#69$P0e!Wqfz3Xq>{$+U&WB1GgvktvJYBp%n3Iqz(p=7#7HLT_vOEXD{LA_ek&D
zMO#=gK92kONQ`dda{I?I^`k-gE%v<eSV3y_1%c?^^-;A>&7Q0sBP!MNJC|!}|0(%4
z4xqkbgiX=BWyklYaxm`hQ376dY`S`q>&_XcR5Zb4F9!w4M_<fbZ-w{qOdw>Vq-;*y
zcO$seg{5nT`ADs3$!)CM0{M|6UU<ZFC#}rK1~`n3!ylTw2ui$V=_dN`r{L4r;<SK#
z{Wc;GR+qhYL>hMzQVv~{eW4}NrcnZUEgv)U#J;mUkk27DKh`GdOKxC4L$yMxlPcEF
zqioX7{-gNr)6f11lO7=dUAN{nvJ~RxTl3qsa4c}{1g@tHGj*aaR;_-o?hY=LpM0zN
zh~W4_U!W;m1FX;y6%x<^^BcW&XgzJBLx*O9(*dY&dC{Fq8U{OO*6PZh{>#WHgTjH>
zDM{6rh24JV$1uzhkk_Ysm+-<R{Kbo+>hE!xiUU3gF3+_Eh;EI?*dp@JhN1HFxwj?O
zrug|3MQNxE8t?1!8qX38`?&tF5imKayTh+Wpnf~~jH3n&vN?p77Otce^5QWyCoGDf
zTU!ygcQNu|<Ry?tU!#V(_6zuJta8lv9=6LlQ2<qhb~NEW@R=k=axMBZAfE!CgDK8G
z6kj|0#wBGN;uhqOE41?adbf*BIfEQ*91Y}Qcc|?~Pc1-Vlto%cpO?kziq2nW9w(-l
z@>lD~v7a>qd8da5G<}e4tZ%Xs_FQRY{&*o(RMZASP7LCh4&7o~Es)QKsaBfz5g!U&
zk-L!Se$(3n;laC{U41nZJSyB+6%I8Ym*#iAUvIIw7Z>pznBC(NZ84$Y8+<h2ODQ0g
zIBmQt1nQrA)~IH!B*g6H6d3f>tMH^N!B?kQa<Pik%4;k0y@Fa#F?y9e4oOa5x1I^L
z{xI1%%IjBy;n|39uXngc)y$%WTCYQOg3pVz*_?G7hs|FRYcVG7OPfJ(j7LV1Dt~qE
zX+y=+wtBVo^PvRCnXL4dW~*O-dXs`0{fdoT)&2XcvuVK&VEp~+6=5cBt9q04<HgGM
zJ}AqG;209iLv^vu{=?C-aj5nEEJAd+`SN9Q75*(+tb(n)&s)o*4rZ;jb_q;RmbWVj
zKz-klF-`MHED&WQvQbN$=S<~nX#YzEZ4;3mymQvW0dF9`2P0_s853SRcn?O+tD)^G
zU;C#MK>~HLpRTdp20h|EkSA+c89g7yohoTadWYxoz>=DPwS`0tS=MB<W^)K|BLwoI
zlMG|^M^Xag+qA6={XdOY40MI~t-hrz8A<xQyw0-+@-`<jTtlD9tcFFSzb74>;3gAf
zc1bt%4zc+U$!F&0N&@)}MNT~}LKnFgvGH#8Z0n@T>xb+W)Fk(8A2@TajF6{+{BAFr
zP($!hlosfyh>1UVNl}laS2gOny}I-6QA0Vs0FYl97g_Jd+^VgEkDPPOy^+1@g=iP(
ze)eSuqQF<FZ0iT|u-cC<Sj>c5(e>_0-EZJaCdy2imP+q!W}9lv1>rdjfxJ+{&p+FY
zf%zFq{z+)8Bu48>d+Wnsg{_pTfw%qAB2f7tuL0wY>5z4<hEY+JUH>H@n<ad4(E^_5
z$fK<woXmY2s2^PVX~cu%kg}rW+Yh6CTk`IM6K2l7Sp0-ieCyZ6&CWpnoyO@3!Eg1+
z?c#kV&JKwkLXkPFYx(h#Jy-R<Lfup}AfLg;n^{uyD|*(ZRSBn6PS2ifN7AhJxIv0+
zoY+s$!WYQr6n=qyIWIc;C;`(J5GScYpUo0r<l2bh^ccjj;D`<N`Odj^PhZ}TT(N(o
zq`iB6;wr8{bn$9>vbfidx44hm2M?%kpo8$tE_|OqTH2Xt{?DNeW2>L|SXS}e3gtMC
zvAPe`dIxu{z?2*l_4)A|oDmvI2|xN2`tqdx)H@4wY9!A06_G%Fgrxui7amPhh(6|G
zSY~673v-JqEKjo65wpM_=Wcu`zePOMubOpIt+xDANUQVX)Q@<ZwcEHoaLD@2PBv*e
zGd@rsxt%6@f1gyD>hUFknVMZ~Kw1{7!|6ta^WbXFvz)jhAdkZMQ!Mru{SLYHl8Zp;
zNr!qW8>8%*6K^D;Fd?RRQxz2dC#DQ5{MlO!x8GSM0g*=#T?cu*SGVtD+k%QY+7lFk
zJgUb58oBd9;oOBgonxcwP=jcot{pEoN^76J>avHc5s*h$Ta1VFC*jDyF)WP;k+5fd
z_-I#n?y7On0E2_iwOIn>u?q4tr`5oV5Bit0x|Ze>$K;V>spaFu*tSW`?DA@vKpx){
z+`xhJApde7wuzo1ZGr{DGiP^|1U@5&E#yeXK!W1mufKQE%b8j)l$ykP3=EI>*g(UL
z(XGg-gvDg&Sn?6blg1|yl+L?t<1v<c(RP}V?P#r5Yu>QjxZZa&Mc^#70D1CQou2!a
zud&?YCltnMLce&HF)xTVUmDhFi?HNIl|s#5N}_~_(^aGMAD|HFHq7c^o`?ug8wT&=
zi*(B#4Zq_gpgse7*r)7>GjrTpyYj8Wmet=s{E;z2^rHkHiL4k@9%X?%(|Dn#N&$F*
zAYmxX)&T#5Jv<CerLTVU*dim$46+#1{+fj*{UF~yyT4E?W}n@+cI&snh2n3y`)j`L
z9?H-C>1jZHwyAe<!OpZZd+X99FKiZ$z{{VPl{#7ipMCEc2N7110C`Rl<^laz-C5xJ
z@ub$|yk`WWCzYC~(H#A<?VYLEBvAV!t}3q7kgR^ksY;{oW7%D-6vqZQzlCYAr#?8D
z45iOQ<qr==0gDbd**likq%~mlvekuFvRMYqwT%LKow`B#kKw?0_}J&jsp{6?5*cwh
z%OI$zQ$Ju$qcwI?Mo!sl+xk3SLGeDE+o4gMRjf!dvQc&ptLH>Jb!`b~kKrpmk=0p7
z=|G;}a?!S1|4*!hFE38KFg5>PVHPAj8}&^0*e=4$u9yeN3pm;utg=bJStA`CzuNlf
z^;NAVL#w;x<_#jhFpPI{J&+etb^lyb&5{&a6+$q}T|D&yA+UaE18*<w^QnZ^%?VU}
zCA8}xJ?gwqj834NPAOr=HmlZ=ce~RH8es1sbgSis@*m;7-9w%@-k!ww&xUNntfMjr
z#b>UkP}G$2U~Q9B-E@KRhzdUc*^;OCB~RSC-NGkK<b@>lreTNF%HA-)cpw`iRDCFh
zI_Rj|T$^0Bi3Td}1PMKogSD|jcXc@=$Uhrjw!H`Hi-(6$I#%eH^7wk?vlwThdN_|7
zB$X)3#(2L7ZR<}*fZ}IP>O8x-REWM?YF~tHbNxWSA^~Me*@I5&)jH_2J%PM*q`mTz
z>Ab#BauAX`tdC)Xp4_JrCUF$xCUK6K$bG2wTE@DI9(}PV*FMaB5O1Px)gmTP#|_e@
zJ#7f_Fs!h?1nSE^lA70vHQm7<d*k78?x=m$XXhZoGOWHNc+q=1z*Pt2wRaMPZpPJV
zI^RsxaQ;4yiq^EC*Kj{Y@d;VH%A89{1@b!aH#9EPLyqysAI*mYge<vFa<6~p<-ert
zm&VH)?11XG7*b@8wJZ3;D%z;8!s<G2OfEpKX-+^NrjG-c#K)_k_P?f+{RN&~y0G03
z)tk;dU1?uBoDc~%gveIgb~dkWMWE_Kb4q0G24ZPG*7(76G)3(GCdQ2ypXr+R9dKhd
zS8Bgh0^_&*v^!3`4A;lGile^jHi|LAHJd|};T}8y0Y`rN&I#pjR^@oP$Gy)4ls`xq
z3Nq{*D;Pc#8`zytu8g|!1i_u30rhR%X0OSZI@R|zPabtW%R{XtGtz=d%pR#(lY_Yj
z<DmS_vHf6H^lb$C?}kA4+q)tv<;{)QC_KD&a*FX4S=l5NpuXe5443w5-}qo*y)$83
zf`{?`+7YGrD{wNqUWe>YzbGK@oF|QXUL~kyTZQ^ix7<U|rLvEDB-pDH1>%{HW>c#G
z@~*v*5WmC3^tAL;(!px?ID86(xx=X@!+7yeRwGoOLx8*&kp(t&RB1z<+kENOQSuU_
zh0AM{zzkj=9SSo=eh;XAf>&s0;ShIw<ZPFk^@}0V#8rX{f3+2t*9_I3HjZ($Q2Q6J
zhU3wS;bjz2stuwb*6N0zA888&l@!LEBKIydQaG`I@dV0`*Q0O=lljz<C5>pc3`zaW
zZ#Lkhls6)dH*tOi!vN$%D%<3~&^k>0vdp~0*Hu1=XIVgIKPx~*%X$^TIK=}szoM1B
z1o_@`rH?1*?YXmGfEV+vGA?yx-=4Fw*nbKKLG`QO!pScpYm;o3Q}^JR%h7TnaiuNU
zoX6`VSTdasP@O{6!*NLq=(f*vE%D!MugEB_Gl$=(2Q^*M&FA&qjZDi;LDg6B=2y1^
z+dfS{9Fn8(O{msg>)w2+(4HU8!7{-ldSKfCzTX5(yTVg>VF9|_=I2~;TN?}7MZ<D&
zQRq$jAU71QTMZ~ajSN4n>z)2!m|$gpocUqPO~w5i<*_{u;WE$B;VC;HpX}`Q$Imo1
z^{vqUhfG5qtAL0o*6ZPsFVWV8sqH?OB0xTM>s9irxuCCoW{>Zfw4!liD9N^U!e=p}
zdwuiErct2sCoQz`L@IHAFJVyY>@tWqCA&&m1k+6D=Y#Kgcac~4CQv`Ehy+DS$_(S;
z?b4tcYh`?<$GxP_`qnHHQ_vez+F+=BNGly^!&#s_Z8x+-_^LwCCd<}8I3e$PM*?TK
zNzKEt1=P=Aq}n-pEB>`waj8P?D#T`Ave<dfplG9WLex(wIoB16*UT%+*4nF!t{@#1
zS4_ChC3;5bAXaJ*5xuba9s$D%<g;p2-z?f+EtIBpbs9@#<tf9j#me=a#Jx#E4SD}4
z0JR_gK%X-PCN~}u4EW-aVZL^1&$mUTeeVYEWIr8?pW{IW)X$z>Y349;CuBI^UlXbe
zhbs^hxh{h*^e+5{upB`1stm|~oO_AYL5$YT^*jDUet!iI@o}G!bP)zUbwOjKUBLk>
zkS|>JYVPmM)8zev{JT|`y|<|97Wcrn3g3?Rs1clO0o9)@qnjID_$tvXn3bBFk_#ce
zuB#|&ajX4uk$Xbz))4Ce)UOiWj_#IKN&BJysf$}fUar}`1@6u2ica0bqIF}Q{vD8S
zS!mo1_mvLC1o`=HF1@ZgOdDdtthLg6AuFVKsJ3ze<Xc}NX6U|;rMkhW>|wpTqolX-
ze(B`-5#HO#(T_$03+nrVcF<Qi?soGJ0c1grwXexXVl)WPIZm<TZ{yIm9ING__7@!<
zf3P39unZbAK3cWU!>KB4^A~cgp7IisX~=C_Z9w%mI;U}-?=NX%&pmk5ko7n-GyM#1
zxW2#6|Ac1%n^rbC0F3{$q~Wg##&TxAxQ4r6H(7np?TU-UU-o`)ZeH5HZ6<+==kqTs
z;q3$Et|c2MI%f(vh!Wgw;DmMYfYovGBuc*&lwbAAr0Mn~2jE{e8M~HU)z`#AoLqfv
z+A$IY47wzU>|%iN^u5x*IKnO>uiPRUvX7lX5zMumxlr+FDL^#ZBpb|vsyF)CaE8#Q
zjNV?{CfuKsM~P8ag*p_+tg^Oyr}Us*Ma={C2eU1TS_HR9^Q<M*1Bejph$lrDAhS+9
z@g$@})0;F<{md~Q7@V3z4EO$`sCuWiLh)2W<h|LOpq0`d0oUPI-cbFb@pnf~t<<bt
z(LQ>U0WqJC){$~Z98XcbQWC}pWY2zv0ppp%%a`n#U>A9N7~qTz7dbh08;U^R{%5)w
z-Mi{yPn;3RFJ<D)ILO7#-*#w{D<a+ew#KkRNtS!Rtw`B*?yMpKwZ1P~#WXU6BU?xG
z@HB39e)~nI9xQC@Mw8jfoL8hwMS2C)|H^A}kIvPo6gq$Y7!eOQi=1Rzc|M$q{JW+^
z(*8yUs$a1RTiy^FS++husLqJ|p{Zg$b@;MAb!e--FXacGt>-mRe>I^pyi9ch{We&u
z)9>?5C4S4miCfwO>#%N^^hfqQsCs5itvTwb?YIamGlXe(jqpB&h85mayQROUwRdXJ
zSY{ijzv+1Al1+`@yP0_q750%)x`GP=3EWk|)W{0ZT%zQI^3Tomgv;2Dfuxq>h{=#i
zD@YH%e$LoE3sT#3Y1ZXXR~Jx!Cmezo=$*kfqMConm3G86yIcbC-7&=<%oDv6p12wY
z@&}J^!+Vk2l=ba{WUdyFiDVbO+rE0*?8r~cK4wu`LG8y+LW`{AO;Jiz?FP57S7F+j
z^5fTF2?(o&V`v%Q1+YV{7blBrr{~97ADO*R_$V{XYJ@2=5;!-}n(vV`A=Rj^*1&kq
z8m`rZF*Fry;_#|^6HZG9awO1;Rz8WM=^@?(U?9H$^5=Puyp5W+;*lj7Vxu-px|bIQ
ztZN4?_ZGh@nOm=V6@dH&<-F;@ehRkO%Mm~F{H3z74QE|{uC~?p3-+G!#&O9&{_>sU
zlFPdkVUv7S*3ZSLDbzozt-sMr==%#zim3T7L-qfM5llo>a|Jw|B+ktT;Ty73!{BJv
z6WLxPmesa5c0E9V`jmu7Zzo~0ui3wSbaCEsDBp4J*d=|RI2RH$U{~M@M-Jrq3xoKT
zYs_FLz0o;iSX#>Y(>QTW2~ppHwPO7byoQQ_yjX1Pi>r!SNp%u=UV2zgj|yDVx*ybt
z%J%27llasctw3HA8T6gUu%}P-lCxg_vU?|X?pdQ}YsGrm)Y({HjwaN86CO>tPjJ8K
zPvsJ0%X^-XqP}Yt>+KT!HuBOEc#V1msQHB>kvr}e55Ib?q$?+<Y!}d{ra}ZUDDFI2
z%uPy0OBx5p!x-gt#vc2@VeA?-^ukyr-JlZd;;yz=MG8NGMYNTY0LZf!j@eOC)XlBz
zv1#6KI3Cjp7p%wa4$k7lGwZ5uTSNJe*uv-<lbct3(3Fx;<_xJGs&Z_blt4x5#+z|3
zDa{|dKz&tM{JX82sI=)}RGEdZ4Y;z;XZY^u5>KZ|A65&Zd_Dkq1Lg;w&KRG=cF7O)
z<hOPbsxaHUmCDx?J!#TSXPD7KKt5x!Dt943of|u@^NllyB4JSERR58sys|@SMXAn1
z+gBi8j9eP1*7-|=MKS0m<zRJ{^mpx8V~oF`;K&&n?k*WrKc{mZ*#VSeC=jMGxXj}*
zm#J;(+V<#S%F0D5Q=q58R0q@_%TN?Uh;MS}(z>(a)f)Xde>VBt-C|mrmDY64Xng{z
z|Fdus*Br9xP;;xC6M_^EANeB*wPKw78Kh9__8!8|05yNV=i-u25&G9{n6Y7BYC041
zSK3{`=ZbdQgBjxGqXwYXuPu7lno3tJLj^LQ^53vOlfO<jg<S44gnnv&nTu>z1NHs>
z4y|L)36c_$pAT7<pk=Z<ILvpQ{#SJ~c|sl|p3ngle;WBYx)9IOf6o;^U5oY4+C|SV
z(m}Qx^VW0y4y!#2D1W%xOZ@KC-}~c6LEZp`I?D{tyGglV=F_Ias-iItY^NabdCt?}
z#82q)WxwT7vcjahfDLTfMO3Ze_QXuOd1HJ_zz*bT@!9buRO=sA?mVW^%p*J*!bsX)
zA>hY5pU@Gl#x!RD`2<&z5;LpDc8(yFGvaXU0w>LyFHWg$kq7>0ILcmBQ2q9mn8(2K
zY!aA)P4?5S=q#}ASUp~0Y{<=rxFpIi@0+rL`Wd>%DhS(hjXBgw$c0+w2jT5BN+ipU
zN0_PIyOehm!9ZTNo`lTH+Cq_i4@H>G_%rnerDu<+4=Zvohj!&!IA#uzzv<x5zDU`*
zqH}FfEkfqV!Ne#G`l*&aXoKI3pbvK`1LQXYFYYiOsk(Z)O$xhSM;TGvYnAR#iWtk;
zN-0%7R-plTrLUWbsA{Yq5SU{X+Tv4Fvrs{4P55vWN)|;+>0>BReyAUPR!+y8`+|7+
z6WmN-!)@X3D<p@rKP?N(EzfCac%i<phY3_l!PUmA!$lFLwi0Ed-R!CUu+{hjLnl9t
zo0czs2^i0s$yb!uBx@K`b#Jnr-i6uN<n3o_)+rQC+vG5cO%ARCdAUm+<@JFhOLY33
zL0WTzbx>!BX<$FhJOLK!39VMcD3Gu5t`oB`A?;50mzAxdNKl}8i?Bd5`4z6Y@Y)&w
zVHaxs9njy(FRs*9$d)-<A5f}fn$4c@jTaO6=%U@u)vrsY1k~SOavPic!N;>!SZ|@I
zwmzJjE62c;I3%DZ+L1aT%54JVt)_!S>0d4H#)o9CH~uD&9nZSm$x;h;wmEA2+U^q#
zwclYB*Vvs_$RQ3ec+s`)``opPqjTojx$luzGEs9vy2cSu|9Eyx%hd_H;`k_gZ`AOZ
zF>^7gLfH1%jQOy~Ll4!5FF-!NdZ0h!wR@?2&y0YS`9&>@UNL=9AJv`e?sB_MF)dWT
zdepM)Q-Wb8f}WUfw{0{ZPbU24H(Ls#uxGa=pz@_3Q1vHK)RICm#SaL3>eL8K6<GzD
z{+=cOxhw8oZ^A;=X5Bt89y`ns8O>(d1a*YBzXS@rc9`S@+?&2F1Yo@7X83ehY4N`R
D4)mrK

diff --git a/dbx_bin/x64_DBXUpdate_2023-05-09.bin b/dbx_bin/x64_DBXUpdate_2023-05-09.bin
deleted file mode 100644
index e2f6b0259ae03528a2c84eacf0977f64bafef036..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 21170
zcmd74byOT**QSlT1`QHCI5Y&;;10n81b26L_u%eMaCZsr79>a@xVt-H@_TKbsh;<n
zKfX0<4T}X-*VT9LuG;55`|PUb7d$i^7A6kFe}3Jf{QV2+0xfH%T6)dwR4SsB&71SH
z@i$Na$}cELNEUPuDjcF-h$N&jGz=6ZECdJ{4v{WIGUN^w5*{))0O<r20P_M0fZoZ4
zhJu8G!us%6j`7s!jzi`xB<8=p2;)Br|M3(^<i863ek{l!L^x<w7&t5_Rb>_|5avG{
z2v|sJ`i^GiHl|LtHY^w*w0|Ci$AVWfHnO(0F=BZKBKqeMBrF^`b3+GPM_UsoQW0AR
zJ6i{RC-cA0paaqTvmY9Z?0>tTR7OmOR78lB6~w{<dWVO~`T@ks!odn+1+lSx`Mb#m
zV)?-GADbZmkpC+of<R3F9wPPs3{lP8#>m#ykyKSoT#8i2*qv0&&CpEW#?<(q4Nw3i
z`M(~%zb61X01_SI@8d{N0g#XonciLWRIh1^gM&c`UE-giw{kLH+M~5Z-g5`Pz3*yw
z823fr{mxeCC{#5|8EqqFV&6lkNSCfOL^)=ElIyQSkuh;|?;UY}LvukvLJ{N$Z#$Ua
z_1h5Vs<rgH!1rB$l6{LBLt7CpUhML@w;|C-qDrEc7Uk1kpNt9ROY9z)4=kPR8R*W5
zhcu%zk>}6-9rhj@Gz+Bz)#DIcC>1y|4&9LX9>l}6lN9?`&bttw5zRl(-!Y1mIafqn
zs?{kcLUVaf_?c|BeyM0U5aP#q`O=^Lw&%TGTK|=qg%YMPwbd`mZk>8n;&OyG4`xX%
zVlNTv-orS)(VzDN<z_>juFz1>kPwgs0gxttkB9*X`|r^urh-BJCrRnyAYmW_I29m4
z#Q!{s27?QO{YI_(tAdMo8>r&OBM|LkJ)O1?5+wG|ZcG>f5MLn=i0ePo4EeuHGu(fB
z6&P47R904QZVncDb`Xe#ivvXRj|>G2J_y$j+u&JbB3Gbr%=FES=8|fK=Xg_uE=c(w
zfCNSsBn^_x70(q75jJyjvg2W9c6D`Svi{GMW-_$3X1235x3zO*HgvFJ{+lR&ll*V)
ziU|Faxw`-SU<7e6va&J#-3`)%L-_kfVPWARAz@TNN}x~wxebB}5&b{v8#_2T{(rxM
z6A0y>u(2Q^Utyp?5dWHse~0qlT!e(svVbFDAdE*?4(1u*^Sf?r4rIh>V@%bR^GDY8
zT$^Fe!g`BPZz8-P8m!H*jIIiqR7NQ5D|Wo5?s!vEpR}Z%X_1V6>K6}r5;GC<LZY8c
z>=?cZiNVeZ(}Bsq=yn=6m_O{iJE(I~H6<3DcfiTF9m81&J3#c=s0pL??!7i<(kp}y
z%E%{vwyxm#RK~KHD3dC*a3`h7h5eS$y0QJ}Xxm5Hn;*ONBNJB;{F&bgR(?ah)@D#=
zipVxGr{Za;lyDDH*N)?Wf)ot4pMDW;ntkTr%CvQIxRfDB-PnjDOWC*0mYNE(I0_r6
zK!S0uhe<dP&UI%TZPAYRi3)o*00qGA|24oL|89Ut`bg7Z|K@wpfP)3{kNdx3D!d@>
zzo+Q0@3H<*Q~4KPBvmmpcQ7LTr0?M5PAaGGU}@}RXQgjwOsZsS>-3Ki{<T96R<^%3
z$im9~j}dbG`zHH8oBuC(_5aBN`}Z3ox+>M)*SzmL+<Q{<5QWl)NBt$e<3zVxgMMs%
zbnM%@^~I3Y3lmQPZ43Du7fwR-;LUnaZF&a7-c57dJmSV?H%v(dh-gjn3hq<7(Kkik
z;b4Ur(vZnN%o{nc0o^AD6O-4<76v@XBCVTLFMnVk=K8VAF*hl~qwJasiRF%~b}}Dv
zdl!1f=JxxUchXKNBcYF@E+Y^7q@P4E-yr)mO2k{O?81Z}-F$#K!hoc+-+2hc;(Mh+
zWHxgVe{ECvzEWvVr(X7iHsj8}ong#7PD_{b?4Xf<R26@A%Z}wY2z9)zJD%k-ab_6b
zQ|<mS$UW3|OQ~c(%M;!_2IoI5P~ooy%78Hb%lU91Vg63Z5dUI-|65yn`(IDMhJrzP
zhXkPv;S6B_Ap#-v*G2yheRP<AWI{mb|K$U)An3n#@V^+In2D0ehL1XC*Svf-g(?Cs
z54lANNb8?xkie*dltGHQ3b}G2GXG&ne~k;=@czy1>>O;3oDKiWl>Vmf-@N^sw10E;
zALj!x{{05A|NnD7X2XB6z5o6doB+cYI^gfYoC^xO!A``78l~fVqKhX&S;(Ef*jF+s
zIn8f$_K1ZjV=Q#}a_HXN%4wnKiD7iRVRQ*)`u(ni(5<s=GEChFWnOLgZGkTA{PN%r
z^GQh=*5)Ja8PHAlO-q{_d;$HRjAgdZLB|23RYFvDnU)8CV$m0pNp|)UN$TiOqGVoa
zXfZtR7QBk4U0Pv>-A~YC<1>5ztl9clp?l8ti2Y_$Oy)-4(fPcH51V`qUo2do>-vK5
z_R{|IcuojKVdz-#i@ML8xhYPZkN>4F)(&c91Yc;-(bi<A$WA3=P(ri?{TDCMN2N0V
zVMe0%b)_{3%=>iy9=)244~+$3)5dR+2=*$x3VQ-V<+*B^Q3tR?ZC|38I=GwmcKg=1
zC#ZwY5{1ubBV)ydc>M`Y7av44jK@$rULfKXuAO<ml~O)`68h-A&ZvN7LG5CrbdqfD
zS&e=d3j0H>w^A9~pX3PyQ^v`m|4Z7OkZsZIWFBhDDiLLN%8J~*vi7_KI$vC`v>(2g
zEa2kha^Ia*uWPZQh#XsHv}aM~$Xig2y>3^*xuHf6nq0Xm&YgHZLx=<?M8&Rd6_p*`
ztA@>?Ek%#_-2EuOjz~Knw<UDofbh04h02yIXDjY8!acRm9Id&4h!i&EeiXY3Vxj-4
z8ymyfk}a38F-`AEt7bq=o@0hJs4JT#0J8t@FzfzX8H4;&{~vJ2|F+=%*OL8T>hHe=
zBuoG#1h@DB6^cRt{EGQ(0Qc9R$ZqLh`S&QXD-C`b2eM&k{oj9m?vga*hFxs^fb=6a
zop?FI1ll#gl6c%G?wSBq1<3~nf~}izq`Kr=oK26d=e9)zi1QI<-(^fxRx;d`p#GAV
zR$<#=1WsC()359cC^1>nrA)X5F+t`9sn&6wHF_E=)-BoXN-}PWPb@8P`J;(|V2D^B
z%j6c}TLT}cx24e!icV$mSKkq<k$%0#A|ZsHQ??`Ntx!tq@st`~{*kg4WaUVkj`wci
z=N%2O`a+$>L4SFb>&gv{r>I~j=P7~8&li2F8S#_MijaKk6ZA_S%E`E$r+hz0)N24?
z+aUXU-2NWfPw^isN`)Rc5=3Y!#Qtr{h5-Hj)tUb2ssYU^*QrNyy%*yq<JYic&eDYn
z^%7V7?(MV!aiP+#b=}9WC3<o~B=N>MNI?FEIk4a{^JzXF-GPR3c^g`cZALQ~p3;&x
z$-BaaaMA<F4=gR_g=`KpB375t+4?d$hN21>-7&}`oSC{?1fipM0(pYtpcWY`<DxgD
zrQhxSla)YZs0Q=1e3EIImb72!k>G%QUun8HYN1iCTA#Xg;N;D96+$xxxBE#rs}tk-
zi86`_kXL_7BsfdT*AS_H(xt-4T@&1vRUgqoYJmx*bv7$cu?O<Xaeetum}F4JW$#v~
zs$4g6v~3Y55KrqqrIB|{Xv7}^`T6%aKExLGkv){<QTbl&#_$ZeJf4<R-koEedbc`P
z(?I@*;W5pvPn+_E5o4G4>xaPty5Au=dRTvOnHX3v#&)cMJni6-QUf1PUL?cfiA{-~
z*BRgAM%y1uV`r_)UF;xfQ6L}tw1;Ls|KVel03M1N>vG);;yN`I^;#3Z)J&2?@wF_F
z$FQw9oH~Ay2k|;x`{nwjZvOD2Pq2+1a+)N&!VNLY1oC+DJjj|NgT?UevmX^;+1~L_
zaT}OUCf+xqF;SHMibnzR^l4M?g_+|2aOif)^r2ECSY>a>c-X#*J~3OyLYk*>19>L9
zIMa~gJ4Z#5Z}=qT=)`u7YJ;pyr4)4~v#s=s)!sl}a55ujP2fCBMXBaNXWPHG`P|xx
z$I;zhHQEl#Vp6~n$V-eP=u>aPrH8EZSe`M=VcZXVv9?_1AT#SDWZ0tnvIgYsFJo<I
z$fbN#3d9Y{DN~+@F-Tp}Z?Mb`wwAiaUJRXqe84jAWWz0j$YfSZ-*o6ihKA4t|2_tq
zx-I>$&zx$yra(SoUQ**CsqrSNx-1ddLf^Dv-XqK=Mm)g?&w*?}L#!3ZM@8p{PwgQQ
z!IwK4kI|eep3L%HezM*Vd#apA>++K%0`gTyRV<3sZyZmO%9u<sxldS1gH1s^AIMYh
zIT1^Le#ry!{fM0v63&&2%kgF8jm`K^Ula4h8AuKaaa*+`K7{o?1NlL`o|4*AI)5UX
z#u7r=z=e@WO%!SxVtpw1quu!4WM3dZg8sn-uVwEcFhvDxB;^9x@#wwpVjfECR%h3s
zY58&_kT+7(Tzcb{&V*h0`Ie1DsoL@$<v|p}O~d)%T%OTrK@7-?4GmX0BTcnSK65I0
z8@>5$Bv-W<$2So{IU*NqZn_o?<oy?)WV4w(0;r5FWda<V#|mo%E)R}K*K=ucDUb8o
zLV$cL-DT<u0!)V6kW>7;Dxp2f0$pXng6EDn;x?<>nT;Hf-^i*8>}Im1!BU?)nkIIo
zXt+5<V|R!DDawC5@WA&j3&?XX_tHdP%jhP3U}$#T!i3)cxLoXKC|v?~Gg1oyhYtnh
zS#J_i^0OA-<oAf}K8G8b(7cX&c?gg0y!qfAMca=I=C>Ggx?=^&RaZCy`?tqc>ec%a
z7Bont@1N~&$-Jke+L(d*G9hL~bH*LN|CWPM&#%HT3S&R2CRv~DFiQmD^!9TQfqeMY
z^zC+VAKL_M7Gl!Y#7j4<eQi*xN|1->imK%1$`g<uIcA4}yR=bFe{Fz9-8@=VVTYAv
zFHP0cjG2N-VT@7*^7T7#Z0KE<Y9T2f65w+vn=A{B;kR_+h-*0L=q3*Aq=0-5zTt@)
zUSDDZ(*=?Ve647)W*$kCTGoS1blrLXgkBGj|E*E|89@|o>#O0@dN4XDcjAq!I2~EM
z26~NVug2~hFh5zY&W5$-*W_vnRt8CTga!C?K-{CW4sE1Nbf}Y0uvh{0jjy_M34@?!
z4O$(TQtxzh(%xC&+axG>(lc4^t`0*S19?r#=s14+V1E9hs^3xRG6NoQ_V3lW@Sb$X
z7(?<ehQadly}L2`meA$YyOKb0WcJTx)vn)AEu;E_MnJ@bPF8n~K>c>&X=`N&1VdX2
z3g~Yow*0TjIYD7K-D)y#dKW_fj0ggGlyx$QTQ8q`UHKD^7^p70crGM9iqW_i-?t*D
zi8Uy1fqW874w?|>P;AYNi+$3Lt)rj!8=jT>+r2JExin&sZa9#K+9k6XJu`y*NK&MF
z{C(+TZPDfD^pp4`ea<R%Nv4ZtAaC>M53(ktM5Je;EXHg}MgDjpX;|1MY)%B+m^$S`
zTMdxUf~b<6^AH*eT#>vI?sn<zv1P-$o>}`e?LW%fSQ!j99vA0!f8TC1Iu#dj92&g5
z!P}-q#@5Q#;z%kW6h3RbDFo_Yx>hS>ti(m^=M-r5)XTG_%EDBo7_&0))kvwyaeM-s
zPf>eiosS64KDS=*w65xH9_RHdLa=Sdw%1$TBB^9hfX&x|>i(BSYK(Rojl+hY@KtHz
z55x>?F?B~q;VbSs_tn7SX<NJ5KL7I#(~hX*iF~`Ci)`y18OjYKv4Yd@PZvM9JAm=`
zE0qW7Ij((~q#7@lv-Ch*f&)bm7#}Hp-0D9XEgc7&-!DQ0hMTVi6DzTwkRzqdr98eG
zA9v8HuD1)Lxzc}Ki393;j*O`oPNGASG$QD<w7E`K%mnreN~`Jd^<Z5x91XYw`F#j(
z?eAzXYX18Wif#>UH~DJkHaKx)#a<e^7MoOXFF>BCVP*7k_|4R}hJ<J=`#<!_ap>Fd
zWVTBxG^UJJK90CRUSN`Xto~S(YkY^ImAe02cSTEshtp&^RaQsDL-01w63CmKin9)V
zCo&lp2>+dMc={$0C%sFop?8SUdq^rhKUW0EZ_2QIQN^{F<d2MXtY_RHl-oFBDkmd&
zVa#O7xzR!R0p$03k$D>YkHb_UkBewI{TF4v5cDd9y|+}d+dFP3qv8VcE8~0{-Dul2
zwJ@Qx4!MsKH@&uM1sdNysr}wz%U87Z19>R5S9^3i-0kpsr-W`7m~RuM`m~EBFJ?1M
z)rQ<KEZRVxC+_@VhsHNQP1ZXBnSnrOLw0{-7$m)&R5|dqUyKhdAEcBa+|jHuE)`MB
zi?Zr}`ee}uFDw|rupK+M6$BGG?Ev-tOX^0P364n0zb&uo9GDY#AD+^&^hILFm0+8G
zE^f91^3lp?D>(N`lRL!+v@9LMySRL_=(kei-}W7p`U*9Yk%4>~BYXO{qPy@JvsPKm
zR>?1xM7tseH75<CMC15g+(w>2KBw>}l;E7e=&LY9n@^O8GF2A6kB&nlqRp!x^}IC(
z*!i7x=>Bp2GIGO|O+xYf`P4y38t>}UkICX*3-;nZG7l`EzLq-dTZ`ZW&Tuh1yt#)X
zGn!T}p|OnO*%gv;OkE`pu=x)9R+=_3BJBI?GPDjd;x|r|DU_v2%c*E16f$_0nDS7d
zKJ20ojy;=-zO5$OLQr~Rk3C(B0u)=K+c6#2gIzZ^nBT%3X;#kIC{!6g6jG?Ko_XQ#
zFm&s-`wp49>}C<B(qRMj5!%Va4-N?BNM8kU3=}PDd{QzPtj;#e?FQF+-sVIV0eM84
z^N*2tRJ+8ci}qY4ryWYkj5HD#HteCeytrsWO_gB$LqsWh@Y}Dbj`tbgd_s?HHLRqt
zK0U=mw)qt^x5vo<c_imUWMaF+!r3b)O6x|2p#}k84GZ=Uh^>8=3QNuoIzS#paUs^W
zKLJz9MY|*<K-iMuPqszjrGxTe0|X{E>()0Qk6w_U{zDP8@JI7{M#I=};)FQ#V{+Lz
zK8AS$9g~z|I*`Y91vM~Z{*e+qfNG+8moh<b%QkCqlK{FPhAL!EM1=?AV>V*!zvN79
z6pBuwzxoD;WH*q1K<$=ckwvG~w*Hn4<OyTra7yMJcd%$m+$cH?h;~)is#G57A01x0
zX+tpQTYx-qq<YUw%df}}<EQU*Q+V#!me8*7wgk0n)%fUh!%D!$F9}{;$l03C<tk)=
zSQ}cEKU+u$WE(2`D}SnSkFwWE0#KhCC8#bd<ihYxjYZk^QOnx>sy6~^fMyu?E1n6p
z{Hp|zryVa;kuLzv<HQXGnQLKZTEak(S9ofMk1fzZOe1^*TVK<Yryk~8X7v}UMjSAC
z)@<KvUCG=_zT9$j_mF(=PfY>pGfqWE`P)%U?{A0^@SDvagO<K8$#%5(zWv=Z4vAYq
z0OVN+=ms=Db!UL;#}ir;^WNeJoK~oug){d{w09<B5P+?ZSSwkR12X!prz&)Qk7ac+
zygSjtyyqpyn98)#8%mu6%O5t>0($iiMA7u039CUUrEBx8L^ITA>zf5q>a~MZ*}=eg
zIGARMNo&`k<7wWol-eR8O|3%dhb!+Ujhr#nwDmcE0^>bcb^^m#DjDF#CBiJM)-LgO
zYun<GUxQaXLaQ=#Qh_|D@q&4`=0l{gCp%^=FB#{4VTNsR7Se^riA9K;MKK$Y=dw1}
zT4NM*StlGFzuC@q`=wZ&rrO=|=mN*d3*nwv59E0ioW56A(I*5}2H?zmD4ybn^{pS;
z#M)2!ekQE?cnVfu@$6ZNjoKaHqu^+yk_a0x&M0=|J?*wa4lwoLI@Yj*`48{@-Vs|A
zdry4K+adEH)37vLq3PQxL`B&=DDwmbM-5;+0^IM<Tk^jA%o8$gH}VML;};>@((Vvl
z*&pT<@@1p}s}DaS4O(k7*Cdv1Aww2-Lh`&4gVfLi_cWM=iNEV!x5WVUg@OY}tjje^
z*gW0x>2=eQob5)n628evM7Z+@w)LmNg7MR*wXWT)@_4_E)vkheSXWVQ2q4o%Eg{e9
z6+5W1T!Fk;sHNPZ{+uRHq942yl!tc17s<MBv_gmoO+w5Op$A~|wYX^)70N<Su4RzZ
zAl5|fno)$Wx}$BE+7E48XYF#+YoNZwE1_ZS$EIhP6L%~umR-ePnoP`i=-O4+IQ+d&
z1FW?`UTrsy=W$$#ywhc(n&ti^EL_EiO4;cQ(Ia5tCVe(38OW>0K9bv$4Oz#YWE&3q
z@ECtM&AmO(%NHc+7sJXJ>;UVxXunGzYnS$hk}*?SgVM0uoSe74B|nAC{Bh#DC^TLP
zw*J+h>@RTb(tzszQ?+Hs)|K+J!v+p#lZR-nZFlSDi4UwkG$cV#Yrq%dV2B+|MV7(n
zZ=%`c|4!L-VD%<qYo+FA1u%Z&y1jAyCFnkuHB6;7$5GS~)|ni<G$;Q7TTp1-Zx%3r
zGbzK$J?VYRC6_6z%}u>~BCY-Q<G|j8Tt(Q8D<t&g1yJA2apsnYwo~aq<@8m<wJgw7
zBrV0Cz~GgPA<_TCU=*0YS+^g~2z(7exo_}wdU`G*mD}2k48y`|Cw@1+A|a6=57f6l
zoMu&9>l+^|thd8$i*wdJSU)Ba`UFa3`qCkB?iB{)?efHsE-SfJ%`1`q)GqZ<vC1DH
z9dq}phe5K<g)=Ia19^vD+W@bl_|%ltWWvEJrzq@qu(L-~P1><SbtWUE-vfZW8=esc
zSy)L!t>awD&2i!)jgkFlMBg-a5A}BjGMvs}{RFqbz`~&q?V&SWil+QS0`Y4&<=%=b
z_MfS%T+OVbD8SY)ZVe}+<-<#e0;HRGehgI&=h+km+_KW+Hlh1h%1JEfz<7M6#_JJT
zd5Jt~i4sOsTZTl>^P9C;NThV|WA*GlK~MwvfQmNBpA=S8cgE?@*cx)DvGnr@Ocw=6
z$QhqPXr|b}##gwU8#hM`YwCF1mwhLuE6_r|N!qoB#Mes(dds?CNU(nOS7@mP1T})4
zGO`{lLrDr&c-E9fv&&fZIAhwg0n#(DdN?X!9>x5vhB3Cw&WgCq23_!@l3&ve<y>Ch
z^T-d$DX{t~*6`+OV8^3r)haOzTaR?Zq1NSRx!T-t4!Ry1-XF$I;QNg;wkSN4;^m^u
zZGO)xxxG2BRx~Ub6^7EJ3F(N)`lJlTrx0PMbVX|p260#PM;RWqJeI$>$c^nY^Om}f
z4o_JC`9wRn2QU5P<gYvjnd#c<CO#oy47bB0Kf_H6liNM6`G9=#_NT;8vwpw&3|^yY
zRm0yzkPz*t2hX5}_j=}+{y+rFpOnDHQ_=W?{kTEZi)%mjq^wFYJ~RWK^FN-K-9>J}
zTR{DkA_7EFQ3KSguZx3<3>C5I&MzV!8{0Fqw0<u76#iiOkWw<xhB;4i)~;;<`%50D
zO@gt1a6-!AnE+aQi;RtV8>pW~L%MtXRp?ih%woCZO@P^fNU`0lR?%kXgn*Z9Vy*)i
zuaZ}qrMh1mUQReFBolX=i}#kq>SKwet-zJp?+^$UAfHjK;Id$OGhdR@)u}6-ktYYU
z9x2&(8s(CJ6cF>u1-2f~q{<ls5$g_d`}}lHGh9Ej<k%)vdvS!ZvHTH<o#RXd)X$n(
zX=c`O!lk}ESm&t?hA#NXcUuZm=w7%CyW~UusT9a(&kCY<;3Idl-p6L<_m{KbpY-vF
z6`@j*6*Pug6dW=D`NAc)=Kjt+751M9_pKUCy+xHzZw@^xu`Sq-8$pRiVExHb%GuHR
zU&77Y8OgaxxwiPXwdF-Ejx|58a!<(|8zQZM`jxyp;oTDQDXW@wT_2RCB%3W;pk3Bh
z)NB7Nm^S8VJ_Grd`Nq9qPq9EWNH5Q=#m|*TDMPeqH6~y9C3s|x6j!c*e5)W_nnp|{
z=_6`I55w~_36+_<pp9!bjJuAt7r8Pz*!6;T$Y0PO+6^;(i2ST;J`;~bDC1r-pJBv4
zMImonS4n}bFFKqbFkV^FwHnj1P1@(66{L4K3z^r>*l~%JCAUmA!TKAWKQP}PEUID5
z{&B7*>anAvJ@;?8eYwrA!_tCEDV-bu#{XSJ`)-1!jLs{n;o09&Leq7p{3`y=(#z#h
z(EMvN0a!fW?@V}i4&}NQ&1@*`-a*^SLO=OVm=+J1oFq;n_KSk~Rj+u8Mo*#-_H~o4
zL+MR@b)>D0gQr<LY8;nVmoT111TdbyPnuW97)8Vt+jv8kk<*CWxyI91^3E*<a5`H=
zgBf7;Mn5Cw5XzL!*Q=+vmrLTXk7SjBR>cu(4DIeoJ;*m<b3pyUETf_p?rp+6Q(+|^
zJXj0-Nj_@Z85_1(0>YsmTjXH<%rQ0y%<3alr~aa_dYiUFp=4Zy{h3F<m69GVhv84|
zVEv-;=wq8!GKQ{jk1vxx5#NtD;ByG9&yd`b;>K_!F3y91@l0Xmi}Xw|@qIn=vBQ84
zog8}#gr#bK_|c5wUU{`IL<8g((=n&5B%|h@I#h^d;2-ZzQB4pNC1ZAENV+cV<b}cJ
z_a&2vM(SV$(~usv#_i7KJ4z*gUUNtC^j5mOA~{mR8=(F#cD)xA)<)UDxy#p(Sm+sq
z1oMi^;besS>Te>JkK$nciZ!URhQQF$jk!T38idTI@{Q!->-yxO?e@N;RV;JYTcG}0
zTt#rH!UW2bziOw~_s0tCmVr~pls^o^8bM;&OnG4S%(`N8*m2uQ5lDOp&Egg|CW)K@
zMqjO^zo)f#YEV~v2dKYg{cN8_hTXfBei#;%O(Ry$YHRDeCy%C_;iIxh!U5)=Td8r^
zksSjGEhiz90h1=SJ=mH#V=wgZZ9hsfu7|q1fcm?^wphOIX^bNZ`PZx|$E-6;-)ud1
z^|1%@1fF>(Zia#U;p^AnUW7I|O-n!Vn|TC0i3RtzU#@1mQa>bKGe}Ip*5jvvMJ7`E
zh~E?}2DdTRAlhm3W7nZ@aI1JDC}^U6n84<X(}nf3%M;aXI`>l!k~D*A-gjwnEL+IU
zFYqe1RY(q|z<4eiZWVb^Riw?Luqu1w&PoPygi(rC>I9I#z&-k)BJczG%RFoLMiq0R
z&~K<8N6lz8uCKHh)(=}=jP5GvT5o!#f&3N8oc_Q;62?ct5ijEW#nQ1&I}LBvwzZgf
zOIIn~s6-%t9c{g6ADzUjm#@I^y%;HpY_-aCnMzpGn`e?w(R&H3|33_?$ET3X<!U2*
zX*dYekd+(+O}-J&_!+LWroFN2k1bH21Q-76Bt+IN({i@G-L6&Hu3g6-VNCpNfZu>c
zfde!#kmoG)<CLp5fSPniVTqt`DdS9Gd83bu6b(|1^geVODhBc&BP025%4<ZF2&CAl
zpje#C-{{w_lEKMYUP?@2lPR|Xc@+f6-)!1FeFE1k^_th+yOFbR8(mw=H%g~2#`<zp
zz}A~E$h>{r2TczZi!?1UYym}mxALYt->}<=OTNJ<*Gq$qFHGUwaj#gIwOd&YNl7^i
zpFTx-JX@{e&eMh5ghb?oabP?&VQv>pk(pLww~#~py7H-773f#bHNEnp*m3j%tt2==
zo~dxmg5+K8?8-i)%FCwp2_<jAM%3Qm3}!5yhQf|1nE!m7A6=()bc^+ylI2OCCj5dV
z7uhDtRi3=*GVUg-vbqP<SAfEP-hK>A`7w+nKL4xXjl}zDj%UjFvmb<i)(XNrGJ(7n
z-5<8j2#=$7kxVM$CktT(h#mF{x!ZR=DPm0*XyH6SK5d~gciu<o14dM*iygBJu3zX>
z|FN-@oK;DAiTa<mUqHSXp~P3Q^G=yw#_uudaBYq7zGkd3!ke3W<bvqU9uZhSr*jU$
z3NlBVD@b{8iOqR7UCr2`?bTVIft66a;EOVCEl__fP39wPY?D=&>az*E>gf60#pHV@
zqaR`n6#DBr8xvstpZU|M=724$>L<CJ0Qgv#(A5N_@^Rv~wuP!sFSeZ2VB`09?i=DM
zT<_XV14fK%6+3*+3X3b4T!C&&5Ou6n*Z|o4wN2$vUEzSPEluQ6b`N!)_-nE$;QD|%
zu&!M&7r~$!?E3yLg>}y<yezzz2T=yMaiS9_$a910uBw?hE{_I_=MaoP3;iBmh-K`(
z?|_}E%J8s$)pJKU$oOd3da2oAvTp?D4>$Yqzis+^S0AONv=GTM46xjr<O-(iwxri&
zbTOeixq-)XjuJC=;tNOCS2kG_G|DR|-<CZ%h4K%sXbF!lx=%PvK%N4d30qj9{#E|j
z`3JILh%0pvLE9%->{z=~O1!m*<}@H5=Rokyz@)LA*$?poKNzFHMy2|vO|oO?p*J$7
zoEs@vzkMa*)we8*0HR=v>8vX}1Eeulk5w2M@R%8uK=L!DDGR8drg0(<yCd0{LzaM0
zsA_l^+)ge_uw;FVmfXEZ@;u=W<R$6}h}=w#WSI65c^P%TlWmf?_UL;sAow$@Rjdc2
z<pBA|4$iErq}>}zhX#cr1m+wx)Iz^=#neGF>}FU^=xcExzvX-NjP^>})zht4*!4L~
z=iQ5H$-yL_uB5rBY{hFOGLV=3wH1$~$dCz37b)Eqo1C111ewx=4gF5msAw^D3=zx^
zHN!8;DA{xQ@t5kLr+piq3h!^=tu7u~=9gODlasT9U9X4ml}&o1hE@9pQGm=ufRSRW
zrz&&1aTQfPKji}jNB$x(o^`!nh@T18QKxEMvTUM*%*^r*(p74ui+-5p(0rU6Tm$lw
z*XnW`1INZFRJ(%|hFTktodNp3{Sb3F=t!p&stuz+zS_O^qmdqAcdEC9MD@EkY4WeI
z^W>AipqmSC?Xdssfz7`In%nus6>8F1;ujkOvK6#5SreYIAGxya)!JG6HHc(^`Ui`S
zW0R{KZ0m*fMly;U!@0SV)U@$KT#5o6$rAz}^nkp{4?h8_PfL5T0qGl!_c#*c8Be<z
zivD(H$Bn<*J;K4(J2XPddq1Re@O`xSyEZ)EJ5(}vPQShMJa$XOYmQ4*J_hQa%#5iz
z*kF{O9B1v1YM;=gFC>)nn!lYk9CrTGLz?*$$j4R<^rwAxDv|1$<`Ol$s-gc<OjXoJ
z`mC_G)UIAk0oJb`H7>1-(@ux|^3k)~Je-3q9cF9U{2gA<+ox}kWs9p|^(S7~qIB`Q
zRa>UysS$`uqH-e5ePhl`hd2AZar2d1wFkg>EYJePRhlK@lwiN!aTU1j(n@kUH7(Ek
zpnm;8UH4pJ1mxdU%`-@M)G3LJY&Zy7RF1QJlfIsz(dNYpL+O_#Uj<uFkzIO+U+#II
zdd+>X;o({RdzVU8PTkoid}3S?{?$*C6QDj7(t2A6s<n8yXxu#LXCzTB!fnzB!zO|>
ztxCupNvbB0=g!G0p866Rn9SLzYtYUxSSnal?Ymd$(ol_FPdWnLuiyps?UquEHBT8g
zazp99sU5~x5cRv%>KaS;d@&S+1B*xS;C}kuO2IRJ8U{?zs%-Dz`||oo$J8&PgkC(T
z+@mVMc*GLb`lAWOP-Do0W1hH~N8Q?O<w`h1Xu`|gBUd`l!RnbW`0`G0YMc1;?6?6T
z=Xc1BrcCn7ZuZWfhTuYaSr5V9uMT~4M<nig>+e@*JrlFtESKsxZ+q<h&X6=SxC9|u
zlYsH~{{92kFV_!ZEE02N=fi*bj@dv|zY8bd(}R18!MyGV<l}@63FIv=t``_+@_tNH
zmeTzEHfxFf?Bk<+CQ70A3g-U_HxvSCcHfrY$)@M8Qo<OT((DadL0`7-$>7%^CA5L9
zPpgPWBg(yGev=K9y)B@)N$JG@B&zLVu2mO@GTwM$2zLFhYqSts>=Id}s`%3nelPB3
zuSGf!>;SoeFGZpK-FLzT!1()Uec1a-&-%L+?JUY&XVTyAGNyB_Qdz$qx#pe@n}GG-
zhMlV-q8ddB)a)HX(&Y#Dh%5F=oUiGa+Y1|+Y1z_Nf%?nuwDgtoqXe32s}C!soUV+e
z2cN#XWQ8KNJDu#Zwt}s{mK!L?B4%}VgT)cwi}jmj=~0*Zo?H!72hk@vTu_^X^|v<&
zm!B#mIO4uaxu(vaK*lJgyf3Z|msvNCB20R#97zt0XO|O#>ODDOACrWWYAth!0%@I>
zsA)Qr+s=S>-s@zf5RkuKJe=>Nf`;XqMr-FjKU-l|<xK36))9M9)%u`8wKNOlZwR|v
zo;TX|2wlc_R%x2wm}JQ(#LRl-s5?mUj8i>s0QncOxXPKG8WRyi2NZiL+JK*R6nR3$
zlmX%s6#ln9@m4?{%c!|kx~^2feJ17Tb`lA6m*%5EyNz&$%B!t1DDN2y<Z&=kqxi=+
zNH5<fm+pH)?LE$O_*_>-zNkzz(iHVagXJfeUh~kat;~eFaS$(4NZoPKt3r)^S`HcQ
z+>kS`pDi0uU*fLlD&S2>>7eVa)gQW`pQDLmwmnDt8>u#NCqKV_{{ZBb3P$BxDY}g!
zx@GpQ))_l2c*=%ZC`@YMNVSh`81k2ZyqY<4ZwsnlI`1}OgQ)ZG69=jx+uyq9+42js
zprX(ZML^z-LtJz1anJ0mYNf5D(ap13vCf?i3e9gzsNkORH2`e>^?*ujgU_$pGKzRc
zt!8>rve0y4%N~Kdf7{L5i$~?c1=J6wQiBLbWEp5Ca9lgjE_$Q20Ci}5t@%-<M_d2`
zPjCguM=7(`e^T>ku1)n#c*%pQLqxYQ*fby$Ho8%1!WHlXtIwks%b?$8?fn!QZwDdf
z*S@MLy)|Ksq<H%F@(Q(x)JY4}PhcPUZ3mfuEYC{Ult2B>N_OrHSF{_|5WBhU%ln5T
zZy=xkKqa&*P|=|l)GoSg^3VkT9#28O$8B(u_3&2Wv?CwL7uNsTqMXrEe$r|P0j>D`
z_SySNQ1LbDw3M3LJY|b_63CYZ?g^-Mo@0;XC$P|>?R#JOrVJBz^z&II2yT*QB7@EE
z4Wys4P|fQS4Fwmf7&z)0rRKg^ga}-iiR58gV7~GF4Ah_eD!LK;SO%SxdC5wv=caPz
z!(#KpmEUCHyAF~h95I-m>?0I#o|t2veI}wFZ5!>9FP`5-Z$?+aswJzSBIxKr0qP$N
z5qkYBTthC5VknHZ5|1`^P`eW}f%M+i!9R7fSpbXw1!TY;jYizxR}AfUMz}UNKqBhc
zqKC-2M7Acu+?8Pr)HgQxg3V8kmKU`AbK;3GJCk?GSUB-8zcqxWgIb^izY)m$!B9*#
zZ#yTG6*D+wln;~qy}>By&Pa`1dLB}R-t+w&kcXzZ`~9X->FitSdY~iphZbEy`M}wP
z&}U_Q!v^v@EwKI)^qLq1HJ=E6eDZmgqm=7#KrX^FtgT2NV(Sb$35z?}dIwHBvGovw
z+k@_Rv&6=FO0?W=7oIY=YfNj63;HoXuRbsy#5?n3mY%4ZKDM|c89w8dOLvN|x&vF~
z$VJqg%boAR`r$}?qz-2aon0_G_%8dZ?GZnJBOu;dOpB6pfBV}_kBtWEBN@QMS6uSQ
zTdlBrV5e<JDmB3_9qES%Gpo(1?^4fq19@DH=&cNUo26}+FQVo5=5Ql*T2$q?EaPs+
zyLV)S&|v2aueY()Bw?aAi75Q{uF$juE}Wq5u)EgLAUkKIBaD0`Q2*`q5H!-lNA{Zz
z_=?ToPG_!5mKn8BXKe@gcdMb9=59cqQYXWojY({y?fQNZG#&lz@!;hZR>~pv&`7xd
z4E<3J$g?QdZ^5dmaL0+mF1bwERDSt{rt+hye4^}ma=JreT>;2*G*2{rmQ^293D>k{
zaJ-MAMd;`>=Y65#7VBi$I`!`W^4#SowCv&U&XPBqKeP`f5m#3d$Xb3vWz3-IQ)mBT
z0akBFOF9<3Eht!JKV((2Uwdw6ImT8+l84GX|I<2QX8AQ9sQ)PxQ%EeG?6Hl%{g%I|
zY&b-)V6ilu1fOYviN~o)0n9&DhL(Cm9P&UmA}7A5vyrsA(Z|&BiVw+;w1Q^OR!?t$
z`Z{$(W+HXU6&=UzK`t&SZ(<-&@Y%n*4YXab7o}N2gY^@P16IZ&K{|hs+pAZGW|E3a
zx`@xYeF!3kI1Uga=#0Sf#}qVzxx0jcD2z(V+;o-rIRdUM<={#XG;}~$X8(cF3>c5C
z@`UC!TWy9s_UIcg4O1oftkj(G)OK&LE1b`7kJ-Td*}e(#lvDhdy{m(Di-M+*R|=Ur
zKVw*Bu;-Ook;0wjBT(OUVrs-lA;$0Zqt_~nMKAmB>B`c+rlPVW(Pc)X<{Ys4+zWBB
z71^P=cl@FdYm2>iI$ztlJy__W1Gk}n)AE;@Dp21ySpqcG+%lOTw7HK##{5uoicjuq
zB<z8xZ5ATMUjuf(XwZVLM>y8Jb*uQ{g(O<#Y9Aawb@46L`Nsx0`-qMTQJ{V(o(0aH
zNhh3A^b&!-BoQy)s_|(OrV8}K>)>p@wa5=3|Fz+zD(w0?zQQWh-UN!n`l2F;Tqd}j
zkz4AfYA^Hb2*}441}a$!a}8(?tj>fl^vt?oWMt_IBq(M7a_*l~R08Yo#eG7Yp2{+7
z-2oY`2Fx`htIwQc=W@Z0e>9?=rC54q2kPfyczl*mNX=A(QJ9V>(L8#ijzQ43bi09k
z!9Zl}*g+5E3qUWsT5uk^$j-y4NFaFAKFA~I^{EW`&5!5v$ovD)K)zP0E;|5oQ<C~=
z9XARz_Wtd}2jfm#f5*LVECY8?D`53ft2@rG99U}KA~WBwLRgHqaY~B5^!ZA2Cfu4I
z=Pswg&TqTu%hw;$9lR<#<A*6{{(I=N34ClcQIR3H#|>8}Bw+P?kBZj=lo}L#skw}0
zG`rw7_S<C(E+}&1HH@d2kVH2aVEmJJ+QcOXaTUq4wh`E$X{1Pfvworvf@s<TslBzR
ze}MIWes*9!>1RBj7*S><pt$K&>W*?#pHK4Xya*DfpUZG|0rh{SiBQ`+B_pGH3!)n9
zyIeU4%$)PYDn=ghS&`C*jbj7(!%T;s$q*eq(ehU{+l4oCYl4c{ETPJ0Q)ef3r|M=w
zK>lKMwgN&^ZGMxf$TR!<yMrBA`rn0VH<vveB6zEz-x7iRos@(IQfMwLltA`<<{Apu
z;?IClA;)`CqN9G1Gj~(4`uqvGgUaGi>w&*C^U}zFT=;sg&60K5u!Y(H0e&yrPYbAz
zg5nnF`_1$SM$<oSV-soK<N=Z9*J;bm4i$g2o9lA}kVg|Gqp!UF`;m?<mUo7vVw|vH
z>vg;yl4y-97|X`f4fQ}CYdJqi;^jME1m&NtqcFp-8;cKKbMc=(cUPjtjVe-r`4w@I
zAP<9=&<H5a(ZQrqKj#*=@WT^tC={Ckqepdlx(867;(5Lc6g0V8`Vgk0#7%*W^m~2S
zPCa{DUzM1s<a!@${r+CIL(SMe0(rdVE))GX7EgEp^pmXusnQsn#M3PV8kj%4x5B0!
zUg1jgulJYfs}7}Dra7IgX@|0GKgk^znzif$#zRk-J$@5hOQc9{OzfGcEK|!;<`pVW
zZU7w_yezOUAP3}G%}s}1ds?hp>gi$a_9Mc_aoDD&K**`xuG@|ewJ~`>{sZNwaP-WW
zSDzj&<#@tN2kP?dTuU?}e{27oXtJqBT_DfvlDuZ%u?lL(=^U68<fEoUN%^3>ulmjt
z+A8+P8@~}CuL4JMgBnL`%PhKB&sBBu^gU!vYFT@~P%*Bol;x%a?D~$nS?VClt8#|R
z41X6x{5FQJg|pO#pz=(DU8Fl-DJmmS|BFOTEiv=b#NU4tGQHa+{bxy!AWz#uJLn1H
zDn)f>mIBD@n08Sj6T{x#;>U)W6($ZKfy${g;q-IzgD{WYqnk<td3|NAGHeO`XUXv_
zk3j9mbJ9lhlV{&znuoxj5j?%RbU@ymus}%O&49|kLouToc?|dIJtI&1qG65z+9)0E
zLn0iIx7xT&wM7v(<IVM^wMGgOjh=ED%&HCiL)&L_5)&Q64934K8$e&G%tmNV%;E7X
z8hJ>1eM73ldS8*7%UeIw238L^T0CiAW{(U9vwqJsK)XkT?4sCXW@HO%R;#}7ag+vI
zA34=$l3EYv5ltumOpBsTZmN{<b~wDZd0Vi8eT-I){tg(Am!m^5s{Oj8drJZeu9WDK
zHK+1=e!Mgb1u?O1t6RV&koTpfpNtyu)O&Yv=+Jq$WbvlNHK3i4NX0jJK+99`9Blsb
zXR3K*yx<8-l5)tb?7|~$im}QjOHvbRrh(Exx@ZJjFZ*k!R&A$FQNNf-4y`jhBT0vq
zIZ}AFQz-r6;*xeS;|InQ0n*a_?)CX$i%iaAIR?*A=o$*0LV*u^hk`xXgOLL)|Ksts
z-U|mik$k&I9bLSFA4G_&Okm9BqeEDt5`VQz1FL7^@6~T}>1QCt@oThQHMZnk{cE+@
zhW%v<M?m$Y_sfXDcoMO19@UjozQR9S)_M??ilc9fypBSV6fuN2l#1$IgVoR3ou#VM
zKijkUwe}$HhOHGeQQhb-mamX39N3)FwSVFP^(%2#-_hsWCvz)On(_Lb^@N=ID9*9n
zznU&NUfV?Lf#uuZj~&gtLJ&HhvFx;e|4wY(?wuM|`m{qupj31MX`(a*)Nk@``N<cr
zdsJCHDe{@rD)>%-T+F6Qe*V<;wseC4{wt90x5FiX+ig&y;xS<7h?jDon8xQ?kBXKX
zwsqlT-IW2Gf5#n@r~BY4pSQE^7JgkZBJ#vAA8l5^y0isz+HDXDfaTjH!Nc>U#dIdb
zB84SI4c|SV2A_UVZh*;7%z>6wnH&}{o;kd37$q&wMrVpZ1GmWy(ianK_rNyChziJe
zl;53q!R{yAoC+g4w@(rigN5;S@<&@p-$Z>u$4RJeKM$}g4Cw~z&+ILAb__;po@k)Z
zHZzXWC%a}un$^-ttp0Fnxu|E3`3{WdA|=m0H@)d&Sw#P<_u6ovYe~*>{hxL0@>WFe
zcr{J1>o2bhX3^gCU-?)*HsI{hwC|blsciDjguOCc>$|Zd#Bc-k#n4`dsYjK+xc}^b
z6(A7Qmo0r`$r=BUG8-B<>X^m~)_*8JRicT1#Hb@jXqZ-k4AS=;3DwGm-eKoexOP$V
zj*A59U#cLuioY~2EgkNzi3J5a(;uNv(Q0wbI4Tl~-AO`)0{Jv6V$~$=CyvyRj1@XN
zG|O=pN;7*)t<G<>S`T4D<VZl?Qbo%5A?}O0t8nC6j94x1qEr8U2}fh+Gbcanb@v&V
zzBQg)kEx*7lkK~2+V+m=FPqIlo7md~yEkQ^Tk=8(u=T=NQsK<{I-Ta{9~vW<6uqpb
z%7<S?XSN=#L_-WRwn9sR@vL|aPp@EZ!IZDr7*Gesu-8#E`<;VUJ=xxc72Fo+gVjG_
za8oFrKi7O9r%7*2*)Vwza5n;-Rb4wJp{%Hu--m$p^CyjalgK85QXiKLcJ5GB2Vg`@
zjuD6Si&2L9^C9qD3W4#^#=}J`=-V<nC?EXv$1U|Gj~A5dX^v3;E}GUFaC~V8<QLuW
z?hFxYw@Fpp5XRJa4pE}LH-sqMd4#!w1Mr1I!0uNWCuNGERz7wfIV~I1%HlpPemqfw
zGdcim`D?gLd|(8-Khrbu{F5$cZH5S48^U)c0SFLRH^Y(gJKQXB)Fu>mTq$5YQ!^!(
zyd8VO3eq;zt5;?ho(Q&&<i<3y=(+KZHg-A>K>ob`$J~IJo8RVAvqN-~%uHD0T)xe4
z;8k}bal~a-BG~=O`~D#&&Fk1r+W|<AC30Va9)-uW-y04~&Z^hNu{yPp0rkmL<w$rR
zZW#GyQf9nw3~;(%5OTXrxy-H>2fK|{K7;xB{nb~6ql3k59s5F!fvyXCXDzlUUHu$B
zn=2&2m>=}hK>g@dS5_Lia_NE~J*!;L&1{F46GX9;_XNyFj#APQqhR?z<(ut|h(VE;
z*LO2^_q*b*HU_%zhr9kA4&0xtYp&>1pguhrR8H;(C2Qh|?9j@vgono5@X$VL!iW%i
tGvig|C3PT=m3QTN@}z>-)XceA;BOW4Gju^N&>Xw2?quY}ssK&>e*iiP*<k<x

diff --git a/dbx_bin/x64_DBXUpdate_2025-01-14.bin b/dbx_bin/x64_DBXUpdate_2025-01-14.bin
deleted file mode 100644
index 27be253ff6c6266ed2aac2972284e080ebf79df5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 15125
zcmd6s1yEhlmZrJ5y9JjJ94-WR2@b)71q<%(?w;Uo!Civ8yAy&W1a}P@f)07zulvop
z-P2W5HC01Vz`o}@|5@z2_P^I&_d5a%JPsBf)IY!epg#WveTJSjTP?e4ej*cD%HhNP
z&ZHO|i24&61Y*MgqroE?gi3=<U|^v^a8O_rcqE2U>CoS3AOuiuAo4G8;PZ=tFnhT$
z&>(1NoY&8CteyB}Rj;u2-~QtvtbY~${T2|)GaTU0h5|-{hf#-x$AMN?Wy1ku{T(3U
zAZr*pnOoSJIosK?VS>^BzKDQ>pkiWdV`pp3Mg}JN`wB7+o`Qvuqn(qTsWXMRouj>-
zqoK3K^BoLey1&<9a47%F>lAVlaunjC6zpI&HZU0h8vAQDFdHu$FDE+(So?X%@jT@E
z_aQhS^#4hSU@*(Sg-H9KA!=CI8r!)!QK(Bu%23Fecu+{V8<`v0nwk6^fCE8P|2loo
zZvadn2;+IeLCDa7AQ04{i(yXf$Iv!EXm_3zC>(K*oy55L2sScBDHM0S$F{Pj)H;tr
zPj#z_FSDODWNI4+S5z!LS7HrQr}@_cY?x0DdhP^XJo2o3Q@p%ams+FbvYd>pLx!qz
z-SiQ3C+;Qdm-$vUdDXK0L=XS*xLOwB=4+vCB?l~_O|{KU7wBAOkgN)8D%cWqHfM*w
z?4=^^XA{itk09|$vSOrI!!{Ahho{J{<KZdkrRlKJY_mb;*DKvyRd_wKrmVS$dabx>
z39m6Jx;+byS*D-So(z5K7b?0)@IJ?41`0f*SsS5B)n(bAmc|X=qMuHsf5v3EBV<?*
z&+?M2muUK<E~zL>3Jn8-0_6vSES_h?1dRJUyQDO*Xn&KG5gr5!3glJ<fl2?qiVlkp
ziz~m(VVJ@byb6kSSlQ-olmE~o2o09_dl?H>2rN**2j=-_nxXu6X@>ugr@+GDps};_
z@^Y~;az5wHYi=<4Um0pxLNLBR?uUEviCm$AF*EF0oh9`Oukpr6eek=#06DB8SOF}T
zE0Ze~Dq-&IY|qEa>gMLgV)M_GW-+p}VYRoiu(Nk!HFC6OeNL3;B!A9banZk-tN-^0
zGnk8+orC51G7UQzYygk={J+A%A%H-zYG4(x(m%&w=+HO+<0DKQot^&A4{-*g{*4?5
z1bTvn21EU8IzF%F=X3-?A?xlWG}?bmBN}$n_SQ+*^~J2QVyMi6HCZOxce=a&<0x%v
zY)H~xF!8c)qt4i6yJ0o=hkfo)OpNaL(=g;tlzYB=ejLdUOjbHm!fYNt9yd|P_y?RZ
zdqF>!Norj`;oH^erT;YZ_lg>mO!&cfIh9*Sj|(z)Ea8K8!a`T=b$e&KsunGDvoni<
z(muG{WYg^Kpuu)HL6H&f<MlLQ8+J*~a7$-jt>E?ub|lRf%w;*R!-M@W9!l9(7G=kK
ztJmw^AzskG$a9PQoj4xzwfKeW!eJEolsqifwC*KTCEAATXuIi6>8z6;x7zYracWRi
zF?z<=tuKF~UwLse(&|2Y;NG(bPXC(+A{!#lg#W|(U;vW^4v71I;w$`M-siXI+4|W3
z(^vk*8Y$GwEgX$0lnfo6Jt!0m9j#29?X3-sOej?B?4194;j<%hv2(D4IoQ~F|9T<U
zzYRJ64*!3!>;K6G`}Z0myDBwa)x7FE*uB&6d;_hEfc9N>+nHgf2II))@W`)aQ`?B$
z8;d{@eG{da2QT5{;MH1iZF&aN?p0IVJkt6`H*84-m}FJ@0$wTIxLDb5I7IOiMd;)s
z>w3;pVE6I<#N?%_<p(|#@s<smhex<SbN#sGSR2$4G4@RbqzXq>+nKlcy$d~Kb9?=)
z+i52+qhO9=&Z7?cWbeeWuu*&)q~fiYcVHt9uU^9*VuBbPw*Lg-2t3gsv6{O|KD8=#
zE>}7*XqMff&w2=MWti}f(=+7UJ8I<}R>hxQbK>|9LLY7Ek7v0~oEpXVRC|a7dxZII
zs+8<yc_CPQ!uzKSDn7fQ92oOI%nuI)`@Abd{fh(sm(KL!KW@N<hD9YqhEj!cf%*U?
z4kh|*q|Zwq1NN^>C>Y~Ed;ks%^K1wIo99WGs)(=qYGQTGzs;srN95<DvMd3=|9b~H
ztU6c~temTus}L&p?}qg3U67vl55u!}v@>=w`VUijPTl9ceNNivT>Wc)VCLs<Fy~+M
z`@eTSR-=Ehz5o6R&Vc0$6ZkxtbHU+PxQT?&qYMIf4DlqW3%N6Adn%?SCwUDnp0QA6
z%muF62Odo=+?L8-n8w%Z#^=yxoxe+n-8)(*!!?aj=QW03<m<!D{}`OMn3R@dZ#vYS
z1z&YvHMhDW<TE~I{NQ*Od=xlZB}!wTX|?|ti?NVQzP+1B{)GWGM(&A@9@Fdhf_LGJ
zYYW`4$1z51d}i<Cs-3SjhSyw=#7_?8WL}JIy?2X*aLJblMPhZiZV!kr&K=&3=Y&!h
zgpCzFX!_1snBm3w2AuohY@<a*3WNn8ZccWHZ&xx0Cw#PI)b@UJt5Oy)%uLd@rm_l!
zb(1dGV^FjHx*<P&#^ePu(QbuzK~G@VTb^20v;o{OyN4K-cHYL_oxZiL3EJS(M6px)
zs8~r+{s3aL#XsU&CSz#r4^Z)nmoEIpr7!Q5L`6K-m=%#NX<cnqj*~6Csxf|t!A(o_
zR;uC#kl%q}%ec7=zsp(>b1a%4&qGgHC!&6xvZnH=to_vvlP76V+K<pn8F=<^zURSi
z(6v}mNQEmm+OsHk=p(Gb`DI7ZrM|`hhDx<6&VzJ5LzEmZRL%a&3K}PdcMXSQYl;E?
zFOS2#FC@Bo_|0Jh`^47`DKvIGIh%2}kshgi7U)g+BouHdH>0>!Pz(JR-ME-8Rvfv+
z4QU1!?`sA$-g3>d2X|$&1%mpYms$67aSRSf{r|un|J$1TU#s?iDZ!s>NZ3FS6nqd3
zsB@8!d*r06sy)`JNdHyv49V3y*^;Uv0UH{3RL^-SXfrSQn`$3U?dz!bJn5(jZ2?5{
zHaALhCrh_4@v*~(JG1p{Fu!aHr`Zdegt7gIWaU2(v4~OSJe-|5<7&y}w+Xju!P;+s
z1*Z}rO=IL;bd}*HVe%I9cK(3To$-(ZA(#CRvf-LR1qnXIO1(-nPox}ET%X>6d2=2r
zXDwf0rznP?^ok}zb~BY#(Vn*0N(0l};|Z#JV4p&nCC4RS)uH7(T*oW>nf_=Pa*Ux+
z+(-<3{rl}pdg9n9|IjI<(^NFK)%^XCM*OH3%NO8ZC4c&FS3DDk5_yI%i<e&E_xH#v
z#fwywivHnB5T`?B`Nx(G1%Ce3k$&r@1;eh;VL*4e`^jC-zkbPrtqTqMA+Ct*#f&0p
zfy$1}7m?@^0|im?c#|AtAb-Uglz*FfHy@ATNcZx`7K{YPtWF5RODp~)p9)*zNlzd@
zu(bF&bYqwqsk)58&X2_@3{A-RH`80hQ!@|CU<`~7AWw7@+$?8pQix4a+UXFGtOBM)
z`!N4iKsqhcie8%$86L>@m8MIg6&UAg^l91zO<rAAAvR(1dK^cvJ2U?}Rz)=h@|t&v
zM5jr4TH<wg`ZSoitHN9Inj?D1&9GtgF6QMa4nSTtt}pKnixRr1jBJ^v%56PI*A8g{
z>Ew%28dcYXR{Q~wpMQntOKRy5)$_7ECeORg1c51+&&!I&r(>+c;9Bou2FOnv9noF;
zwyK^PGk5tsy&lYG_!*jGfb)pY!o+?ywrvCC=?4#0>IL{dM=>oP+m;x3p9<Wrw?1N-
zxV%5#!3~yu1LR}xcF`^7UyH;D5ulp0|M)VCv_?xqyV@uyGn?dCbSV$y0~YV(vspX?
zX-ur-0-c)13TlMT_YW!7a_RA39(`^N1@bKn=c&txuo><{&hhi=#15zn43+r{UfYsL
zTkP(qwhBOgJ*z6Ho5hX}M|19QhSZI^{^|go(*xn#8^NQ2KLTV~K%VzUFWtvWIsK&9
zOigZ^STK7cKZ^W~WJ}<$Mrxtp388^J`&A-pUe+RZUXR4ieT1<o-P5?Yr`YH=_G_OQ
z`hFCMe8Zg6AInd!y1*0KyFRMYtlpEdq(i27b?<OZ=`$tM$_mt%3pFpCGim?%ydB2e
zKZ(IAj!johvftZdl?cTd?ByT<`G|{|>#dMJjtRIdq@>M>hi*8B+Tc{RV9z(p>e3s_
zcR+sRh!Yn6+*UpPsU8Mx<8Vcd6HcD9G}S=o(-dq9bBsEWuiJ*_!058l2u*pNfROXD
z(W<}%VN)-Tw1$g;VPfB22FT|S8Xap8^d;7_oFSVc)V?Xw`ApuZk@ZLJ<CkCk69zp%
z{-;*;JH$8eo6$yhYatlm+zD(qNe0SzEsPqSUacK$Cm{c$IvdVLP=}{6L=`OC9v<l1
z4t0atGPIsD(XL4~!DbEQO)k1~iG!iPerR!IN&T&-mqunyXq%wu#mHi{voZ{I1mtyI
zevA`z2oV%4toj*~E;ryA=kQ8{hu}_sj5###Y#1UxUwN2dY>J*wk(C5VqHw+|t9C0!
zvx?~t9s!dQJ6r#50P44q&e*6zAsX3HQ^ORO*a<!*=LCo2b!*6B_b!AzjtB#J)HO<|
zYj58h{kO+lpP;+!<9Uz;s7K=-{9cHoCDx$60P;z&Iq0I?L$Nipt`14tc2532*nG=3
z*SlTJ3TdQZ{Rkiry+dg^dTI<3Aum)v>Rb}3Ej)jhejJ}<$X%r=&2rWR<ZT}xQFK63
zQC^Aim|sgO^2Q4&!oxS<aw6f!G+!>X)&Th|s4Dq6Ptl>EW$6pCZr9!(I}V)7*;S>P
zfKmR2$`FY4xHz}-^LmTfxu}rq;KKtp!4^FV?)&WbTuJ%FVy6vP1wj3Cw`#?V<+#Yb
zoc#Aab#FOR<zcH*OxT$OYGgDNxRf%1JX){3%OTO}yOuM)mKB4IqtE@yP#hbvZFSby
z$Z8qX5PlV;8E{^x!ECS9Fl?kms7@EZFY&<+OMhe(q2hPPo(4obt*cjCzaERR>`6-Q
zsJ8lfC^yL{QLmUu6`g-7olWz$1LNseDGxSqTGgJU881?>@<dvK2S*Z_9IA+H_8*Rx
zj-vwkvrwVorc2?(O58h?C|L^`&uEjQb_VseHZgQJ#^~iZAn!FYre-vW0U~ce)N5{a
zo2i%$>KB&PFc9d$IcGW?@Bs3AP`tXG=&%|Adr->m^{rQV8ozAu;wX!}we&4FXy6}!
zJW2iX==m`ARB?U6M;wPo#^gAREd)xtB{e!TW@}$3d>}70Njp||^oD1Ao4SRz|Cj#q
zdo4b0(;unwdg7kK*PpF`y!nYF`%ou|>9A15&xC^$>_oiuE{XcyA!eT;ne@C|aUj1T
z$EK~0?;tH073);TyiTmJe#lZzN%X*+$(D1ahd2%7cY9Iz>I06#)j>yv^xOf9a@s__
zis7%URP1+;>dR<&fc)~fz<M|OR!uEz*jLBgTdAvFJB@s;PA^)2GTgTnt^GhATI0z9
zg8_dlqRu&?+ZDEWqSTOnvE;#gwz1lX7nV&I$n(Yh`m;^vmzO5*lYqiRq_-}=w>}J(
z-Abw)i0+pVfXD|KRVWX1>x^?{wDQ8Nx^KQ&j3EmP#;_bmF0J_?B+lDF{eY4$BQ8XT
z<mJUbR`m8QNV^YC7})xvaN|mF&E6F?*#r5Hs;A3%H!73cMf>z@?P5Fl0$(w%WyXv5
z998-Xw31PPd>S)ndU4_Jh*|R%d8`&`Z7Y%;@eeh}^>0YV3B7rZy?}g9!8d5(Iib-f
zF{oDG7;#maEJj~F#|9+ZCx6;`8%&7z_p4*~^yS0I6-zcb_5HgOM^RaV3#IAFqFzhR
zqCQGb9H9PtO}H19A^Y4B67~dhe-6#*TD(QaGK#(~laFKRt9U}}cQDto^ofz-oliet
z^iYtBxlyN3mnN;IJ{qG^BCvfb4+HAME&Ad)aHtvD>7XwJr#JLCFf=Pdb0oSSG4TAc
z@5Y7jTlhnr%2`{*Dw972)S4@&-h|ss-TG~QLuRf!S;VOfxIlfxHmZpIePRWQCt<t~
z%9b_0DH%-GryJ$=gR4C+a$*XBJQCe6k*MD^JEUfd4m>3%?JCL4bW&%woMHI<_~@dI
zl@R=&$Wn}u7tv@=HyOpgVMlga)-pIscb}qK{fk)J;^crlvdaMqsr^C0*9+&DHVukH
z^+JAHmYlDVTKcRMms}k6fIO=5LabeX0+x)cZb@jMm=)7wwq?P&qv}CD6c#S~W-*Y*
z$j?ikRt7IT>RirhnHWtRlZJ^TmyHu*S|l*A$S9`+d0aPeJuB9ujPO2mBMn)~1fw0t
zSIese@EIv|0c#=}0tEkQ{gZ=s&eVFrn@Nl(zmU-EdaBoG-EwU581%X}#o0ifI5rNi
zWX@?Dhpxn(y5j@Mj{0hq+AZU)<3l%nDAs&4kSC4O?0IPZ9`$<sgiJq$?>EO1`USzJ
zux_n}0Ap@=3B>v(Cx{C@UDZ2Z0R>95qE`iQgoc7z(Kw$3Q%!nQy^j-s`n0IQU$R2a
zjIe7g%eD@iS8rB)5YYm4!g-$vOljXfNdbBK@dCBC`QUlHxS?Q+_qdr>uuxPLUOEwD
z3v^I3h$0Z@3r4EcgFLIO{sQ&LeHO2pt(*53ayQZs*IeB_<emMgDL{SZsgE%M_S7?b
z>k>qQ=JQA3rOqY!_GZ5qKYPYO_!UGzo{flMKu4)N16((r(31H11)k7Jh1zKZYrj-m
zM=~bSXCTjB$(|gT(Qh+Vq4#qvtBZ;3_&wGQKNaRwrmewH>KsJ=aG>QgYQ84<$oP)9
z8jM=HI^RMvON+j?kuRfJJ4llq0@UYX`ASMry9N_ahs{=Mhm1V60&N(fx|1|=%2LzX
z=b{9`d$Mf@g|k&MAxKJvTUxK46YSKs#-TigEPIAkW$2{>d2W*hi*B7iQDR=4Sh4(+
z+<OHXb|G2FXIjUWq3)JN96+AO#^U`dvxMs!@#y%~R<`?h<?1x`?&e!pcy4|ukHk74
z&!_0zSzX1L5L6k6H~YG1N)XPkZfFB%FQxNTO#Su*qQ2tWwU!vQ-zP-H(@G^5`@lS_
z-2VA)rv)^?(u40*!wKO({Cm5H95I|d@t<A{Sp=Jfr{RmvTu&h>%YTNpNKkar0>&f6
z`|4NoXYFsFMa|lbJ%a@V#VI#++utnj4Ree7G1EcRha$*>Hd;+JiKUw;prQ^C-xDcV
z10!fxi&c!YQ~$E{6Hs3?B#_*uT&IM?%RP@#KONb{e)N4pv4T{jhhR`^e<~aVKXX#+
z*3JHw;HQbkMesKJ3hEURDE*BU=(J9`ohHi-$V-G-DJ&Y!>F_1`BRE5Q>eg#Ze<`LH
zMM7*8WsMBmhuE(r&AMn%7kYB7f}IC(CTdrWBmFd;?7B3jb?sbq%gru<`chBCMztc1
z_prwvI5=!O%HMTZSP3w6t1j^bd+!F=Yk|DRP8{FuxC&K=>qIr%&2e~ynlX*4^C^;N
z;KEh<*Q8`1uNiww<v=-P6MLL(H0;Y~^7<tA`q$??Ve)<noQ%QtRUofRmOj=d>jN!k
zuCfZPWxp{wZ+A^~0?M2|_FEJkuY@@N8cz1-yLD+ncRyBb+H-WJd~3Ib$J^i|S#90f
zyt)&Bs1J?E5jE-wCAgSk2UAhxF#8+nHUv9gHtt(vM{X|He5(M)WAbHpoNx)Ik8Kr8
zWz}gEZG?R`hak;4V89L>_T?uVguj`V;p86ozTi>F6w~FU-8q)keIYWiJE2e!e&q&&
zIX?sHn>)>3lhAjl?5mwTX}OgJnTe;R1Q30AqGU=8cs&>c;cqr=2eU%ap{O_Ye$IFI
zg%k>#8&TmnIBle4<I7S~32%Y=HU~588moQdg9UZ=_^oj+`ul4~<f2O8L>BFKsbAjV
zK;Hhd1oC+$uewDg@?-5%4-Na<edHtFUd?b2$6N%naygK9?6nK@K8#OINlhjmta6UQ
zC4>8VIMt{dEBeKBgrYML$h#95V^W5f)Ym%Am0TSqF47r0yhHL!<Mh-d`yj{d0?|)!
z4+<(6dfgT_+ofzKI3yImidXKVyzKCfw#v=iCWac~{Ni4JJX$`ygd{|<LEz6+RsSoS
zI-gfwcHA~>??N?+4FedDpUik25<5SMXDvy>h<fwTn_qcN@7c&@^ax`O?3JKsfqY;^
ztMoT&>#5%+>G!x=3Ma9Q^N1{G`N$|4N}+U991!a(LcyJv>l1tGc%1g0Gs^{dA<s1J
zQcEiOoQcuuO9%*}Ul$D{vw)~Uv|UEogJUF3&5ppHvS@xDs~KlPe>y;M3Q-ToB+R2)
zywEbib=_W;lv`&AxmEFRym~qJx$k~tT6zkizKS)vx*OQ`Y+SKU497K~Sa+;-{Z_6q
zH=KiEfKKqpyaD`w<4i0IPG$IcUgkEvVwc|9nAa#AmW~NWZPWodA+g`7LhvahxG7y9
zbq0fZEBa%M4x4YwA6ym2_E`B#-A0F}EP;HYz55?;!{p>>zWvN}T}@Np&~T>f;gN3<
zW(CP@o|ghZK6y(iQR%Dy_r4ELAL-R2up`Mywlza$(IR@i@=B+XAo3?AsNv*I{Qh3t
zp!(URKW9=_rGx<b2fkmAUgzC~?jf5%{ggr?q&IIqpj|{S4k|NM#HPDEh<mPY&C=8R
zyBbmlK;%P8$v`XCJo#yxt|i>}w|K2m%>9ECGLH8|FuI$R9IRVF{WLm?oug>c?^SY(
z<<eJy=KJDB_Fvx@ZgfltdCMo}IzsSjpG&jU_i7``iAP1{;;wTEUXWXhlvvpbU6}t2
zg<=Ep8P$re3szV2B`IAU`eGTM6=2t*r29@{ToaH3KRxk4oX0b1a>l@<`a`_F-(1p+
z)=sUswkR|noM3IOrlW9kTu6ZWS+mPcta{G)wCDS4e6=Ak`62?>rLYAa1wY`He5sU5
zfqeE?VT^V{ly3H$*v!2Cat^}dK0b*;G#bkMhA_+g112C}u;kv<-|<<E^Bdw#ixx|7
zVdWk6fmbE2CFfBCIMEoQKUw<n>*)M<u_oS(<lLlOJHqSQ^1^1Pnr|1mCzMY0QPx2H
zO8)JLZmG8^D>`4gUaQJTH(52qxUMd1);=znHGI~&2lCDH4Z9&;5<%!7Z?Db8ca?`J
zL-go1rrLs1d~%1%%NIbtMHoI!>r)iPEm}nn)BQa;jk$-gty?y%hn|f$l`4h{kZ%Kh
zhk4y*l<7<2Z&UM*bR<$0|D5#{Gxjb9Wy_{Y2I73t?(zroi5=s8Lt3_J+Z>Fd>^64+
z>*^^dK8dRIrs)Pmf1_g>>(&0E2IkjCmuiw8dj|Sn0rl4p*Lh!X-b1I9P7VO$=@i%f
zJwaE-;2l$cAK)aV<F;LX5&zrD+x1r1BD#qPBA(9Qru^Fn3SEolwlD3;VC>{!?))aq
ziUv%N6DN`S-$3|PuVji=PogjGWuv}h=~Z2Il%1`kmw6jn9MAhMF#^j-U_5<FIu}Qn
zg`^c*1VdI)Gf2F-CNmdrU7GXZ^)^WcGa%}XerBv8)G58_i@UgobJB1T%E}<?qR3UI
zHjktpl&kPLp#ET%abYv>7V&2@F%@3|I7`Aw0b09RTaH*F;-TqHDu{mO7zY$q^&y&b
ze_?o?ZEJyOGCtzo?5+QDNe_?Xu#yKvzi9m9k!=elQ&)ti_M~rQ=g~Ss4w20%vU^h8
z7@pMGuV7$2Q#g6zJrgVf(TBeFm@r|JV|PJtG;M#Tn@~L}FZM*~fc#=Q){M1u%-mhO
z8mSz@?Ts0lDN>^Jr)@d%u5<ghVi5cLl4)cEZ3v=SXb(rjR>zOuFI58gEu5&*TNpkU
zDo_w#0rkIg8a$w~H^>Lgoj--f!ptHjSX7)3CnMfe7mHinN<#E2R-w!4gThMJ=LS{i
z5HlOg*OP}Y>yn4I+WL}Ka4g)ef%>a)6(OaH6R39q>K)#lw-va}11C-?k4(c_!4lal
zpCRg*HRY!8qt@d>u;dWB<u%-=Bq}CYLyhMCo|fLJL4C<>p#G-Ky+alyZtrILL3nUB
zokTgiot@wATXfY7U$sSYE(rhJOpUvYY9B~wJ`SA>oHVuT!PUtbdtgLpoi53^9O~)<
z>hFZu;rMx^F^?$bU9zVfvCl3Q+j;F6;tqZmy62y`8V2$QPthU0h^-1bR{oM#^N0je
z3m&cC-OP7nrlp=T$W0;6<0nCdrZR>|#fp}LTbQd*ZS;AuYtVT3Rs50EbRT_LAoh!s
zg|*Z3WA$tXj}tEPv=7z%WNC41n<z~W2x@j!$c|>fc+TptmHE-sWX)r6DtqHjO9pbp
zPz#s82%%`h-}<5<3Ih4_&o-P5Y8Ikl#b_d<=JZ;Z7w?(Y4w@f~e^)THT=mKV`3v$n
z!-4%IOcCJ`Z_>QQ(y<MDEg$yQ)lc(QZZi5Yi9r7Hqs^kj$0UA(JVmC?BIG2>l`69z
zG-5hFe3JsoK1&e&|6w=-0mWP%H(RlDqe0mEtmI%As`Ys0ckrb(Z4F(Ic0he{e1zyp
zsH|(2AK4D}JJw}8_U*gGpW?p;`VUy<JHn6xdF}##ZiVU((32jhY>|x3W!x!j*oOGX
zAHnKTJ_qhYML=F8DoXIGyhdDwNQRRJn$4vg+pu<p5?;aTTxt@RQndxht097Za_IK-
z30<<)>0Ea2M16hH;MP*UUOII))|aCOao&VQ;qT+!Z~RlSNZ0&{Be1aV`mNb^F>Whq
zNinQyoh-!q!V=3J_l|{Ky_VOKmR7Lz?NfeBVE4YL<76Q>ArU2E92gH>xceDPRHpUV
zHE2js|845~3XF^Un%=i>aN`(-TFCK$JWIitB{^B`*X2ECwTBIx<CpyT>oL27vskeV
zT8i6d5dI@FKe|Tm<R0rkCC`^WL#&Og5Y_sIr#yMXb=>`p+R83aUlAJje(N?oWqKG{
za{hZgw$!T`uKSnqr_;obtNG!cnLz$M!y`vWq~~FqcqR?$ou!x})HY{@!Zle>ibUfX
zdITSkPg|(Wo%dCFjTzJ7YR@W%?;keRe`F$~U|mvPqWReR9mp3UmiQ@m{8nX@^S@0x
zSY0K)sTpgC^x@?lIU~W|C4uPYbj%@IgK~6vf>j5XI9$G_YnV8;KDih&u@g(?Ypc@N
z0`<qz<V4_N8?C$4?@c+?M}N(oO}=tAo|a&uHeAzNpMdE9%%8+G1#Vhb-znq-BE-Um
ztt23qkCVQzD^S0Cu;ZqMSie7Wu}P=!eQGy8Fk@b-*%NYCSYE*93Uyn7X=7!=2O##Z
zEgHw_3P%iGSrX5(8|Yt&-zOUbFZXGKzO)JFB7Ug$1IE8YZPRmtAdlefNs_^9lIRQ$
z_FAX;UDZSy_n8id?*M{74eN|3z%lXJbHq(mXZo{t(es;lkonfA<y@!Tbk7*VAFlS|
zf7<r<uH4GXyhozU_<-ZlsE|MNWm9%lP9F=pgBKXj+)J$332m;dXbyQ(^p_XVe$Bh^
zisi4}&=YQ5_3!XlfIKxW3$B=A-P7B9muVEEP&e9OqE;n1+*tdQmjtVkO=&<r&XK72
zgK0w>t3T2iVF+fvty=Xr+hnJ(10NJD1$PRFe*1FdlV4dD5mf#r%V}3c23TvX4yPb0
z@HR6hf&AO2#w?(In%41KxNYf%9Lfa50(GN<kTxoLq9vOn^yKbc^81MZATL!%MB;8{
zEXT5k#LukXNx4Dp)??_&gc!i8QLz?+o&)4>+qttYl6J0MI@T)|BC_V7qZRo7QcfK-
z$8Cbsfw`0f@|%7a_vlX)T|M0f1zqpL^~fI7OZF!P^rbD{$X7g7q5ygM@0;<+%1oJX
z3{kSJvB}99$e@%)To^KW<HE(%F(e2-)QLDNd&!wANVxO`X2!4nuHfbh!TRh^^ZZit
zD=I2Zh|lYx{N$6cHE?RNk%TBsg_x-~d#W<G8dlIW^HN?@bLA}p<5@HKj`WUb4Q;B{
zHOuy6u(|o?{dBcj*}`e_96FK7!BrqHeW|IiK5%4$O0zRaZS;N})DdXt*AF#^hk<-T
ztzJJ0<f}buMT`xIyHkCnq^il{WT~Rz=BXyX!!#9K+v7g&LhQc-I$L=~6&kWxl4t7!
z@)h*6SrcBdB0Sj+8g1<TS|sv7{ryF!vB?!Kj<te1V>#vZ;oMwlTKf1Q9%Z5S<O!kI
z20-3)+Fyu9X=yh$Fnzt@22W}{<8CKIIl$ihsNs8?X9UD~hfY*=cUm@w(D%Jy*Sgm$
z$4b_YnHT3?NA8IPO>wEJM?n4K*)erTTg>v~qpZDA-DA4+g@kf`ix)FS!!D0K6q(<E
zd~DS~f7(0e5}BSEo;OApHH_LtG=+T>_lmnqZJI^Y5dG>=lhQA7y6JG*B3|7V5nLSU
zu$w<D$OwX8+!ce$7FQtZPlE78*&?zPJC@|B5vWR%auS_A6Yg_I?7iN&`O3}OePBG6
z=z)@IO;T|xaM8bc^4)jnrFonif6V)$MZc!~a$jK#<lAIkEMCO4#^Na^3rKYaHJTt;
z+tz;p*G=w|$+^LgV*`1-pRCuS=9(VJDx!Uy*Dh)ZO4nFe$hypC^~yeouaN%$`Pz29
z%d4Ti>mUPc0uv0e-TCZ$sMKBtnTVk@6gP)ni2g9|?)Qk%)U@VNrsh`*4{_)!+9Nye
z3TlgNwooRZcln|~eF{WIL(t8__Z12|#g#g<4@_7$Nc~gHl)6E03<$E%e*$?jr$5W*
zZ1@5hX(L9AsN5Ne6dCXzzeh+Ukz?!qv>b=<6T}%l?OG3Asr(>}y3IG-;WW5wPb2Lo
z*i^KAYO^^H5cO5IDk&y%cQjp)aHT-u*Jh&*9O~IK!W+S?FJEvGMzbO2-^rbYKA`_(
z1~r!eZQ6=qRjsyhUm5$};D;e9Chukf5iouU!;)}Ep{qrYdO2uZQJRr=Hi|=o&L`To
z?2<bYeu5D5|AS*H?}|G4-RYsSs;6&7OXLyeF{21YCWg}T*HtT}37|fF?7@#&Fug{X
z2X=1=$!kf0koTCCRF+t655x0Wk+=|_kKCdq;5n$o(%MOAe(&XqTBLK&5u;SpKqzJ3
z9w6M#@dxT>$lcg4*BBymY>9q-WwAWT(5YwPZPwJ!9vOj?a`^+|yl_ccywZ|~yQBJ>
zr|oh%&U_Glm&`wD_Zu``&2sOQLq1Sny7M-=+@{kx;dm>E*Q%blbj~Evz|gtrZd3q`
zV56}N$Xk!P9Kh>vwv>%nq%HG_sZDGX;>20>ci<zW-0TR^9|L*J%s7AMw?`#W*9c>`
zmS%4<2Ze2IGp0MOC{AXL#86>@{D$FB2v)JLvp+d4?~9rc#!FeYc6g|n@Bz-nsNM2h
z6(B!D|5DxCmln5l$j^9wf|vZK3DP}I^u)Re_9>MO-YrDEVQok}OaE%o?Gv&UGLm*s
zmQ}mRw@T_OotzK@V<*F>A)r1Y@&{kGju9x)N^paL!v4YDuy#iyWkZ85%>>RdAu~LX
zkF+&k)ULr;ND1m{QJ+f9m`V5qy{xh6aEEY6UUsDg0`hdCthsd1`3dRvIm%(FA`*d5
z24rRjnQBb#$-*pEgik>J#K10Z!rZ1wT|TY9jeF78_$E&E^i}=TB_YRm=R<iCAdh1Z
zQO@Tx82#dmSN#+Gn`Mo!ESZNM^V<qp#_^TRJGemps!&vW6w}(M%p~bsxZ%yho`ZO6
zrZWo*-HT08Qgbzke#^>~#yrw5hI)cWh1@0EEuMgY{6Q^nP?g5OD%{l{LWuqtS=_zw
ziAWoxf!pu>eDYVldtsAt^<*mMCmuT6!dUDXz<8c4r#iGg$mBE!+f;`&2T}CkEjW-B
zNwk`Y?P+}smxI{fqse|)3QNui3~qn2Ve)-Q`q=GJ2A$~M+L~T^CD`%{qTj10+MMGj
zMF_th=ld`%k|fZ}D$K>=<sc^f8(qC6@&^tup6LBh!?*U_l#zx%l$%{S2vY;xL@W1{
z-%Y7?kj!|bL7WGdUOI7Apka@8!LBX_($4INbT4Z;Wqhj}C0LEEdriU*)IVy9=y6)V
zeQTh2sjX3<LubBNQ9Eg96M6D0MvsPR0^&R?TlgzSiR$F;gcA+z*wI9RvUJzyq(A4h
zUMtZ)YMlTEs9&*E69nCTn;AAEL(zHSC>M__<-ClfO?9IC30la19%6s-?CyA%=ta>?
z4YP6SBkih&6cNVKmxcKK%1A||;lvlh|CzOVGvIQzWfdu-wrelks5|LfrN)2$@>|(~
zJsR*5{s4?;ix&P<tLK{$6TE)kR0og1;9R4WxnXmkhw5o3|5rcTfc!+$2pV5=kf7?z
bt3_oS(c3hX%woz%W8tT&KX5)d+0y?DfeZyp

diff --git a/dbx_bin/x64_DBXUpdate_2025-06-11.bin b/dbx_bin/x64_DBXUpdate_2025-06-11.bin
deleted file mode 100644
index 811e27eb39e1e7e0f56637bfe7b01e8acdb71165..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 24005
zcmd731yCIC*QSlTdvFQCVIUA3f&~i@EV#S7ySuv+ED+q?-Gc-P1b25QEWg+GzdieY
zTlH0K)uvJ*J#)=Hr@K$z&pD@?-|*0I*qFEw|M}-0<@JA1=V)2el~SvwCz9bM>|UH-
zjlP5YQT{+dLb9TRP~i}DgC!u1pkbgOVIe@saESE562Z5qknoVX{zzva|JN7&q4#p3
zp&+54u;0JRv6}UwME&u~9R9a2Vf{zpKRyD9{0jT|vLb^J;h>da;IN^T6<M)CnEz}b
zU?ZvMIhdMRn>gB7vtoeI{&^7|8(zW4(8|Wzkd+if{Ld>$*tjxg2KF`%HpY(RA~yE6
zHuidsX0M;12hslXJ~TGP|Mq=yX)$SX5g~Fm5GyN)6d#q19mK`P#>)L3#Kxumy2<gn
z3HpyskYDisl@LK7=6?^7=6{B$VrFe<<KjTBEcQu~T-wNuT+G$LRL|PP=${RcKP2V9
z9=_KT0PPQn{(8V6k)Zq`At5>$g!|Pnp9%Cgj?qSpV$+o)66DTMb;e~o4vKbnF~Sjf
zvi03XLO;SRr;tNvO-6r^x${0Z5j*WHkrQ1ToAG3q_i_od294NLjNZ~1yVsR)!<S0?
zhu#J@?tM4Vs;7TkSA8Te$$zm@8LEeA;Gt$--9(^dB|69MD)@-zQ{d-_@VG>RfU2Ej
zztH3Q#Ut&F{tXf;+<T=HzLUDBMVXa|sX&b3AFV$RjgBVlA35vqV+TC$!o@9miEI8~
zxm*Zk2OzUJ7E731OMT)|`4eBimq#CV`|Ya_XkTw1L}CWzNS427?Io(C*GL#!&vz?{
z@ID0QdzI>&0PggKKv{)DC}>Cs$b5fDv)3bH1j2bex+K&vsQ)A>0~{m_q(7$|B#7jn
zSJ7bbU~pInyPM9f)XNHYm=BknCiV#fL@+^O|GbR}BLLzn-~n;{XPP1ZcWH+AZ{Gp~
zi;c?0#?AeKm4O4q#>veJBKt>%3WflL=ZmBNBr={WP%vtOHLbCzT;?&>5UvCI`VT+`
zBL|WJN#{!DiU*6CIy&0&u&}texG-D&XG$|0*jTaHTA10`I<OenTe7?+%4?Fp=B|j)
zKbfoZ&p%9{4@_+A%&%`#vw=Xma0sva3JVJl2??VFQUHDV&utJ?u;~BsD~#+N9sa++
z#1Vw@PvqE;kS{P$Ac%iW$JeX*H60-#C~X)EokG(xt)Yx~zn|&uc4dI*^4!(b2=&^F
zO;uU)Md{1qw{dN$BArn`M&m2Nr(lvVSkJXd9MwT>Uhlm5Fd;JfK36D~Z&Az$-@mML
z>5#xty3C!|bVOk`AlrO3C~!~ckkNoVnU_KjGAP<ZX4WFZh}KM1&3tgNKB!5;{(CCS
zeAD)H^pJ)HMKkA~-#*9Fu}V0WM>R^@*HtD-!^^|0t^>=K2;Y8zv{A>s7wABN^rdwD
z7C2C?0fF<cfJ;=q&L(=l+qWeCo(+{To+YXb^$RxzZhB%z79Ab7q(qe<`IvBFhv%N4
z3S+4v9eN&r9j8)XvjBAqO9D%zhF1^Vd-cGd|L%cEdPq~D|7LyAfP)3{i~GOgE4(1?
z*HiRreQf{JSN_Es$(2ma><!7k=-E5Ek;~}WTNpXoTIv}Xkt^8PIR4{>ua5YEjhzj|
z&dSF9j~9OU_f3v}HveC+>;IDr_U+Y&cb2QXt9sXau=}XuE()aukNR6`+mU{!3jN6H
z@W`imQ{8~g6BAz!Z4>!B7j8oI!1Y>Sb$SNl?sa3_9OC*$7ff*(h<H`v67Ea7;dgnT
zp&+>!^5BWTEbBQh{$0oW;}chk=K4IyBF!7r&wpX>XZvtUF*m5fqHG%rNMw#Gwlg2_
zdgi-FXZQM8w$o1DMnE4$T|^x8N<E5TVj+9ii^p3o@4$o|UcZMq#DJu?+rAIL=6j(=
zWHELA^wJ{Nv0QFPulnN=ZQ6~0E5nF)jE+9%$zCn*up<8Sh6CGo0P1K<XDrKk{L~=6
zyVC7rpj(K~rb6*vmIu694DNrrpxmnqN`o-|%lvR5VP02dh<|aw|E)8<`L7S)K*6Ap
zB0(rZI6>$`h(HLv8tLn$j}G&XOfU%jzkC1|1pR6U|BL5|87qjad#hr0&dFv|DI@Um
zP?{HmH2?Vo8H_SW5hR~0mn#!2{U3((>RsTT_iu)0Yj0!dWbj|6^qRV_dHb5Queth<
z`GJ^T|AILFF~9%+&c|Z#FShsJe}g07@`d()J(#nBq1QNx1W+UNe2?_;#3=K*Q|EgM
z#>FRj^-k`w5I>j-oYfE98k;%I<vlPAZ`KVjpiDY$i-}y@TP8wP4N>M)hTi1sz|JiV
z{4|@8kY;N<)S3oecU?ENxWeZ%{LNTm{~CDYKT;t?ZJTMa|2GzWKACKLH<7G{9wkcp
zg_aJ(<96P&aLTzEcF64*JvKhG=kKbGw<WsAY`54ScKKv(^lk003k0yqSMWu`wYe_O
z2yZUzzK-PtQx$}a7Coza&zhOw#(Dc)_+W3NMuhW)1Ricqw2N$)GX*9@n=`0;iasd(
z@Ec+xZe3GYg}}T^=kM07T7O@kA3A0928nRD%(I}|KSY+Rngz8VC&cDCin)!uVRxr@
zZEKt+@HA2QlrAFnlMt^Tk;%fnh?>zTYTGkJyxf%&@As0oPhW&Sx~(zEA(_)STPqwV
zn|V~C--f{c6zeHh#PK701i}2^{Gj(+%8ZD8!Sr|zYSJ<hWoFWn(yhGutPMKvlWs{L
zd=G{H`SZn|8=G$DLRldtj`T?Pg7l%6pbAILj+|3nl`b@;Vnv)A$y|mI8E&wWZOsZQ
z2fAk!yM0TFF7KJ!VO|ZfRvuncNdG?3O??Wr4Oh-)+(WoqYOfhuV?HrCY|7mTP6fn#
z-(?pLhLZ(*E>V4&?xki`zl!XKX|}-5Y*v5BzSqmF3knhv<d^#YfII%THTS<(?f+7O
zzt)g2{*Vx5)|7mN`;fCGXBowihxVz3(ZpD?q*P`5gGA@{-IcCBPQM7;?8Lv!US!wI
z{&JP=n9HbCAKv|ZMP&dbV>le@?GUe3QUCciBCo#PZb)qPDcfDvSb_3y3(MadZGD!E
zPsAbut4in8T9h|gWV?_LvGJq@{v6I#4BoU_eQAR86QFvzw|<z#{XZ%6=MXrsQqh=l
z4DvoY(ylel@5{%8ENNdZsY<;SajeoO*lrz~tARa8)BSSlpR@jZ*gGpmVsj+q`TeJ5
zySlR&g=2U_9++{CAQ{tr^QW!zh>=e}v*-?cv2SexjdkM#nC%@h?(K>9W`9?nQ=AMz
zrxg@D-oC@@>;C*D{$p8*(EW!55!$vd|F&d9fL?#Jr$4x;L9@xU>(XBB#<)uR)-9T`
zcA`Q(#}$#jnUW(ZP}s4m`50NOD<eb}Z<K=s<gZx*@*grE=i<@rY2PkwL5s0ZYXrf+
zwct(iDzhe<a0l}Jiwoa^H-?xHD}T`2_%J(!pb8k?GRh*Hnz)$<qNBG1dBUT>CTUBf
zLM-x<4m-bO1rP<Q{@e_oL|Uc=ojL;&9FXrVN&kdeV3@1Yt7;W6aeY;R(1^k9b{xj$
z$aHqBh++)nRUZ=xPm}W0L~0*(s4;R^1-Cw{4r?Pd!GzE`nU<#50eQu^-n>Ul3aFwV
zq|4M5F6%j3Hi+YhCpBNvC_Bg1;tzoQ+&f%v5_7wV?zg2;d7iCC@Qk@U9v0MI?W66w
zH`<p|K>nw}5$%n4i{iN<Q>WL<`+<D=KfyV=*njbu8QIQ9x2=FY-N2zj9UsrP2*!nD
z>tbEcQ@)4wmcN)rPMQ}xIDt~4KtA?y7tL(${l_Q)d=yi*rJ8BPH5zJ~)dqga=_LE2
ztIt3l!=~(D^5|I>#OrwFo9mmp@za+f!6tgpaf0F!FW58_$m7fMAZv&W6v4O7e3XM_
zC*_~y);F0*ysJlJrYiXzj{@Ww(k9;tGspk^pwlVci%NrFnY}LUZu27g$YK!-X_m$f
z<e6>bOoEGU9puTr6Ofgnli1d)46remP}LOAG&9IodI5RCiHw|8fwL?ng{ph)Ex(?|
zGb=|P2RA$AXj^Ra2>}NnFFuB#N3#K!9=yh5amqN0ao4YIWwG>u!nBu&ag$zs70BCN
z#M(?#N_s2hf6^~~oANY-LGFTnjcvNWx!5`SY~Tds{g-$r>TVE3CbCj`r$WXv)P%<Q
z_b|{@Z5V!k<y6rz0rKH<5^Cp3_196AKN6A6^-Rj<+(WHnJ|!69+f($bi8TZHsOY?~
z$z3F3_)-U>QQ8yv;~Bn-FIIb@kL7b{oxT#pK)&Lzf>oXd%i%cb2eSz#_c3cpkO_$A
zJ!R@0Ct}Gj^>0AF53#*W+^KwFDgFm#eIvnRWa76^jAZ)-c+Fbj??Zc@fcyY{cX9Oz
zy&o}ceKFDJfcfDF4HOz$5<MvR!=3n^WFH_ujQ-vjziIbAAVmp#IOQDK;qaZ$!Z(!W
z&Gya#lhUOKAaAImv54iG&Wuz3^@g2Hq0-_G<z5uRRn2MtOqR)TUJS^K4GvW}Ax*YQ
zJaH;`8Djl0l&M&V;~NiuJ1i4qX0jR$<oy;NKW8($`%@cPNc%f9juuo2T<jl`ujSI=
zy*>KY5)9;<=`T{35nwW02OZ<*l!@$6=IP7x=RLMRA#Sm`o?6QQ`Sq-dfG%bmT5Q$X
z!zmIMs=Dg~G!8fTU!wd+{r7yNSwNn9sfRZDN?IrBJ!7NGCMNXW$E6})1F2%T>)~n$
zI07gj&vu=Nl9#oBmDeq{^Au)iO#3qC=`K97jrHCuimneC%x^Jfbw=}(D=u*b_HK?U
zR4ezy&1sRy-#yvgP<TyBwy*&8hhTO2<Z`)Otc5QO24L#4k^`YB*W;PK!j)9D)_4B3
z0rCs8JAZDrm>i1=KOE>kW8rVnA>(LfYko+|ClWrbzb*js7cP}@8Ow3udpY@<-L<mp
zsh?pgQjFLb`KlyUWIlWW^B>cbPi%u7#KuDcVSf@1POuVj(>ulLdIp)i1|`$;az%jp
zI5F!ncIr8k>jk0{=r2A&!P#|`?@_y?SwExGX<2>G2J+>++hJYevMDPXHJ$GjB_$dy
znxLImmsP9(&YRSK(*Vo=HTlNSqn6`B(5FE(^BdThBuYjYJ(Z@u?&hA!0i93VK>a?2
z(m-8@RrLw#u_74@cf>_FP&lE{p~A<_zQd7{F);t+i95UBruE57`|Oo~%t)xc{&{bG
z2qd+YRNf!iC&mZH6UD~i7SB3tW78J9Qnl+7?<lWUC_OMd*gtpC1!K-N0pp2;mYhdW
zA>95!(T!~&LB$5oma<@a5vv+!M0eUxergNkPv+N7FOHS7>D^8~kfrHY@{*>-v2G$a
zKEo^7R3O=d`CH5C_14+n@0hm4#gCL*eOwfqq!cLEOeAuSf4-dm<Zc7%FQj8mSxQ9B
zKDH^5NW(wenV=dYCQ8I?OOth8*vblr0{M$?Rvh(8W<nv~Q9q8D(y3itYBH`JG(8*M
zmeDs~_ecSGjknQp{B}Y7{Dl>NqSB@N-Q(=usc_*x>Wnf4=baCMUGLsyz9qOrpJywN
z48mX*Wvfk#mEGhEesNdXfoPQ(EFyvWyQXBgtP}^NCb!aURpb5JP_~Rjk^MRiTDDA&
zB@*>lK;BoD<FkQjD@_S{MYLqN3M>O1I{|e%WTu>A9)!J;Bs!397KBSvi-{nAKrQQL
ze0n0IHgyxUcFBfu)3)-YR73|`j}BfUgL)8JWHc;%KV8ou;ET_@wfuH5-I4q${*pmv
z43<B`M;tJ47uL$@FLltU8;2`O9I&4`N>X(-VkTiyn4*+{@vx)jGpN2Nj%N7!I$1&~
zS)FSpo~A)t+sKzxtsbDx4g&I;+-KWsyAQl;Ut;}uv8VLPDkUW4R`lQ3DfHn@Xa4B`
z@_*DSzaogjZAKbAt_7ika>ub;KG9RetD#qE^r-D%fvxZ8`FZI-<w5g*HLj-Bj10z)
zNkTp*{}>~{FiW6kmXuEi>MvDh!&>oca5V%ef~49){k_{D?ogTs*HgyZR4K<<ErC4B
z8U@6Sr}v$X?D2;fs7~8>E+jsxk+^4{HzKHsRVZ(OJOgFwL7qicUx9M?KC?&F)}7|1
z^qs`>&4;dTvW~vg6d=!OG;h|WaUUV<!GRgeOToEUkYN*)g><fVY#!`tUc?UMUF(iV
zN{1E^1;{t>eHkn2&a$cUxj##dS%>UhDkial<xiT@w~{R7z3Q-1q7fnKxSL%3H)NI{
zi!E#fE=~UgL$Ct%&+BgFc~O<5Orx;Nd*V)u`*Va*3YTjHkk#QHyipPO!T4Z-p~fr0
z#B!WR<OnG<N%u&jqc(cwwN_y?7lz2?I3VweZ-_w=T3lD{Fk5_ml(;}^X!jM-Cym2h
zl~iAv(+LsC?*!Rk`?#es4a?<Sv85cbO)q}8@z~MB8Tcmf#5;aH1myjSYlfW&56Mcu
zFRf_rn~`)KoY1rOM&QI1<CuIcY6SDQoPu9ag0li6FTxNl-ccfo)L9JP+V=H`)-S#^
zb5<B&>&uLN*Uzix;cMn>GODMqC-y>8_?KUPP89W+a}@PbxMKt3LA(zyK@WNpiRy5d
z@!dP*$VSal68p<zOhk)s5ld^FG?2$}0oAc!{*@HmhiafEO&MpfVV^O-P5_;gKozhg
zqQV1ty0HQ!*?iC(Zros?nI=xA1q=jbnTJN$=sYdN6v9Wa{)K5WI?B(MYHDv?jF8`S
z?g+HlvG}>I$>+_V?lDNbGD4s}kDOyiWd%b*K)FBe^!uVoepsK{!42%al#Wwj<%bin
zdPXS7pUkRMqnO>pHIG3j9m&adL^I*LjCi;ke?UuLDlAZ6EW|=)L2p)rC(#$)5z1Yw
zPF<qrJDm_BLW2-Xc*wpMkXMa;ptPeHw2D2>HW>2eF?xTJdvo?JPmrun3_D|>4XmEm
zB26D{mGXj;HdR=KQnTHdn6tT|Jb}#odF-<wG*%8)Us)YYv8k-~jtvyl+TyjuIqB@L
z9gzur0VOi4w~3#5f~`j#x5m8N2Qr-trq*w5Nug~%LqGbAn-ujMA16*A_KAY!+az|L
zNcT81U*w^;Ee3SR#OPxHEOqPs&qfrt^2<FTTHyY!Lj9-<2q{^g9Z;Y}$ZRNGPae9e
zO&;88?M+(2HgmZF<KxPLO60~-9{rTtJv$!CaGLs098&%=4ygr-Wix-11@fC#Pj*=p
zI6a%`2cd!4v|^=fHa0%HvS^AK-bxE(AHe)!Lz-1x8P86FKO)wlmT8?xX8n-4l!EY?
zDU&tlS{vafP``E?jvc+zLM1rmeFA*W+XjmQBlu12IFhOl^z`HVwvs^JV|Y}_U;-VI
ztR6wTsl{cgY&xJ%P)bFYuN(V<@vz?w$j7A+<D_&(YYYT(m-R&%95y|aK0C{d?y>Ne
zxQq-<ngjVZr+bVSHgwJUv~1(nS!g+_ZO#Ig)l&{UVnvBf;|)9@Z*<v}OB4t-qu*@L
zoO-LRoknU&V4Wc6!N6>>voZv61mxej8KG|qT}+Y|2Yf>2`1+&L<vXfHRA1mQh=j<|
z^0pqx@Ae?`)cGBSDnlL>(sBANNUIa}$c4VMP_W%Ss{29B1?0tFhzzPfHax)`yJ2Iq
z?#TbvU}nKb*Q&U}<?ngyXR8MCVKT1VA7a>2$KurY9GNdc^LfT;S8C#s7mN%RH9?SI
z^Aj>W_{a%}tQ+Q~Y&+W>%O5+oZM#G<@iYFu{pR`h&?G>8&H`UfnM!@A2{#nhaE7KI
zoGGkWdU#0DAms?J1J}VKApbEUg8#a-N<@KBl7kwG)u|LquX=?7PR8Owd;*6;5v>1J
zLV*0kuGQTuaK&1yan-dGG4rP0rMYyyWb%BpH%BQ3s2_GYb+Z-J%RUa9g_yKC{@ev?
zR~?wD6zDFxtSqsy{0QW82n>!@@Ou;Mn9q@n;j2Z9G`^8FsASzsN7tP7jq7#;`BsuC
zD@6zd0~;zT=<mfg{4dElfuXovD$-az^C5qS1%W)&4u$#1sUhS?vO?vfj>V7Fg%@Ab
zkK>c{I4e{on9m!5y!GF|$QqF15gv)3F=mR(^2Q3tLqj)UbHd?9Ro~9HQ~`O^p3hE)
zgr{Gd&v}|xbT^K^^~po9Z^X9NTHYWjWl((v@&T%T7lkTJwrcf5244u2Y2)|B^ldP8
zhDYGbZrk@%!1^_T37XN`BT=rgZK`IPzB8R=O*I})<E7Nk+9K|PH{UFP`Y7`Au{M1P
zn3B#~#lil<7L0$h%?mE<6%XnlFmc#6zXN##G6a=60<jN_u>+~d(inXWv>W^#ZyWY4
zvBEc(tA3RM`9xdSdr!UO<Vc?V%ycbPWAETl#+#wxUtuN%$*t~Jd_cbB?aavBZ{bGn
zjO5&;TpNO$>e9j{hpJzfxhE73brE3oUJ^_Wnh@t;Y}K^0UDCFVgRd7B&+^^PZYPsW
z8VN`z45$xxs8K#`EmvW5UqGe0a_UL2&Df>W>N9BKypu(gN{<8N5oympM%+^GkeDpk
zaTTAmDI_z|il19^gy8Ywp$RpV19_4N)$Zq}-x2S}PDpi9cy8Gj(Jt{f1+}VG_!x3S
zi&20)4N725R`9t2R+agWt;43(yA>}4RDX?7?iYMx8rc_dAkRuj->>oI^{#jASVD8+
zw>P)~CuK^fVJv;(t?kJegkbX`wsN*)|BODX$ujLfqgkDdq{o_=cf6DslbP1KgQ>G%
z=l6p<>vljWYdItQC-G2o%he0~o$8i2<d>jj_mGMV?NneqJiC@+BewelD7b2=WWxGP
z)ADWK9(S4{`<c7(9I80LjwkQl?jd^=M|XV8n?bWclh8Cgp{bimMETF(pv)5F9MpjN
z0^IM;n!c(3`X*%3YUm!w$1g&$snsUByf?%t<ikV@c71(B8n9AptV%4|M20MChva!7
z0jZz|?5eQ{lXU1@wSf80CzDQUl=<#li$KQ#?D6VV!*Cx}2b)fnpISCfTBRmn{h-QD
z9M8j;0%g1NcqQxIacG#5A+@68DWbdo{B`<FQZg`pqnh0@f<@?F)>TY}RfiGOVYcZU
z{4__uej89o%^y~<^XnQAP%!wuHDtO|-h_WpAbu6M)JuNZ?ki1&i>Xx<6<9y+BRN)!
z$i_?TUQL`ZtlTsxdY0Fy$x0@vO%SVV`vrmq7>|Ehi^MM~%gI}#^d}rOnUh$CIRxhO
zd?e(IFTu2v>|pyFl`w~5_D0PJ$9a4Clk_@$(1U_+!}Z(QZ@o{$KP4u?@;@b@{zNo>
ze=lx8`TWY4BPpv~j1Ntp=j^Y?MOUF~&?YdRl;Zvt%sH~tRxNYb-?F$Z;!J%5<C6AI
zgwR@>6znWpKt7F@eCH@q=y!$mLaD^Hzv;e6k?o9T;YRzofamALTzep&Nu4taBGDP-
z_WtFRX0Uc@@nMTx<=Fwo+Tv#fPL2~Xkk6W4Ze-DR#G|>`U*o9`g3kZQcT)mW;8w5%
zyXZ~%r3A>g|HOQ^zo3FK^Vg}8xZ9SV?#!?5=J_VC23r#<rDUQX$ajcn-Hy}#p!bZb
zd-8J-*KpY`y^O!L@N|9<G>dE`1nYl$zi3<@VHA>-ZQ&1EL`)%a=Ne62$~raW!)b34
z4`hJl+bBB(X5}HOV_#utt#wO*P%<9E-t>d-a&b48{m>UTF#jKmKC*76VC)QYSD)|>
z?>JhA&mpurMRHAw8^skrKMMrL|C>Yi8HKI>bHMDyOK>doG(v(|*~L&Y!d>Ne5sQaU
zVDpE~)VQmNw*G{s<KPMZ31gdX9F3gOX9oC|pT!whgPol~{gZ$~V@W;4?{ek?TNtYl
zt#o;@Yf!j&6};h8w9($oVCVOeY*w#-KMCWb;IJo2-a^UfhOL?xTgz(9oP~>|PE;aL
z|0>#Q!7e(9S2s_Nv7-nniDIR~WQkf>!;5EvPu^=0Y<-swHZ7brYWwqgyFKdZMHohI
z^k>Bc+mkJ3u|S;eUJh9Qn*~wvdDdNMFko5YQn<^xr`v`d`)Ydi%aq>;Z+&?XSpS9O
zbbw4^dr&ZQ>G;;FUT&~Xz(>uT<2_<?uZ7&Alf5=D{^YGMiC<=XfA{LYMAIpUVTF?s
zZ>t7PqlWc(<dytH1dFF&(Y3L!{hJcUFNC{hHRhhe@<*%#k8&Jyj-z@|q9F@VpUcWj
zbCpTVd5vgf?0PHP^|yRwnsQgugEJf_FN9lSEs(eUCWdrT&aG@#j`X*Bv74Grb|2}8
zyGJz?l6^LeNxl@wYpTM&F%R133=^}(pS?dcrET^U8qFx0Stc99)KPE;%OB$(*ty3&
zZ@6SKg|)b8c8;aA-hAxe9hWH!y>@|wzBmW!FOTu9ccE=nRl|hL*ylcoU-#Ik<g0af
z(D;(#$d<MA0r@=$ZmkY97!|)g2zl4Kmg_u~Gi%&9iXu-n9rF!pxMv_wT(>-OF@!bw
zy)Gdd+wLzzavb^=JcZ4o60Hf7rMClEKLVxlVuwzTw-r|Fn9$`6^L@NTk8Yv(*>t+0
z(tsO=6|7&DRD^Itv&^`VM=dSPs{Q4i#Sk<<ZwSMF<kXTMMC=GQuZ~tcUB<mrnAk4b
zr(<ms-ofLWLBEk4`@Uzd&|9FEj0}uFjfo@ud*N-^v}yBa%w`F73*sFS{i@?SQQ|QI
zPi{jGAP;>bMVA;J+VQdkt&NQMofBmeWpTn{GTIP@0-iOdGz7@QE_mbGu`B7>XrRpp
zrq_4d(KpFKu_wA7(R1C~cHw~4V+gI3Vf*_;GUP9Uxcc(uRo*EXjFzVxrM3gB-EVTD
z3W54$_;JCftJ)VUkp5yVXcd0!!NHI%s2nf+sYcz3p2rD5{sZ$233>GzbUZB<Yl#gK
z(&P%1UYO!e((oyBRZFka7a%V*byDrp#U_jY$4KQeaGPxf<(d#OUDN{dv{t^2I?Dyf
z>rM3KyL75Sb^Wc_v}Ny1`PF6(hr7W;yxOv}dHu)-mOrKr(>KI)?F#!!CogI)KLSid
z(o*~g^<O9$6aC%~M1jp4ty&MJ1tNn{?&^FTAD;@zWi~e=Lb0)1Nl3?*#l;iA<^%RU
zHvXQ6@u?}P$wUJcj!`(Iurr5~4O+26HO9l_9sa=hV-2n!`?uX2RxA@kadgSo?W>)C
zm8#4R<)G`L;s0gY0P=B0<^`vcyj*W{8{e@>Y;DY`6b?y5g`zZQKsq3@Jt_kEltMy8
zQBi%=%gBWRdB(EXbf;$#_w}u5IyzrxJt{x2`Xr-L&UxPAdagL7vt36x<C_f3T7*RJ
zNtAN}l7Gw#7ub9<dqxnwjR3ie?JhPmudkGy;JBAZtPqu&BELSwJpX_Z7*Eq&{cezl
zSO6NNr^n{P*Yd-ZK{~W5V|9LU9_d5*<x3#n3i%uQeXBvHH?gl()mM_?a7DZemQ#$_
z$0+12s|rc5^}6R%iduJ~H_laqj(y2>ZDoXwwY`UFD{35<W~VT|c{otNj|p=SWl}rx
z@-goDf+X}KMR|Z_QTQrjt6Nex@^$DekRQl0ENtT5BKl?`tl*6gYfdo1M`JT>%^pig
zH28Cq5^TP`XdGTo6NF$A+|6FU)xLE5R>6<g%z-k!nf_a$3^~y?P#*@Fx0idr;l6Bv
zwkd|)zp(d4)@1uTP76u#cNoQ5sT&}VDV#gz84I&|^I1(oLdM*?S6&w1Mzg5>WIi_`
z5jkND$kT?po-;>eT8`d84)W{BrfQa<Up`g!$co~`F$gr1;R1Q)f>Coa((0MzJtn2+
z4Xfj~y!q=<y93jhvGi(k+a_T1y^nJvYjh5-vA&a^dD5qd)RAN&T12@@lQ*2lTt$^u
zc7ghGP&iLp51}bPhmbza{jS3je>e5v>23V!Polr8`JwKaKwgvnFME5q`(dj{CN;^U
zxv(6>Hb<Gv4QY3ZSi?D57!Qz7n=j9u^Hz9|5!LQ&%OZ{E8#38<WF#qLSzKDI`nTmb
zkS{_g_K|PDRb-I%eMmZ3T_w7!8m$la;^rPcC&t<(4g&J+vj~=uIa*wSiUW)6PBZB$
zM)oZ)PI`=NM4$5273sj{OQUJhA7Nt~EIXB-j5(A?&SuXi-Z>in6l0{)Thm@22lK<Z
zlc+}jP0PwhnH+!kSeTHN1f<e2k~cO5%8$=BoHYEvc>d&Kkxb%wRd47sVO%NM5^$E8
zU&7=HbXkCCVkJZS!RpT~YWvDEdvq-+V)q|+P-lt1CmQ^(_GtoYS_N|v^ee%hPuQWd
z>OO)04DabqoWX6B=m-k*Sf{?NXe5dIMvKjJ0LGt&bc7XP8+q;7<D@Dx-mhJD-x3Wl
zJs31!XtWvc8G_Y^*L(4QtowRa9;75S5h*hCvE3SE@~3JxrB<bNFrnJHf%`lA7BhBS
z{X<qH`)6acx0g^pO}lV%rSDzP5+0m&9&wq0JQWTzj<8(qi|murPh^8&7n(rAmM^e4
zv9>2~@mIqe(|~-OJ>hqK<N8(>U&M2QAdGx#rOIE{$qpe0UdWg-uH<0r>2mms&yOrZ
zi2P0F)6TFAklJW1c0q*yLuOP0*{_&}ETDdx+OaI`wnTjnMFK*BvcW-6E9GaxMXMvU
z<gQ(^r*S_ZFJ4PX>}p~t&Af-m%cRpmu|ek2t>?~&;K!m;wibkz1LPmtII}L3cCO#r
z*U1$ku;iej7WkgYrw*9nG{R~?Uws1dn?9FMXfNcQ-Ceo`onJ$>NuQOA_b2#tB+NuV
zm%WsO)ia-eZ^k3ZGiJilM@Y5ACMRbgL8dg|K$CtpEL=z(MQjG@YlNNuc*~K?Pq0`6
zJ>^sPSa5d@Z+U*-G`HCFj*^lCY<>vg^EnAi1-lvxQGmi&fQf3eyCQR|eg#!EFXcVe
zhr9)#{+jM@#IJ;FsFT&sS=P~krl#Na)0L{F3V)jB(0-g4SOxMDSE@4W{YOS9)H?%I
z2Ab=T?f!Z`eGs#_=tw72%5@_^zS6DwqoFQQSE`q|cqM6^6lEmr9OcAs=*EH@Tb#eU
zCP2PlV=J$yOhqc|)A@S;=Q6tKtZ|Rnk6hVyDy?jNYQ&#`{QiQ&=)}qg_O*gqLuvW-
zq1;>v8oKyFE_s2r<Z*%bx<KCer>_9@m&M&!|Md0xJ6!RxjK`e}c|Tjzqx#>i?qN?r
zo>oY4_oq}2fwv}q=eox``*N1{sW%rMN3MzZjd7`pM?n5~dQ{oo8l&|1C~I#->zFou
zKB1J??9G(Hkkj98^2}dAKDMI2FYT*iv1IoYm#D#I6@z*abzv|0licoNt7;Jy*!*h5
zsH7%ND;-w-qequn*a!A>n9U_KQvAR-kKZAGEUbX_Blw{UQbnXIHq6PB!w}`frNkP0
zMw}P+SbIHjbLE@W`@ne2(fmItHHyb6z((G3<-6|CNpLwfEX{eNM!u)1c`7pm@}w1W
zj8bhi3ZF#Q?FG%t$5_8hT}{(!@nVOf^nIpW0h=dKTzG|D?0TJe&c3(i;aPdTOH+|k
zbGiYa7*|Me`HSors85Zw))I_r^(jm=ZVvP-f;bo9CTW;)13`*TDfpHwRRhR#=VTR4
zs)qz5bJpwVw=xct2o_fQ?3O#%Rif9D4};flyrABl5~|V0NuzphC>^ZoA&hxZ-wVyo
z(R7bz13@^jcm((Frbw6bp9s=0U;<Y@_YAx%t&MO<RTm}l<U!>gQ3A#zmZ;JfO(cdI
zLm3qF$jvh1+G-<H%o$7@R_Ye9+<pc&-%}@$b%aydAeiI8^AA3|MXontmR)kSbNVs}
z7u>^k0Jgu{42^9Ocx%mnUYvA|O?R@KE3w{m+xea%X=HE-LNq4<<MH|P7p_mH55!a`
z=EA{8@Z5n}M_juDC)?ePcY?vP<_qNGgboO0EzYmz8EL=$oO)YA`|JCR1<sSVx8kWN
zmF^3e|0i5i38dM6Un2dSp11NA#=wMjcfb<*qIFlApav<S1#JFPK{66v>M8w)qW{O6
ze5&h|c7iXWTFz#gHE}3o_2&jnz<4@G3UI_Okd-QmzWn6(<Zkp_pm)ddm+4n84C(8-
z70w6py>#9jy(Oo8UGlc(r7qLy?{=8dxmKvHUJhMyPlk-a?%xeLRfI>?ixR5X*$1b~
z4(yVY?G`&-(X+G`)U(jBr>y|>mq<1B6!M}38mcP~$|W5yjid%1JDjsZkXjv&ci5W2
z`roCxx1-@R+B-p?5Z{UQnP%zIl=vK9_E!cnB-x+Sn1S_E>qJYBW#S*=A|+i?=Z+y`
z6jI(5RfkEh8ATB#y-|#y1je(&2|@jilBkzi+)=rjC0LHU##7WJo!ND}-|E}TM1&BK
zzgjq$>!pT<<(fik<vu%IW>Mx$?3U6NyI0nHuSUH%1LUuXx|*KWTXu<@M|oCg8?lVD
zWD{a$Jabg-C3(iEAJ&2VvshgD^mdi8h=Dzdog|(AuNtavLPc-=KaErQ-FU}a0(or1
z#%8IS5&^gAl*5||B+zY|w;J6R!YL}RmePQ%M=X%X#Ym0fA6qBCc$ZwV=K;0*F!#ax
zsv_c9X}q4curC@cKe==p2VZQY$5o92d6|Q2jtXDos_fEoDClMfop^n1*n#@uw}qGf
zSivO&E;p8c=>va_B#zp2AMUNETE`v#itKm~<Q4KqWSXhE48yym_bk_#+RS-=46#xf
zSHqEO9a%HxEdqHJGnSqvRNr*oEyOxer$5K`)PpvEbk4G6=Vw5LA@9NF39cVLX{<i%
znx0lHw-ndAdQ{5SxY0wQ`ECm3-@SeD2U~yLp%Po*^C~tC!=F$qnV%KRHJsVAhvDwt
zbn*7!Q#*43;|Zcxfe1rn?QbM>SUt-w#L}FHIxxD@_^8zVNdN+0a2d!)DYDgmQE_jq
zPW4H6{svQnh;FXGp-&-fc&*fcC*TWKpGPnJfPRy;`%7r76@-{q{i34q#+WIB>hb&Y
z3)BKqI~`Czfn)fOEo9!2EE|18-V~|j=h;&{(JoX2oW>UQclU>0KtBDRT4+b0tW71b
zRdmVtz5)InzMO2g>%aut!HxJyTON=vsQtV7c3M;MQL`=>wCwxGdpDA>EHdh(gofKJ
zWs`RT$d?4{3aGT7;SA>`u+pLJd0qOX43V_;@mVGaZjfgpgRSp%<X^H-&1w=21m`Ol
zKh)Gq&Z?US3!IyZe8V)y#PazH)SrkHT@QNr0iBe2!A7U+s&wkjYW>rN-*~=58%Y9=
z1k6wN5b`;X%`i{D64Q*djC9Ht&26AJqAOunQ<PB?wsoTb^<RI7#q(FeDsn*-V?ng#
zr)VR4m0Lk$NUtqzf)hvUd9e7OLHZogXe52TMbN&dM60v?WTFmDx`>>M6szJaof$?z
zeItE!9DYi)Z-Gm{#vh5YGkF({gcA?)nuBTEXaw2_>Vdp34An&AmQylC5u<%Z=@8lL
z15!!1hANa&bC6059`9y>JT&d?AFO(X)9)o~0S?gbn{)(a17;FJo)ifT>L_nD!JgNG
zUKN9&;S(W<Pd>|XkaQXH&qa8GwGrt>Y@X&IV|4@Tci^-Vn-3tk-Rb`{im$JwM9b`S
z;wy5y#57kqqaX3}>H*_HyfsT^?T)JIWsf_Q<}+%#aHERU>EA3xE~MdHYJUedpF!dy
zw?CC@?}X7NaNbjH4gd8A0rAFsN|ciO`|ETkHX5jpqz?~YcEKZSxy<2?leR9Q&;Yx5
zs242EqB5(xLo?R}<nh#^H#6+47q^_%MN99@;D&27sY`EI$6SwgZYhYM!Oj<cPkpm-
z!gx;-aoC?7p($}ZI6<8uH_gKV4$cS%7}*G*{+p{oXr%d%9M^5|Wg9{5PFxqP(<&iO
zTK4dyD<PR?u0Z~+c7`82v)Fpe)!hPUD*F4w{__j0q<!pxp>W?R`hyCPXH~4-gjG@E
zj{5|==sam%uKop0>1RXf_>ZTFsW$O7IUxU`alGN{XVp=qFbyk4hr1{`gtm4w-e+oV
zv3AzY6Tdbf&s};<#}P()n!M5YzI7mpq_Ujwv&9!wrVQF%RStD?uzEvE!Xf`ne*Ox_
z0h@~5>QgK05sosFEL7&%-{x^si^zDO{+AF;A+dCdhZg?U8~(x{L&1Xi3ngJ>1kCfy
zJdO==VE(BzxY!eH{|#g<a_n<56G5jFeMA#4f1mt7CusU)`G^J7*RB~f6{%4yYddNU
zbaqa`ih)2O;D~hXZ#m~EOtXXrn<p6gFONomwErTvRxS@tClwWUlALjS6NV3d*hdVf
zHw4Qc6VNc`&LRe)Fe*7q!)4;vaJU~S`<H^C!F~E4cJG-?f$`WVj%!@8S7*rLj9_`H
znJB<#rRI#Kwt9J9;(mQ|#17`qb`6jxoS%N%x!7AZ$!Q3ArckKzGliB1d0d(n%H3K#
z0QFtQCx;E?VtijddakgV_i+4~Dlh46DEyHmy2NDIm;+Xydm=70BilFjjGY%?Z*ufZ
z<!L#!1_|A_;nnqRSo}6s2I~7Hi-RT`n<nxCH})_nSnjJ%2q=9Fh20UgOoJu)tHAER
z1kUTYhhfiIHGeudmq06D>4oE`DY~IP`&b8O7v5GT3e*q5H^<#IZiiEdUL@3$Am-&;
zF*-@YRD!;L8JNkl68Q<_BkP_kLa(mk%Pd3ejG;bQotFhtN(YrPaZ6rT>}H-G0{Pg2
z00j$Su6~XFmFckg?ipu{j4U021cmJ1PJOfT3SjfSxG#uPlUb(C+aSXg|Jg=l)#)>w
zTrSwLkA^feREtj>K>b_{_ph=EshKJ;a#P{O8i!b_7=*oxH|xmfjKoF`Z45v@AN0JV
z3FoeZ>@<Xm1cEo|g*<dxo6L~i_;@yl%-;_U<f|oXvi&hPBxoMj@S;GY@7|2RH)^->
zbJ+dP+J6hR3|22SyW#%Mfu->&H1&xT!e+XOQ;_#z$Wxd#=GOQ)docxeep^MKBY#S@
z@hWYP9i*K4?V`^l@UhcIMFig*)m<Kwfz|WfN}l&nDp2qxX3`eX9D-XoZ<frtpeRXJ
zF&<-r6J23|@lV`pkreO8l_k&EgyVdrl_dAc`h`9KqHPJF@zSLE2{!-v)rR?~m+^FL
z_%<T}#Z|jpXM~&PY=TewS&$_COq#P3sQ)`ngvQP>85z|}5Y<S}`O;os`iv)5KH`wi
zlAIxQ3<t;`WZHL61Z(SxmcFRi%wx^23d-ZKhA5s+o*vttsG0@>`SX#PG6)Toxeew*
zkL(W8{cTu=KLu&m7u_F3@K-{<Cj$9fNpUr#kX%?Of$Y1?RTQp;U;ZOP4tM0lhkYWa
zZYE&$`6F^0wfTYOJ%35&g`wY=@YQaM1>2HA6OBFs{BE|dCQu&*#Wld^yU8JphF{wH
z2GX4IJtFPzlcwu!YW`?fm!~=)k0wgNP=59L2;?R!sR6kdCv50i4X?WdTKzJ{lF?LM
zEs)1v$_o^K?%)f5`*-s&)F5(w;ofsL{>#^{a<sS+c`7i!A}JK)Ve}Ll2BkUJ8`taQ
z+~5_wf8-5;V%KMKuPjY>2kKKj&2@qTCw5BiL$wvSsgRNWtPR<!W^d^!lMokQ?Sb|0
z?>@Jw7}<p*k5%1fqW{6>3G;`3w2>oM7=;smyn#Ri^M`kqICMkHT#0_Qe$u^_AyiAW
zClghzP!_Gnxnn{z7QMiD7>KgRu7j$H<tdFwJQ5Y9t66_|hR9OtLq`NH3G4~T0C_eu
zlfjqnCab1e23Xs@@USsl_Q^>Qa%z{$mcxB@%r_wa{_U4A^vswS?`}=Sc%ln?n$qlC
z3p8RsE5Dp*iphE%AkXWZysGcM0&2x=@1GFlqj`&x@?LRInbZT?GWI8y?=X;8f+M>|
zjia++5nZU|syKe^2ws(3(%LJKkNZ)=dff(ge@E3cbpYi>F~fP9zmqY33q!};Npf9K
zaXP^^!i}#4l?kY?E?!kl!m>EdJwP+H(<$|LQJ3(Wmbq5oBgSQl^7IT9kk>Zpe2Yv1
zdvik&8){mR*pCD%rPhGc%gGDGJbZ_4A_e626g7X~i0eH`jAgk8Xg!>f*P9(b`4rLK
z2mA`>>CvGF@@7Q&Lb9&<)P8O98I{PRc#rRxcv=?>as<#u=;`hg;efp5`bDY@$|qCa
zTrWB+q(IT=N#}vA>VUs=z1GJu(J^4pOISWH=|f*A&4g==&*JmT8@fw)en+aoepi;8
z%Ue6$0#*+=m_KS=WDgGov2|qXqun7wc2e!KFtLX=s#KnPJ4k``M~=0b<W@u9h^LZ&
zrA5&tH<XKe*&p0lzsX<5IYKK%Ck4ju>0n=kYPTlg)|7yPCn>sU#i_WK7ca$1MM9#}
z?CO63<bCKECZdKtbV<(-?Avb_&9RDI{9B2Lm3)HwH9Z8+z}7E6=Bfv#bDq#7N&C$5
zPJHr)7|U#mBo(1XS|~N7^Lns;*-tCAVk>o$=Gj<caE<W^Nh<V*1C?hhmBL>xE-8Cc
zeqcP|AWfYP&#(8J6f*8hG57{TS5W9wa(p=3R2<3fOdr7VKb}DIop6vN+4u9*k%de6
z0fe~n1g300dW1#lPcOD<VD(J=o$5_4!!+b4f+{T+wM|(UziLhPAwTJYVNfmk-4Y@&
zo<yAM2UW$CNcbm<YIow2Pv~1BFC$Q7g^a=WC8D}lVD)o$dx^5tuhwjS&0UDwAuBlz
zR9A-crAs7pdv?cktzY;+{c^k&QieRcWN!Jlro6tV-N7f`^0VxBFD8o)SJu(GVEOj?
z*va$@1d+oj>vn5L2Z>dyS88a<<2E&+Lg6u_vBD%!zrm~N7hk;2VR_|*$X9a9pj!b-
zG3yH1xf7S0l66A(NFd*5i$@5zQ>Q@9qtEdnUeaxRihye^Dq3d9#+j3CM;dJX9dk&Y
z>V+$R+RC<_|9#1X$P>eIxKRe{+!DlTyG|qkmTwb;_fHe%Q<)G8R2EcKe0O|me0qVo
z{>Ixe`<j+NWUztp%;I;!C}?`rJ5dGbyH2c=KO5t?1++MXmqC)g?Qq%wdp==fGL-nt
zE=f!b7RJlb4{bhu1N9jlH=(li%-^;kxC?APv%A>dHV~n4tcF6@$TY%`?2-{-T1_v$
z^3$>Dyp|=V0~pVF$~U{*^oEZ=!uwvlR)+#yigT7~|E}SbHY0k)t7w4Te|ecVjrL-Q
z<YWC<hr3JLx@*j*w81+a`oegn=gNT)!wu9ILwgyb8BtVs`_=a%Kq#p9xdh9CGyXnh
zCM0geA&m`e{t&(5!bU4oDwQ9oYnkh@k!}Bcj3}1!j*!LBK~gGw1PQ1=>67h+h(Y!3
zTkrMg?VqyS>KN#PpKf}$xNv{7uDGI4fII^QR8H=D1uK&A?2z)%g!}s3u#jFFqVQll
zQ==8dMO7e={q54@_)!VJp^<YV-_J7USIE3ffEi9r&GGQFWj-1hUwWcI8~=b&Ly1r~
zr34wM=P?|jnGL<o!7F#=tl||H0o1=xLU8%?T)((@u(K)_805roh(1ZD`C-~Yo=EIg
z0xAT^r&*FHCuu!?NDa<drng127;}DWYG<L@{+&+qK2(Sj?D$wHN&4K!shhb7N36z(
zRpTu<_T3eKsBeGb<cGcLItA0W!k6hb5%hetA^omp=aBxq(HOXavqiXb{R4DESpWgn
z?~EoDOs}ocYkd8wHhe+V!)Bs*5Ggvn`Cus;te>$NQUZ*B*>h-W8FLe+bk$m)CLo5R
zhN{u`47B3GP8ynjldlI>zlFk0qImpT^@f}xzcyjV<lV<x4{%a;X_tVqq+WU#40b<a
z!l);SVmvVQVNrkk7FD?)M#T6CaZs-aWw0*~0^hj+7!O@MT(q2?4U@g%{x3hg5+BNV
zL7DExaMcdcv}XUK3tJ$+;EI21fLOgnuH=d^s={-C6797vMCHaK%oXHMAROEX<j2UF
zV`vnQoQ6++3}|L?pA<bDtH2rVgEsxtoX6iYfj$4@k$Cn+hqF3EguVr#gINFq#MQ-k
zs7Q*J^$E2Bg#%9#s6RPfe8JncD=a5vO|x=odhUT>^FV1t8;hPB?_h1KeGlZ%YJbl5
zi@Ex4EH>IlH%L#1*3afy4+UIyC6a_+WF><AKF*$BuyNxWPQ#Wz(nGO~df<cbsMb4!
zA&D8)nm9Jc77Cy~g|ZA8@BK9s-*n2f*R?)w*E2$HrwNzo<-$Oh;qq6o_2}+0Qtohn
zVN2VtK&`*?+|EgpJxWI}htK*FNigOo!xT`zRr1ZkWmHQnu3R#oct=2k5xk{!T@9#q
zVxLsn1#S#%9)kOa<wnR<)eT8OsF&l$NeTYT4JIa%7L!SxycfbdB(URC-KKqYJ-Bxh
zpo@iXgf6^0m;D5h+CwiHHkgL&V%OsWjE8&oci2d3TGI$))4TcSI5Y+I;T=~Qr3F@N
z2qVa^`9eUR9DzX(@^1e33b~EkO09`LBjz1q-y{=-R)DB3e)h#5AW!OWzkI=p$Cr^d
zY`}oRnUP4I0T=x{Oe~2EOZ$)cSPqa!nBq~dcGD8i4?wTo6y*%1##wtAZacxEr0G?f
z&Uq#Q^4W?c7)V`_v;l(Ue1$Vj2JP5X)8_<t{8=?MIPfFchCtrIm6^`3?_>%k7a#Sf
z1^ud0b;G_q)|2j%9tsBcW&$CQ7t<>awHLTvaI2Gs!V#h#{%R#RIN*4qZq4>-N6d#G
z?D#LSPv%`yC4W6Vlvi~3E^7`y!Z>F5NS=xQWqD@R;>$QtA1?M_X&OYQ(&>iP6GZ&}
z6JL-fMmeQ9X6y6NTvj*^Sbz6`nt*Gk5KChtruw_*L&O5DYmP95oC<si+jc*}b`F@I
zWJurHE?4Oxv2O{@yfa&#pzqK&^E7GfV+#+%PPtkFTfeSIzOOXr;p`~ha<yJ9$C(bm
z?UMQ??f!zoty=Dxv;({UDADl{S!&hcm~gxmz->`SR5ELnsH^AL_&CCcioenD1GvAI
zBTff!8XV0(hRxEJd4!e5w+XQ0%=+5#;8X5)1n9u(LyXKgUnbe3;)omg(Fb!A(aZrs
zYwL`k9Twy#(+0vQFhKncy}=;N@7|8SWHj7ws)87<q*&YFAf`h5ITj*zOLG-~{1n|=
zWlwJ!oRUEw!?|&8vOh+MPuP*;>qc0olvcP8K0w}5k7%0i-GWODk_8f?dO(&%+s9w!
zRM#3gLAr(xdM|@O9sx<;o3(uyLZ}>6uPd{Eus5XM-at`buSGqMeN4av*6)N{n=YtV
zq0grTbT%tbre;hf#6T^pY}!4-ACmpJR)YlU(+aWV(n94Yq}%4mhopWK^MBDLH95#s
zVsuRwWUe510rDrhHhJTwR*lM^)B0LD7rYJc;uKHc)lFUzu>W>E{7ekwv30{rdAtT9
z-<)$R$H0j$tIRNG9=gqK%VZhGmox2v&1bF)h15qdEDe4bCH)H3yPMy$6KTnGWM-y)
zvnfPksswg_d}UH)4)Kh>4*#!A?xOV;m!Dt$fEp;ELZyEd_WGUx?EV62+>_wR$5sYi
zm)re(vUfduAro<Rqza}dZW`Nym~0uq_+QK?+tu_XbD9FJDnptA$h&dp?MREnT1<rZ
z)S^SB7l3>u>5{qNrzyUH?HDUY@8_iGF1H_0iLNaz=_S|v&1aiHUR$Us$48t1ZavQX
z`RB(Zz8)6A56m8R!h*MG%FW?RVD)q4ez2abEhj~|-jaNiGdn@5pNmlWp8VHIrFP;e
zx3nUl{^DDQ4`rxWBb_j-3;wSy{Ku|kHHVB}wIleev9<4sd4c><V_3Jt`h%>l+?BdY
zfd;MVLRs~Mo>lnCS(G+4<G2lwmnuBV`9gW}c*22-dTehbLs9bj@Je6KX`Nc4ZNxf0
zG>|V_tO|hYddLi!k|ggqv6qg=5qDfhRHr=Aih&aFoda86+`HPpCVG%JQ9*B9c}X}c
zA%=x8_hupdzBW+!SbyRT=KoA;JsGe$+fs5A5!=<5E>s<KE#hN;&U{vOV2=7d1oeUO
zY|+5Qw78278{zhOr`oys2j&{2%nq4)Jy-s8@O}5E708b_4x{ok1@J4ry<U*F5_(8O
z&iqdC*HG}K;vUv3CtCu@_e*`$t^ID3E7sV6R?!v^<_hiHB5;1gFXZv9USl&i0mzR&
z&<Eql){qz#RojcT%-(`jMJ(;(JH9Skx71`6;elQ6S>ASzJ$?fU7NP@eEycZTNPkdV
zmSbHayCo7r>8`Z3f%+L_9I%W}I#pJs+A$vDXMVqF=P8%e$~P37H^b|{rHTXj&Hioe
zKu!`tmbSdNq-S<ycL>ghw?w7z3p-otKO)2`f&2*~H+E?||K}#{d~7HD^a$m=R1QAq
z%57Nng1y5jv>qT|w;l>ZeH-NANEA;3^BnJtjYu;YTR_vN)NH$(7u^KbFO28b6(+>i
zS`!&bd=ZXp)%fh8Eh4$+KECf$FXCmm_yp7+@_vSOOu2`qn4>qV#f)RvI}L}?+3(+J
z*Nh|-nyX0y^4V|x7%FhE6Dn&Jbs4FNiByns6CBNWT`>Lah}$LRQ3LV@H?D7=OH$p!
z3}4<iISK`Nm9X$cZ>|X$pY-DH=%RzwZ^(UTu3S+<rO-Jc6@imc+#tr$Kem14Ym^3u
zPdh7T*FgP^iXOXWHS<rT4Zma}@PoFt25=|Kb;MxWy7K8ncv8U5mxT!J;pmq2B4*6R
atT@vq-8^zJ2yfNh=F44WJXb)Q(*FQ{1$+Gf

diff --git a/ps/Check UEFI PK, KEK, DB and DBX.ps1 b/ps/Check UEFI PK, KEK, DB and DBX.ps1
index 79fa7af..ae1153d 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX.ps1	
@@ -17,42 +17,14 @@ if (-not ((Test-Path -Path "$PSScriptRoot\Check-Dbx-Simplified.ps1" -PathType Le
     Break
 }
 
+do {
 # Print computer info
 Import-Module $PSScriptRoot\Get-SystemOverview.psm1 -Force
 Show-DeviceOverview
 Write-Host
 
 # Check architecture
-$IsArm = $false
-$Is64bit = $true
-try {
-    $cpuArch = (Get-CimInstance -ClassName Win32_Processor -ErrorAction Stop).Architecture
-    # 0 = x86, 9 = x64, 5 = ARM, 12 = ARM64
-    if ($cpuArch -eq 5 -or $cpuArch -eq 12) {
-        $IsArm = $true
-    }
-    # Windows and UEFI bit-ness should always match on officially supported installs
-    # since UEFI doesn't support cross-platform boot as of https://learn.microsoft.com/en-us/windows/deployment/windows-deployment-scenarios-and-tools#windows-support-for-uefi
-    $Is64bit = [Environment]::Is64BitOperatingSystem
-} catch {
-    $IsArm = $false
-    $Is64bit = $true
-    Write-Warning "Unable to determine system architecture, proceeding with defaults (x64).`n"
-    $cpuArch = 9 # default x64
-}
-$arch = if ($Is64bit -and $cpuArch -eq 9) { # CPU arch x64
-        "amd64"
-    } elseif ($Is64bit -and $cpuArch -eq 12) { # CPU arch ARM64
-        "arm64"
-    } elseif (-not $Is64bit -and ($cpuArch -eq 0 -or $cpuArch -eq 9)) {
-        "x86" # CPU arch can be x86 or x64, but Windows/EFI arch is x86, thus the one we need.
-    } elseif (-not $Is64bit -and $IsArm) { # cpu arch check with $IsArm above
-        "arm"
-    } else { # any other unsupported CPU architecture
-        "unsupported"
-    }
-
-Write-Host "Detected $(Resolve-ArchName($arch)) UEFI architecture. Ensure that this is correct for valid DBX results.`n"
+$arch = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes").OSArchitecture
 
 # Check for Secure Boot status
 Write-Host "Secure Boot status: " -NoNewLine
@@ -94,7 +66,7 @@ try {
 
 Write-Host ""
 Write-Host $bold'Default UEFI PK'$reset
-if ($IsArm) {
+if ($arch -match '^arm') {
     Write-Warning "Some ARM-based Windows devices can't retrieve default UEFI variables."
 }
 try {
@@ -184,7 +156,7 @@ Show-UEFICertOthers -SecureBootUEFIVar kek -KnownCerts $KEKCerts
 
 Write-Host ""
 Write-Host $bold'Default UEFI KEK'$reset
-if ($IsArm) {
+if ($arch -match '^arm') {
     Write-Warning "Some ARM-based Windows devices can't retrieve default UEFI variables."
 }
 $KEKCerts | ForEach-Object {
@@ -209,7 +181,7 @@ Show-UEFICertOthers -SecureBootUEFIVar db -KnownCerts $DBCerts
 
 Write-Host ""
 Write-Host $bold'Default UEFI DB'$reset
-if ($IsArm) {
+if ($arch -match '^arm') {
     Write-Warning "Some ARM-based Windows devices can't retrieve default UEFI variables."
 }
 $DBCerts  | ForEach-Object {
@@ -227,7 +199,7 @@ try {
     Break # No need to continue with remaining DBX-related checks of script if failed to obtain DBX data
 }
 
-$colWidth = 27
+$colWidth = 20
 function Show-CheckDBX {
     param(
         [Parameter(Mandatory)][string]$Label,
@@ -244,24 +216,42 @@ function Show-CheckDBX {
     }
 }
 
-# select the proper bin file for the DBX Update.
-# files are copied from https://github.com/microsoft/secureboot_objects/tree/main/PostSignedObjects/DBX
-if ($arch -eq "amd64") {
-  # Show-CheckDBX "2023-03-14         " "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2023-03-14.bin"
-  # Show-CheckDBX "2023-05-09         " "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2023-05-09.bin"
-  # Show-CheckDBX "2025-01-14 (v1.3.1)" "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2025-01-14.bin"
-  # Show-CheckDBX "2025-06-11 (v1.5.1)" "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2025-06-11.bin"
-    Show-CheckDBX "2025-10-14 (v1.6.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\x64_DBXUpdate_2025-10-14.bin"
-} elseif ($arch -eq "arm64") {
-    Show-CheckDBX "2025-02-25 (v1.4.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\arm64_DBXUpdate_2025-02-25.bin"
-} elseif ($arch -eq "x86") {
-    Show-CheckDBX "2025-10-14 (v1.6.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\x86_DBXUpdate_2025-10-14.bin"
-} elseif ($arch -eq "arm") {
-    Show-CheckDBX "2025-02-25 (v1.4.0) [$($arch.ToUpper())]" "$PSScriptRoot\..\dbx_bin\arm_DBXUpdate_2025-02-25.bin"
+# Read metadata (Date, Version, Arch) from bin file name
+function Get-DbxMetadata {
+    param([string]$name)
+
+    if ($name -notmatch '^DBXUpdate_(\d{4}-\d{2}-\d{2})_([^_]+)_([^.]+)\.bin$') { return $null }
+
+    return [pscustomobject]@{
+        Date    = [datetime]::ParseExact($matches[1], "yyyy-MM-dd", $null)
+        Version = $matches[2]
+        Arch    = $matches[3]
+        Name    = $name
+    }
+}
+
+# Published DBX bin for arch
+$dbxFolder = "$PSScriptRoot\..\dbx_bin"
+$publishedDBX = Get-ChildItem $dbxFolder -Filter "DBXUpdate_*.bin" |
+    ForEach-Object { Get-DbxMetadata $_.Name } |
+    Where-Object { $_ -ne $null -and $_.Arch -eq $arch } | 
+    Sort-Object Date -Descending | 
+    Select-Object -First 1
+if (-not $publishedDBX) { throw "No published DBX file found for architecture: $arch" }
+
+# Staged DBX bin
+$stagedPath = "C:\Windows\System32\SecureBootUpdates\dbxupdate.bin"
+$stagedDate = if (Test-Path $stagedPath) { (Get-Item $stagedPath).LastWriteTime } else { $null }
+
+# Check DBX against latest DBX revocations
+if ($stagedDate -and ($stagedDate -ge $publishedDBX.Date)) {
+    Show-CheckDBX ("Staged ({0})" -f $stagedDate.ToString('dd MMM yyyy')) $stagedPath
 } else {
-    Write-Warning "[$($arch.ToUpper())] architecture."
+    $label = "{0} ({1})" -f `
+        $publishedDBX.Version,
+        $publishedDBX.Date.ToString('dd MMM yyyy')
+    Show-CheckDBX $label "$dbxFolder\$($publishedDBX.Name)"
 }
-Show-CheckDBX "Current Windows staged" "C:\Windows\System32\SecureBootUpdates\dbxupdate.bin"
 
 Import-Module -Force "$PSScriptRoot\Get-SVNfromDBX.psm1"
 
@@ -278,25 +268,25 @@ $dbx_svns = @($dbx_list | Where-Object { $_.SignatureType -eq 'EFI_CERT_SHA256_G
 $dbx_hashes -= $dbx_svns
 
 $components = [ordered]@{
-    BootMgr = @{ Name="Windows BootMgr SVN"; JSON=$svn_bootmgr_latest }
-    CDBoot  = @{ Name="Windows CDBoot SVN"; JSON=$svn_cdboot_latest }
-    WDSMgFw = @{ Name="Windows WDSMgFw SVN"; JSON=$svn_wdsmgfw_latest }
+    BootMgr = @{ Name="Firmware BootMgr SVN"; JSON=$svn_bootmgr_latest }
+    CDBoot  = @{ Name="Firmware CDBoot SVN"; JSON=$svn_cdboot_latest }
+    WDSMgFw = @{ Name="Firmware WDSMgFw SVN"; JSON=$svn_wdsmgfw_latest }
 }
 
-$svn_list = Get-SVNfromDBX $dbx_list
+$svn_firmware = Get-SVNfromDBX $dbx_list
 $StagedSVNbytes = [IO.File]::ReadAllBytes('C:\Windows\System32\SecureBootUpdates\DBXUpdateSVN.bin')
 $svn_staged = Get-SVNfromDBX (Get-UEFIDatabaseSignatures -BytesIn $StagedSVNbytes)
 
 foreach ($key in $components.Keys) {
     Write-Host -NoNewline "$($components[$key].Name.PadRight($colWidth)) : "
 
-    if (-not $svn_list.$key) {
+    if (-not $svn_firmware.$key) {
         Write-Host "Not applied" -ForegroundColor Red
         continue
     }
 
     $json       = $components[$key].JSON
-    $current    = $svn_list.$key.Version
+    $current    = $svn_firmware.$key.Version
     $staged     = $svn_staged.$key.Version
 
     $target = if ($json -ge $staged) { $json } else { $staged }
@@ -307,3 +297,8 @@ foreach ($key in $components.Keys) {
 }
 
 Write-Host ("Statistics".PadRight($colWidth) + " : $dbx_size Bytes, $dbx_hashes SHA256 hashes, $dbx_certs X.509 certs, $dbx_svns SVNs")
+
+Write-Host
+Read-Host "Press ENTER to refresh"
+
+} while ($true)

From 7ae0d8fe9ae91fc7c55551007152eb399b833183 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Sun, 7 Jun 2026 18:34:03 +0200
Subject: [PATCH 02/11] Update DBX file pattern

DBXUpdate_2025-10-14_v1.6.0_amd64.bin to
DBXUpdate_v1.6.0_2025-10-14_amd64.bin
---
 ..._arm.bin => DBXUpdate_v1.4.0_2025-02-25_arm.bin} | Bin
 ...64.bin => DBXUpdate_v1.4.0_2025-02-25_arm64.bin} | Bin
 ...64.bin => DBXUpdate_v1.6.0_2025-10-14_amd64.bin} | Bin
 ..._x86.bin => DBXUpdate_v1.6.0_2025-10-14_x86.bin} | Bin
 ps/Check UEFI PK, KEK, DB and DBX.ps1               |  12 ++++++------
 5 files changed, 6 insertions(+), 6 deletions(-)
 rename dbx_bin/{DBXUpdate_2025-02-25_v1.4.0_arm.bin => DBXUpdate_v1.4.0_2025-02-25_arm.bin} (100%)
 rename dbx_bin/{DBXUpdate_2025-02-25_v1.4.0_arm64.bin => DBXUpdate_v1.4.0_2025-02-25_arm64.bin} (100%)
 rename dbx_bin/{DBXUpdate_2025-10-14_v1.6.0_amd64.bin => DBXUpdate_v1.6.0_2025-10-14_amd64.bin} (100%)
 rename dbx_bin/{DBXUpdate_2025-10-14_v1.6.0_x86.bin => DBXUpdate_v1.6.0_2025-10-14_x86.bin} (100%)

diff --git a/dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm.bin b/dbx_bin/DBXUpdate_v1.4.0_2025-02-25_arm.bin
similarity index 100%
rename from dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm.bin
rename to dbx_bin/DBXUpdate_v1.4.0_2025-02-25_arm.bin
diff --git a/dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm64.bin b/dbx_bin/DBXUpdate_v1.4.0_2025-02-25_arm64.bin
similarity index 100%
rename from dbx_bin/DBXUpdate_2025-02-25_v1.4.0_arm64.bin
rename to dbx_bin/DBXUpdate_v1.4.0_2025-02-25_arm64.bin
diff --git a/dbx_bin/DBXUpdate_2025-10-14_v1.6.0_amd64.bin b/dbx_bin/DBXUpdate_v1.6.0_2025-10-14_amd64.bin
similarity index 100%
rename from dbx_bin/DBXUpdate_2025-10-14_v1.6.0_amd64.bin
rename to dbx_bin/DBXUpdate_v1.6.0_2025-10-14_amd64.bin
diff --git a/dbx_bin/DBXUpdate_2025-10-14_v1.6.0_x86.bin b/dbx_bin/DBXUpdate_v1.6.0_2025-10-14_x86.bin
similarity index 100%
rename from dbx_bin/DBXUpdate_2025-10-14_v1.6.0_x86.bin
rename to dbx_bin/DBXUpdate_v1.6.0_2025-10-14_x86.bin
diff --git a/ps/Check UEFI PK, KEK, DB and DBX.ps1 b/ps/Check UEFI PK, KEK, DB and DBX.ps1
index ae1153d..0d5b121 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX.ps1	
@@ -220,11 +220,11 @@ function Show-CheckDBX {
 function Get-DbxMetadata {
     param([string]$name)
 
-    if ($name -notmatch '^DBXUpdate_(\d{4}-\d{2}-\d{2})_([^_]+)_([^.]+)\.bin$') { return $null }
+    if ($name -notmatch '^DBXUpdate_([^_]+)_(\d{4}-\d{2}-\d{2})_([^.]+)\.bin$') { return $null }
 
     return [pscustomobject]@{
-        Date    = [datetime]::ParseExact($matches[1], "yyyy-MM-dd", $null)
-        Version = $matches[2]
+        Version = $matches[1]
+        Date    = [datetime]::ParseExact($matches[2], "yyyy-MM-dd", $null)
         Arch    = $matches[3]
         Name    = $name
     }
@@ -268,9 +268,9 @@ $dbx_svns = @($dbx_list | Where-Object { $_.SignatureType -eq 'EFI_CERT_SHA256_G
 $dbx_hashes -= $dbx_svns
 
 $components = [ordered]@{
-    BootMgr = @{ Name="Firmware BootMgr SVN"; JSON=$svn_bootmgr_latest }
-    CDBoot  = @{ Name="Firmware CDBoot SVN"; JSON=$svn_cdboot_latest }
-    WDSMgFw = @{ Name="Firmware WDSMgFw SVN"; JSON=$svn_wdsmgfw_latest }
+    BootMgr = @{ Name="FirmwareSVN BootMgr"; JSON=$svn_bootmgr_latest }
+    CDBoot  = @{ Name="FirmwareSVN CDBoot"; JSON=$svn_cdboot_latest }
+    WDSMgFw = @{ Name="FirmwareSVN WDSMgFw"; JSON=$svn_wdsmgfw_latest }
 }
 
 $svn_firmware = Get-SVNfromDBX $dbx_list

From 7acb273403ff739cc4b4c8d9ff4f55b68316a01a Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Sun, 7 Jun 2026 19:04:38 +0200
Subject: [PATCH 03/11] Reintroduce previous arch check to ensure maximum
 compatibility

---
 ps/Check UEFI PK, KEK, DB and DBX.ps1 | 32 +++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/ps/Check UEFI PK, KEK, DB and DBX.ps1 b/ps/Check UEFI PK, KEK, DB and DBX.ps1
index 0d5b121..953e7e4 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX.ps1	
@@ -26,6 +26,38 @@ Write-Host
 # Check architecture
 $arch = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes").OSArchitecture
 
+# Previous architecture check as fallback
+if (-not $arch) {
+    $IsArm = $false
+    $Is64bit = $true
+    try {
+        $cpuArch = (Get-CimInstance -ClassName Win32_Processor -ErrorAction Stop).Architecture
+        # 0 = x86, 9 = x64, 5 = ARM, 12 = ARM64
+        if ($cpuArch -eq 5 -or $cpuArch -eq 12) {
+            $IsArm = $true
+        }
+        # Windows and UEFI bit-ness should always match on officially supported installs
+        # since UEFI doesn't support cross-platform boot as of https://learn.microsoft.com/en-us/windows/deployment/windows-deployment-scenarios-and-tools#windows-support-for-uefi
+        $Is64bit = [Environment]::Is64BitOperatingSystem
+    } catch {
+        $IsArm = $false
+        $Is64bit = $true
+        Write-Warning "Unable to determine system architecture, proceeding with defaults (x64).`n"
+        $cpuArch = 9 # default x64
+    }
+    $arch = if ($Is64bit -and $cpuArch -eq 9) { # CPU arch x64
+        "amd64"
+    } elseif ($Is64bit -and $cpuArch -eq 12) { # CPU arch ARM64
+        "arm64"
+    } elseif (-not $Is64bit -and ($cpuArch -eq 0 -or $cpuArch -eq 9)) {
+        "x86" # CPU arch can be x86 or x64, but Windows/EFI arch is x86, thus the one we need.
+    } elseif (-not $Is64bit -and $IsArm) { # cpu arch check with $IsArm above
+        "arm"
+    } else { # any other unsupported CPU architecture
+        "unsupported"
+    }
+}
+
 # Check for Secure Boot status
 Write-Host "Secure Boot status: " -NoNewLine
 try {

From 64aff720825f3e768f7995ffe02d1ca1d3f3fdce Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Fri, 12 Jun 2026 16:11:12 +0200
Subject: [PATCH 04/11] Show PartitionStyle with Warning

PartitionStyle 'GPT' required for UEFI/Secure Boot. Legacy 'MBR' should indicate a non-compliant system and trigger warning with guidance.
---
 ps/Check UEFI PK, KEK, DB and DBX.ps1 |  4 ++++
 ps/Get-SystemOverview.psm1            | 25 +++++++++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/ps/Check UEFI PK, KEK, DB and DBX.ps1 b/ps/Check UEFI PK, KEK, DB and DBX.ps1
index 953e7e4..57ff048 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX.ps1	
@@ -332,5 +332,9 @@ Write-Host ("Statistics".PadRight($colWidth) + " : $dbx_size Bytes, $dbx_hashes
 
 Write-Host
 Read-Host "Press ENTER to refresh"
+if ((Get-PartitionStyle) -ne "GPT") {
+    Write-Host
+    Write-Warning "See https://learn.microsoft.com/windows/deployment/mbr-to-gpt before Secure Boot can be enabled.`n"
+} 
 
 } while ($true)
diff --git a/ps/Get-SystemOverview.psm1 b/ps/Get-SystemOverview.psm1
index dfbb625..f42c5d3 100644
--- a/ps/Get-SystemOverview.psm1
+++ b/ps/Get-SystemOverview.psm1
@@ -1,6 +1,10 @@
 # Created by github.com/jcoester
 # Repository https://github.com/cjee21/Check-UEFISecureBootVariables
 
+$reset = "$([char]0x1b)[0m"
+$yellow = "$([char]0x1b)[93m"
+$red   = "$([char]0x1b)[91m"
+
 function Spacer() {
     Write-Host ("-" * 60)
 }
@@ -67,11 +71,27 @@ function Format-DeviceModel([string[]]$Values) {
 
 function Show-WindowsVersion {
     $windows = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
-    "OS : Windows {0} - {1} (Build {2}.{3})" -f `
+    "OS : Windows {0} - {1} (Build {2}.{3}) - {4}" -f `
         (Get-WindowsVersionFromBuild ([int]$windows.CurrentBuildNumber)),
         $windows.DisplayVersion,
         $windows.CurrentBuildNumber,
-        $windows.UBR
+        $windows.UBR,
+        (Show-SystemPartitioning)
+}
+
+function Get-PartitionStyle {
+    param([string]$DriveLetter = $env:SystemDrive.TrimEnd(':'))
+    (Get-Disk -Number (Get-Partition -DriveLetter $DriveLetter).DiskNumber).PartitionStyle
+}
+
+function Show-SystemPartitioning {
+    $DriveLetter = $env:SystemDrive.TrimEnd(':').Trim()
+
+    switch(Get-PartitionStyle($DriveLetter)) {
+        "GPT" { "$($DriveLetter): GPT" }
+        "MBR" { $label = "MBR"; return "$($DriveLetter): $red$label$reset" }
+        default { $label = "Can't determine partition style"; return "$yellow$label$reset" }
+    }
 }
 
 function Show-DeviceOverview {
@@ -112,5 +132,6 @@ function Show-Device {
 Export-ModuleMember -Function `
     Spacer,
     Show-WindowsVersion,
+    Get-PartitionStyle,
     Show-DeviceOverview,
     Resolve-ArchName

From 9b613efe147c4b8c9d2039c99695c30519a09ba3 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Fri, 12 Jun 2026 16:17:10 +0200
Subject: [PATCH 05/11] Show PartitionStyle with Warning (2)

---
 ps/Check UEFI PK, KEK, DB and DBX.ps1 | 2 ++
 ps/Get-SystemOverview.psm1            | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ps/Check UEFI PK, KEK, DB and DBX.ps1 b/ps/Check UEFI PK, KEK, DB and DBX.ps1
index 57ff048..bba2761 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX.ps1	
@@ -335,6 +335,8 @@ Read-Host "Press ENTER to refresh"
 if ((Get-PartitionStyle) -ne "GPT") {
     Write-Host
     Write-Warning "See https://learn.microsoft.com/windows/deployment/mbr-to-gpt before Secure Boot can be enabled.`n"
+    Write-Warning "See https://learn.microsoft.com/windows/deployment/mbr-to-gpt before Secure Boot can be enabled."
+    Write-Host
 } 
 
 } while ($true)
diff --git a/ps/Get-SystemOverview.psm1 b/ps/Get-SystemOverview.psm1
index f42c5d3..735a9ce 100644
--- a/ps/Get-SystemOverview.psm1
+++ b/ps/Get-SystemOverview.psm1
@@ -85,7 +85,7 @@ function Get-PartitionStyle {
 }
 
 function Show-SystemPartitioning {
-    $DriveLetter = $env:SystemDrive.TrimEnd(':').Trim()
+    $DriveLetter = $env:SystemDrive.TrimEnd(':')
 
     switch(Get-PartitionStyle($DriveLetter)) {
         "GPT" { "$($DriveLetter): GPT" }

From 2f29cbaee547fcf1e59be6f786ab4fa79977f9a2 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Sat, 13 Jun 2026 11:59:27 +0200
Subject: [PATCH 06/11] Add Check UEFI PK, KEK, DB, DBX Remaster

- Change two states (Check, Cross) into three states: PRESENT, REVOKED, ABSENT.
- Take latest JSON (GitHub or Local Windows folder) as baseline for all comparisons
- Add expiration date
- Incorportate JSON revocation into
- Add tag to Baseline certs, easier identification
- Remove all binary reads to dramatically improve runtime
- Split DBX revoc. checks into Main and isOptional
- Read UEFI only once
- Add SetupMode and CA2023 Status and Capability.
- Add Default DBX states.
---
 Check UEFI PK, KEK, DB and DBX - Remaster.cmd |   5 +
 ...heck UEFI PK, KEK, DB and DBX-Remaster.ps1 | 480 ++++++++++++++++++
 ps/Get-SystemOverview.psm1                    | 160 +++++-
 3 files changed, 622 insertions(+), 23 deletions(-)
 create mode 100644 Check UEFI PK, KEK, DB and DBX - Remaster.cmd
 create mode 100644 ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1

diff --git a/Check UEFI PK, KEK, DB and DBX - Remaster.cmd b/Check UEFI PK, KEK, DB and DBX - Remaster.cmd
new file mode 100644
index 0000000..6d28920
--- /dev/null
+++ b/Check UEFI PK, KEK, DB and DBX - Remaster.cmd	
@@ -0,0 +1,5 @@
+:: Created by github.com/cjee21
+@title Check UEFI PK, KEK, DB and DBX
+@powershell -ExecutionPolicy Bypass -Command "& '%~dp0ps\Check UEFI PK, KEK, DB and DBX-Remaster.ps1'"
+@echo.
+@pause
diff --git a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1 b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1
new file mode 100644
index 0000000..aecdbe3
--- /dev/null
+++ b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
@@ -0,0 +1,480 @@
+# Created by github.com/jcoester
+# License: MIT
+# Repository: https://github.com/cjee21/Check-UEFISecureBootVariables
+
+# Tracking vulnerable certificate presence for Optional Revocations checks
+$script:vulnerableCertPresentDB = $null
+$script:vulnerableCertPresentDBDefault = $null
+
+# ANSI colors
+$reset = "$([char]0x1b)[0m"
+$white = "$([char]0x1b)[97m"
+$cyan = "$([char]0x1b)[96m"
+$yellow = "$([char]0x1b)[93m"
+$green = "$([char]0x1b)[92m"
+$red   = "$([char]0x1b)[91m"
+$gray   = "$([char]0x1b)[90m"
+
+# Check for admin
+if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
+    Write-Warning "Insufficient permissions to run this script. Please run as administrator."
+    Break
+}
+
+function Get-SignatureCN([string]$s) {
+    if (-not $s) { return $null }
+    ($s -split ',')[0].Trim() -replace '^CN\s*=\s*', ''
+}
+
+function Get-SignatureOrg([string]$s) {
+    if (-not $s) { return $null }
+    ($s -split ',')[1].Trim() -replace '^O\s*=\s*', ''
+}
+
+function Get-LatestJsonBySVN {
+    param(
+        [object]$LocalJson,
+        [object]$BaselineJson
+    )
+
+    $localMoreRecent = $False
+
+    $local = $LocalJson.svns.version | ForEach-Object { [version]$_ }
+    $baseline = $BaselineJson.svns.version | ForEach-Object { [version]$_ }
+
+    # Compare amount of SVNs
+    if ($local.Count -gt $baseline.Count) {
+        $localMoreRecent = $True
+    } else {
+        # Compare SVN values
+        for ($i = 0; $i -lt $local.Count; $i++) {
+            # Immediately determine from first difference
+            if ($local[$i] -gt $baseline[$i]) {
+                $localMoreRecent = $True
+                break
+            } elseif ($baseline[$i] -gt $local[$i]) { 
+                break 
+            }
+        }
+    }
+
+    # Return latest JSON
+    if ($localMoreRecent) {
+        return $LocalJson
+    } 
+    
+    return $BaselineJson
+}
+
+function Split-SVNEntry {
+    param([string]$hex)
+    
+    # Reference: https://github.com/microsoft/secureboot_objects/blob/main/PreSignedObjects/DBX/HashesJsonSchema.json
+    # Byte[0] is the UINT8 version of the SVN_DATA structure. 
+    # Bytes[1...16] are the GUID of the application being revoked. Little endian. 
+    # Bytes[17...18] are the Minor SVN number. Litte endian UINT16.
+    # Bytes[19...20] are the Major SVN number. Litte endian UINT16.
+    # Bytes[21...31] are 11 zero bytes padding."
+
+    # Interpretation: 1 Byte = 2 Hex Digits
+    # Sample: 00|1.............GUID............16|1718|1920|21......Padding.....31
+    # Sample: 01|612B139DD5598843AB1C185C3CB2EB92|0000|0900|0000000000000000000000
+    # Sample interpretated as "Windows Bootmgr SVN 9.0"
+    
+    $b = for ($i = 0; $i -lt $hex.Length; $i += 2) {
+        [Convert]::ToByte($hex.Substring($i,2),16)
+    }
+
+    $applications = @{
+        "612B139DD5598843AB1C185C3CB2EB92" = "Windows Bootmgr SVN"
+        "9D2EF8E827E15841A4884C18ABE2F284" = "Windows cdboot SVN"
+        "C2CA99C9FE7F6F4981279E2A8A535976" = "Windows wdsmgfw SVN"
+    }
+
+    $applicationHash = ($b[1..16] | ForEach-Object { $_.ToString("X2") }) -join ''
+    
+    $application = $applications[$applicationHash]
+    if (-not $application) { $application = "UNKNOWN" }
+
+    $minor = [BitConverter]::ToUInt16($b, 17)
+    $major = [BitConverter]::ToUInt16($b, 19)
+
+    [PSCustomObject]@{
+        ApplicationName = $application
+        ApplicationHash = $applicationHash
+        SVN = [version]"$major.$minor"
+    }
+}
+
+function Get-DaysUntilExpiration($validTo) {
+    $now = Get-Date
+    $validTo = [datetime]$validTo
+    $isValid = $now -le $validTo
+    $span = if ($validTo -ge $now) { $validTo - $now } else { $now - $validTo }
+    $time = [math]::Floor($span.TotalDays)
+    if ($isValid) {
+        if ($time -lt 365) { 
+            $suffix = if ($time -eq 1) { "" } else { "s" }
+            return "$yellow$time day$suffix$reset" # Less than a year: Yellow
+        } else { 
+            $time = [int]($time / 365)
+            $suffix = if ($time -eq 1) { "" } else { "s" }
+            return "$green$time year$suffix$reset" # Longer than a year: Green
+        }
+    } else {
+        $text = "Expired"
+        return "$yellow$text$reset"
+    }
+}
+
+function Show-UEFICerts {
+    param(
+        [string]$Title,
+        [array]$Baseline,
+        [string]$Key
+    )
+
+    # Title
+    if ($UEFI_Values[$Key]) { 
+        Write-Host "$white$Title"
+    } else {
+        Write-Host "$yellow$Title not available"
+        return 
+    }
+
+    # Current DBX for Current lookup, Default DBX for Defaults.
+    if ($Key -like "*Default*") { $reference = "DBXDefault" } else { $reference = "DBX" }
+
+    # UEFI values
+    $Values = $UEFI_Values[$Key]
+
+    # Check against Microsoft Baseline
+    foreach ($entry in $Baseline) {
+        $name = $entry.Name
+
+        # Found match
+        $match = $Values | Where-Object { (Get-SignatureCN $_.Subject) -eq $name }
+        $present = $null -ne $match
+        
+        # Display Microsoft PK only if present. Since there can only be one PK.
+        if (($Key -eq "PK" -or $Key -eq "PKDefault") -and -not $match) { continue }
+
+        # Verify SignatureOwner to be Microsoft
+        if ($present -and (-not ($Values.SignatureOwner -eq $SignatureOwnerMicrosoft))) {
+            Write-Host $red"SignatureOwner not Microsoft, the certificate might impersonate one."
+        } 
+
+        # Check if revoked in DBX/DBXDefault
+        $revoked = $UEFI_Values[$reference] | Where-Object {
+            $_.SignatureOwner -eq $match.SignatureOwner -and
+            $_.Subject -eq $match.Subject
+        }
+
+        # Show expiration time for current certificates
+        if ($Key -like "*Default*") { 
+            $expiration = "" 
+        } else { 
+            $expiration = Get-DaysUntilExpiration $entry.ValidTo 
+        }
+
+        # Status text
+        if ($revoked) {
+            $state = "REVOKED"
+        } elseif ($present) {
+            $state = "PRESENT"
+        } else {
+            $state = "ABSENT"
+        }
+
+        # Status color
+        $color = switch ($state) {
+            "REVOKED" { $red }
+            "PRESENT" { $green }
+            "ABSENT"  { $gray }
+        }
+
+        # Add asterix if cert is marked as vulnerable in Microsoft JSON.
+        $revocation = $json.certificates | Where-Object { (Get-SignatureCN $_.subjectName) -eq $name }
+        if ($revocation) {
+            $name = switch ($state) {
+                "REVOKED" { "{0}{1}{2}{3}" -f $name, $gray, "*", $reset } # Successfully revoked
+                "PRESENT" { "{0}{1}{2}{3}" -f $name, $red, "*", $reset; # Caution: Vulnerable cert present 
+                    if ($reference -eq "DBX") { 
+                        $script:vulnerableCertPresentDB = $True # Present in Current DB
+                    } elseif ($reference -eq "DBXDefault") { 
+                        $script:vulnerableCertPresentDBDefault = $True # Present in Default DB
+                    }
+                }
+                "ABSENT"  { "{0}{1}{2}{3}" -f $name, $gray, "*", $reset } # Successfully removed, or never added
+            } 
+        }
+
+        $msTag = "$($entry.Tag)$reset" # MS cert identification tag
+        $status = "$color$state$reset"
+
+        "{0,-16} {1,-38} [{2}] {3}" -f $status, $name, $msTag, $expiration
+    }
+
+    # Remaining certs, outside of Microsoft Baseline
+    $remaining = $Values | Where-Object { (Get-SignatureCN $_.Subject) -notin ($Baseline | ForEach-Object { $_.Name }) }
+    foreach ($entry in $remaining) {
+        $name = Get-SignatureCN $entry.Subject
+
+        # Automatically present
+        $state = "PRESENT"
+
+        # Show expiration time only for current certificates, not default
+        if ($Key -like "*Default*") { 
+            $expiration = "" 
+        } else { 
+            $expiration = Get-DaysUntilExpiration $entry.ValidTo 
+        }
+
+        $nonMsTag = "$gray$(Get-SignatureOrg $entry.Subject)$reset" # Non-MS cert organization
+        $status = "{0}{1}{2}" -f $green, $state, $reset 
+
+        "{0,-16} {1,-38} [{2}] {3}" -f $status, $name, $nonMsTag, $expiration
+    }
+}
+
+function Show-UEFIDBX {
+    param(
+        [Parameter(Mandatory)]
+        [string]$Title,
+
+        [Parameter(Mandatory)]
+        [string]$Key
+    )
+
+    # Title
+    if ($UEFI_Values[$Key]) { 
+        Write-Host "$white$Title"
+    } else {
+        Write-Host "$yellow$Title not available"
+        return 
+    }
+
+    # All UEFI DBX revocations
+    $UEFI_DBX_EFI_SET = @{}; $UEFI_Values[$Key].Where({ $_.SignatureOwner -ne "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
+        ForEach-Object { if ($_.Hash) { $UEFI_DBX_EFI_SET[$_.Hash] = $True }}
+    $UEFI_DBX_CERT_SET = @{}; $UEFI_Values[$Key] | ForEach-Object { if ($_.Subject) { $UEFI_DBX_CERT_SET[$_.Subject] = $True }}
+    $UEFI_DBX_SVN_SET = @{}; $UEFI_Values[$Key].Where({ $_.SignatureOwner -eq "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
+        ForEach-Object { if ($_.Hash) { $UEFI_DBX_SVN_SET[$_.Hash] = $True }}
+    $UEFI_DBX_SVN_APPS = @{}; foreach ($entry in $UEFI_DBX_SVN_SET.GetEnumerator()) {
+    if (($appHash = (Split-SVNEntry $entry.Name).ApplicationHash)) {
+        $UEFI_DBX_SVN_APPS[$appHash] = $True}}
+
+    # --- EFI Images ---
+    # Check against mandatory JSON revocations
+    $DBX_Mandatory_Matches = @() 
+    $DBX_Mandatory_Missing = @()
+    foreach ($hash in $JSON_DBX_MANDATORY_HASHSET.Keys) { 
+        if ($UEFI_DBX_EFI_SET.ContainsKey($hash)) { 
+            $DBX_Mandatory_Matches += $hash 
+        } else { 
+            $DBX_Mandatory_Missing += $hash 
+        } 
+    }
+
+    #  Display mandatory revocation results
+    Write-Host ("{0,-20} : " -f "Main revocations") -NoNewline    
+    if ($DBX_Mandatory_Missing.Count -eq 0) {
+        $label = "SUCCESS: $($DBX_Mandatory_Matches.Count) revocations detected." 
+        Write-Host "$green$label" 
+    } else {
+        $label = "FAIL: $($DBX_Mandatory_Missing.Count) revocations missing, $($DBX_Mandatory_Matches.Count) detected." 
+        Write-Host "$red$label"
+    }
+
+    # Check against optional JSON revocations (matters only if vulnerable cert is present)
+    Write-Host ("{0,-20} : " -f "Optional revocations") -NoNewline
+    if (($script:vulnerableCertPresentDB -and $Key -eq "DBX") -or
+        ($script:vulnerableCertPresentDBDefault -and $Key -eq "DBXDefault")) {
+
+        $DBX_Optional_Matches = @()
+        $DBX_Optional_Missing = @()
+        foreach ($hash in $JSON_DBX_OPTIONAL_HASHSET.Keys) { 
+            if ($UEFI_DBX_EFI_SET.ContainsKey($hash)) { 
+                $DBX_Optional_Matches += $hash 
+            } else { 
+                $DBX_Optional_Missing += $hash } 
+        }
+
+        # Display optional revocations results
+        if ($DBX_Optional_Missing.Count -eq 0) { 
+            $label = "SUCCESS: $($DBX_Optional_Matches.Count) revocations detected." 
+            Write-Host "$green$label" 
+        } else { 
+            $label = "FAIL: $($DBX_Optional_Missing.Count) revocations missing, $($DBX_Optional_Matches.Count) detected." 
+            Write-Host "$red$label" 
+        }
+
+    } else {
+        $label = "Only applicable if vulnerable certificate present."
+        Write-Host "$gray$label$reset"
+    }
+    
+    # --- SVNs ---
+    # Read highest UEFI SVNs for each Application, e.g. Bootmgr might have multiple historical entries with increasing SVN.
+    $UEFI_SVN_LOOKUP = @{}
+    foreach ($entry in $UEFI_DBX_SVN_SET.GetEnumerator()) {
+        $obj = Split-SVNEntry $entry.Name
+        if (-not $UEFI_SVN_LOOKUP.ContainsKey($obj.ApplicationHash) -or $obj.SVN -gt $UEFI_SVN_LOOKUP[$obj.ApplicationHash].SVN) { 
+            $UEFI_SVN_LOOKUP[$obj.ApplicationHash] = $obj 
+        }
+    }
+
+    # Check UEFI SVNs against Microsoft JSON baseline
+    foreach ($entry in $json.svns) {
+        $json = Split-SVNEntry $entry.Value
+        $fw = $UEFI_SVN_LOOKUP[$json.ApplicationHash]
+
+        Write-Host ("{0,-20} : " -f $json.ApplicationName) -NoNewline
+        # UEFI SVN applied 
+        if ($fw) {
+            # UEFI meets JSON Baseline: Compliant
+            if ($fw.SVN -ge $json.SVN) {
+                Write-Host $green$($fw.SVN)
+            # UEFI lower than JSON Baseline: Not compliant, Show target version
+            } else {
+                Write-Host "$red$($fw.SVN) (Target $($json.SVN))"
+            }
+        # UEFI SVN not applied
+        } else {
+            $label = "Not applied"
+            Write-Host $red$label
+        }
+    }
+
+    ("{0,-20} : {1} EFI images, {2} certificates, {3} SVNs from {4} apps") -f 
+        "Revocation summary", 
+        ($UEFI_DBX_EFI_SET.Count), 
+        $UEFI_DBX_CERT_SET.Count,
+        $UEFI_DBX_SVN_SET.Count, 
+        $UEFI_DBX_SVN_APPS.Count
+}
+
+# Read UEFI once; 'dbt' and 'dbtDefault' omitted.
+$UEFI_Keys = @("SecureBoot","SetupMode","PK","PKDefault","KEK","KEKDefault","db","dbDefault","dbx","dbxDefault")
+$UEFI_Values = @{}
+foreach ($Key in $UEFI_Keys) {
+    try {
+        $UEFI_Values[$Key] = Get-SecureBootUEFI -Name $Key -Decoded -ErrorAction Stop
+    }
+    catch {
+        $UEFI_Values[$Key] = $null
+    }
+}
+
+# Print computer info
+Import-Module $PSScriptRoot\Get-SystemOverview.psm1 -Force
+Show-DeviceOverview
+Spacer
+
+# Microsoft JSON baseline from GitHub https://raw.githubusercontent.com/microsoft/secureboot_objects/refs/heads/main/PreSignedObjects/DBX/dbx_info_msft_latest.json
+$baselineJson = Get-Content "$PSScriptRoot\..\dbx_info\dbx_info_msft_latest.json" -Raw | ConvertFrom-Json
+
+# Microsoft JSON baseline from local Windows Update rollout
+$localJsonPath = (Join-Path (Split-Path (Get-Command Get-SecureBootUEFI).DLL -Parent) "hashes.json") 
+$localJson = Get-Content $localJsonPath -Raw | ConvertFrom-Json
+
+# Determine which JSON (GitHub, Local) is more recent
+$json = Get-LatestJsonBySVN $localJson $baselineJson
+
+# MS Signature
+$SignatureOwnerMicrosoft = "77fa9abd-0359-4d32-bd60-28f4e78f784b"
+
+# Expected Microsoft certs
+$MicrosoftPK = @(
+    @{ Name = "Windows OEM Devices PK"; Tag = "MS-PK"; ValidTo = "2038-09-18 22:28:26Z" }
+)
+$MicrosoftKEK = @(
+    @{ Name = "Microsoft Corporation KEK CA 2011"; Tag = "MS-KEK-2011"; ValidTo = "2026-06-24 22:51:29Z" } 
+    @{ Name = "Microsoft Corporation KEK 2K CA 2023"; Tag = "MS-KEK-2023"; ValidTo = "2038-03-02 21:31:35Z" } 
+)
+$MicrosoftDB = @(
+    @{ Name = "Microsoft Windows Production PCA 2011"; Tag = "MS-Windows-2011"; ValidTo = "2026-10-19 20:51:42Z" } 
+    @{ Name = "Windows UEFI CA 2023"; Tag = "MS-Windows-2023"; ValidTo = "2035-06-13 21:08:29Z" } 
+    @{ Name = "Microsoft Option ROM UEFI CA 2023"; Tag = "MS-OptionROM-2023"; ValidTo = "2038-10-26 21:12:20Z" } 
+    @{ Name = "Microsoft Corporation UEFI CA 2011"; Tag = "MS-ThirdParty-2011"; ValidTo = "2026-06-27 23:32:45Z" } 
+    @{ Name = "Microsoft UEFI CA 2023"; Tag = "MS-ThirdParty-2023"; ValidTo = "2038-06-13 21:31:47Z" } 
+)
+
+# --- Secure Boot Summary ---
+# SB-SetupMode
+Write-Host "SB :" -NoNewLine
+try {
+    if ($UEFI_Values["SetupMode"].Value) { 
+        Write-Host "$yellow Setup Mode" 
+    } else { 
+        Write-Host "$white User Mode" 
+    }
+} catch {
+    Write-Host "$red Unknown SetupMode status"
+}
+
+# SB-Enabled/Disabled
+Write-Host "SB :" -NoNewLine
+try {
+    if ($UEFI_Values["SecureBoot"].Value) { 
+        Write-Host "$green Enabled"
+    } else { 
+        Write-Host "$red Disabled" 
+        # Check for GPT partition style, as MBR will prevent enablement of UEFI/Secure Boot
+        Show-PartitionStyleDisclaimer
+    }
+} catch {
+    Write-Host "$red Unknown Secure Boot status"
+}
+
+# Show Secure Boot servicing flags, parsed and color-coded
+Show-UEFICA2023Status "SB : " 
+Show-WindowsUEFICA2023Capable "SB : "
+Show-AvailableUpdates "SB : "
+
+# Determine arch for the correct revocation hashes
+$archWin = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -ErrorAction SilentlyContinue).OSArchitecture
+$archMap = @{
+    "amd64" = "x64"
+    "x86"   = "ia32"
+    "arm64" = "aarch64"
+    "arm"   = "arm"
+}
+$archJson = $archMap[$archWin]
+
+# Mandatory revocations
+$JSON_DBX_MANDATORY_HASHSET = @{}; $json.images.$archJson | 
+    Where-Object { -not $_.PSObject.Properties['isOptional']} | 
+    ForEach-Object { $JSON_DBX_MANDATORY_HASHSET[$_.authenticodeHash] = $True }
+
+# Optional revocations (for certificates that are expected to be revoked)
+$JSON_DBX_OPTIONAL_HASHSET = @{}; $json.images.$archJson | 
+    Where-Object { $_.PSObject.Properties['isOptional']} | 
+    ForEach-Object { $JSON_DBX_OPTIONAL_HASHSET[$_.authenticodeHash] = $True }
+
+# Display PK, KEK, DB, DBX
+Spacer
+Show-UEFICerts -Title "Current PK"   -Baseline $MicrosoftPK   -Key "PK"
+Write-Host
+Show-UEFICerts -Title "Default PK"   -Baseline $MicrosoftPK   -Key "PKDefault"
+Spacer
+Show-UEFICerts -Title "Current KEK"  -Baseline $MicrosoftKEK  -Key "KEK"
+Write-Host
+Show-UEFICerts -Title "Default KEK"  -Baseline $MicrosoftKEK  -Key "KEKDefault"
+Spacer
+Show-UEFICerts -Title "Current DB"   -Baseline $MicrosoftDB   -Key "DB"
+
+# Certificate revocation disclaimer
+if ($script:vulnerableCertPresentDB) {
+    Write-Host ("{0}*CAUTION: Vulnerable certificate expected to be REVOKED or REMOVED." -f $red, $gray)
+} else {
+    Write-Host ("{0}*Vulnerable certificate in expected state." -f $gray)
+}
+
+Write-Host
+Show-UEFICerts -Title "Default DB"   -Baseline $MicrosoftDB   -Key "DBDefault"
+Spacer
+Show-UEFIDBX -Title "Current DBX"  -Key "dbx"
+Write-Host
+Show-UEFIDBX -Title "Default DBX"  -Key "dbxDefault"
+Spacer
diff --git a/ps/Get-SystemOverview.psm1 b/ps/Get-SystemOverview.psm1
index 735a9ce..06faa67 100644
--- a/ps/Get-SystemOverview.psm1
+++ b/ps/Get-SystemOverview.psm1
@@ -1,9 +1,10 @@
 # Created by github.com/jcoester
 # Repository https://github.com/cjee21/Check-UEFISecureBootVariables
-
-$reset = "$([char]0x1b)[0m"
-$yellow = "$([char]0x1b)[93m"
-$red   = "$([char]0x1b)[91m"
+# References:
+    # [1] https://support.microsoft.com/topic/registry-key-updates-for-secure-boot-windows-devices-with-it-managed-updates-a7be69c9-4634-42e1-9ca1-df06f43f360d#bkmk_registry_keys_described
+    # [2] https://support.microsoft.com/topic/secure-boot-certificate-updates-guidance-for-it-professionals-and-organizations-e2b43f9f-b424-42df-bc6a-8476db65ab2f#bkmk_preparation
+    # [3] https://support.microsoft.com/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d#bkmk_the_availableupdates_registry_bitmask
+    # [4] https://support.microsoft.com/topic/how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#bkmk_mitigation_guidelines
 
 function Spacer() {
     Write-Host ("-" * 60)
@@ -33,6 +34,18 @@ function Resolve-ArchName {
     }
 }
 
+function Show-PartitionStyleDisclaimer() {
+    $DriveLetter = $env:SystemDrive
+    $PartitionStyle = (Get-Disk -Number (Get-Partition -DriveLetter $DriveLetter.TrimEnd(':')).DiskNumber).PartitionStyle
+    if ($PartitionStyle -ne "GPT") {
+        Write-Warning (
+            "System drive $DriveLetter partitioned as '$PartitionStyle', needs to be 'GPT'.`n" + 
+            "See https://learn.microsoft.com/windows/deployment/mbr-to-gpt before Secure Boot can be enabled."
+        )
+    }
+}
+
+
 function Format-Set($Values) {
 
     $Exclude = @(
@@ -69,31 +82,123 @@ function Format-DeviceModel([string[]]$Values) {
     $result -join ' - '
 }
 
-function Show-WindowsVersion {
-    $windows = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
-    "OS : Windows {0} - {1} (Build {2}.{3}) - {4}" -f `
-        (Get-WindowsVersionFromBuild ([int]$windows.CurrentBuildNumber)),
-        $windows.DisplayVersion,
-        $windows.CurrentBuildNumber,
-        $windows.UBR,
-        (Show-SystemPartitioning)
+function Show-UEFISecureBootEnabled($prefix) {
+    Write-Host $prefix -NoNewLine
+
+    $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State"
+    $prop = "UEFISecureBootEnabled"
+    $value = (Get-ItemProperty $path).$prop
+
+    switch ($value) {
+        1 { Write-Host "Enabled" -ForegroundColor Green }
+        0 { Write-Host "Disabled" -ForegroundColor Red }
+        default { Write-Host "$value unknown for '$prop'" -ForegroundColor Red }
+    }
 }
 
-function Get-PartitionStyle {
-    param([string]$DriveLetter = $env:SystemDrive.TrimEnd(':'))
-    (Get-Disk -Number (Get-Partition -DriveLetter $DriveLetter).DiskNumber).PartitionStyle
+# Ref [1]
+function Show-WindowsUEFICA2023Capable($prefix) {
+    Write-Host $prefix -NoNewLine
+     
+    $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing"
+    $prop = "WindowsUEFICA2023Capable"
+    $value = (Get-ItemProperty $path).$prop
+    switch ($value) {
+        2 { Write-Host "Windows UEFI CA 2023 cert in DB. Starting from 2023 signed boot manager" -ForegroundColor Green }
+        1 { Write-Host "Windows UEFI CA 2023 cert in DB. But NOT starting from 2023 signed boot manager" -ForegroundColor Red }
+        0 { Write-Host "Windows UEFI CA 2023 cert NOT in DB" -ForegroundColor Red }
+        default { Write-Host "$value unknown for '$prop'" -ForegroundColor Red }
+    }
 }
 
-function Show-SystemPartitioning {
-    $DriveLetter = $env:SystemDrive.TrimEnd(':')
+# Ref [1]
+function Show-UEFICA2023Status($prefix) {
+    Write-Host $prefix -NoNewLine
+    
+    $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing"
+    $prop = "UEFICA2023Status"
+    $value = (Get-ItemProperty $path).$prop
+
+    switch ($value) {
+        "Updated" { Write-Host "$value" -ForegroundColor Green }
+        "InProgress" { Write-Host "$value" -ForegroundColor Yellow }
+        "NotStarted" { Write-Host "$value" -ForegroundColor Red }
+        default { Write-Host "$value unknown for '$prop'" -ForegroundColor Red }
+    }
+    
+    $prop = "UEFICA2023Error"
+    $value = (Get-ItemProperty $path).$prop
+    # Show if available
+    if ($value -gt 0) {
+        Write-Host $prefix -NoNewLine
+        Write-Host "Error: $value" -ForegroundColor Red
+    }
 
-    switch(Get-PartitionStyle($DriveLetter)) {
-        "GPT" { "$($DriveLetter): GPT" }
-        "MBR" { $label = "MBR"; return "$($DriveLetter): $red$label$reset" }
-        default { $label = "Can't determine partition style"; return "$yellow$label$reset" }
+    $prop = "UEFICA2023ErrorEvent"
+    $value = (Get-ItemProperty $path).$prop
+    # Show if available
+    if ($value -gt 0) {
+        Write-Host $prefix -NoNewLine
+        Write-Host "ErrorEvent: $value" -ForegroundColor Red
     }
 }
 
+# Ref [2]
+function Show-ConfidenceLevel($prefix) {
+    Write-Host $prefix -NoNewLine
+    
+    $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing"
+    $prop = "ConfidenceLevel"
+    $value = (Get-ItemProperty $path).$prop
+
+    switch -Regex ($value) {
+        "High Confidence" { Write-Host "$value" -ForegroundColor Green }
+        "Under Observation" { Write-Host "$value" -ForegroundColor DarkCyan }
+        "No Data Observed" { Write-Host "$value" -ForegroundColor DarkYellow }
+        "Temporarily Paused" { Write-Host "$value" -ForegroundColor DarkYellow }
+        "Not Supported" { Write-Host "$value" -ForegroundColor DarkRed }
+        default { Write-Host "$value unknown for '$prop'" -ForegroundColor Red }
+    }
+}
+
+# Refs [1] [2] [3] [4]
+function Show-AvailableUpdates($prefix) {
+    Write-Host $prefix -NoNewLine
+    
+    $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot"
+    $prop = "AvailableUpdates"
+    $value = "0x" + ([Convert]::ToString([int64](Get-ItemProperty $path).$prop, 16)).ToUpper()
+
+    switch ($value) {
+        "0x0" { Write-Host "No Secure Boot key updates are performed" }
+        "0x2" { Write-Host "Apply updates to DBX" }
+        "0x4" { Write-Host "Apply 'Microsoft KEK 2K CA 2023' signed by device PK to KEK" }
+        "0x40" { Write-Host "Apply 'Windows UEFI CA 2023' to DB" }
+        "0x80" { Write-Host "Revoke 'Windows Production PCA 2011' to DBX" }
+        "0x100" { Write-Host "Apply 'Windows UEFI CA 2023' signed boot manager" }
+        "0x200" { Write-Host "Apply 'SVN' update to the firmware" }
+        "0x400" { Write-Host "Apply 'Secure Boot Advanced Targeting' (SBAT) to the firmware" }
+        "0x800" { Write-Host "Apply 'Microsoft Option ROM UEFI CA 2023' to DB" }
+        "0x1000" { Write-Host "Apply 'Microsoft UEFI CA 2023' to DB" }
+        "0x4000" { Write-Host "Successful completion of all applicable update actions" }
+        "0x4100" { Write-Host "Manually reboot the system" -ForegroundColor Yellow }
+        "0x4104" { Write-Host "'Microsoft UEFI CA 2023' is added to DB" }
+        "0x5104" { Write-Host "'Microsoft Option ROM UEFI CA 2023' is added to DB" }
+        "0x5904" { Write-Host "'Windows UEFI CA 2023' is added to DB" }
+        "0x5944" { Write-Host "Deploy all needed certificates and update to the PCA2023 signed boot manager" }
+        default { Write-Host "$value unknown for '$prop'" -ForegroundColor Red }
+    }
+}
+
+function Show-WindowsVersion {
+    $windows = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
+    "OS : Windows {0} - {1} (Build {2}.{3})" -f `
+        (Get-WindowsVersionFromBuild ([int]$windows.CurrentBuildNumber)),
+        $windows.DisplayVersion,
+        $windows.CurrentBuildNumber,
+        $windows.UBR
+}
+
 function Show-DeviceOverview {
     (Get-Date).ToString('dd MMM yyyy')
     Spacer
@@ -101,6 +206,10 @@ function Show-DeviceOverview {
     Show-WindowsVersion
 }
 
+function Get-DeviceArch {
+    (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes").OSArchitecture
+}
+
 function Show-Device {
     # Show Secure Boot related device hardware and firmware info
     $device  = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes"
@@ -132,6 +241,11 @@ function Show-Device {
 Export-ModuleMember -Function `
     Spacer,
     Show-WindowsVersion,
-    Get-PartitionStyle,
     Show-DeviceOverview,
-    Resolve-ArchName
+    Resolve-ArchName,
+    Show-UEFISecureBootEnabled,
+    Show-UEFICA2023Status,
+    Show-WindowsUEFICA2023Capable,
+    Show-ConfidenceLevel,
+    Show-AvailableUpdates,
+    Show-PartitionStyleDisclaimer

From 2cf39cd5b7379478f04ae3f9223eff293f33ca52 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Sat, 13 Jun 2026 19:06:12 +0200
Subject: [PATCH 07/11] Add entire revocations check

Due to Microsoft local JSON versioning missing the isOptional tag
---
 ...heck UEFI PK, KEK, DB and DBX-Remaster.ps1 | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1 b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1
index aecdbe3..6627cc8 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
@@ -265,6 +265,27 @@ function Show-UEFIDBX {
         $UEFI_DBX_SVN_APPS[$appHash] = $True}}
 
     # --- EFI Images ---
+    # Check against full JSON revocations # While Microsoft version is broken
+    $DBX_Full_Matches = @() 
+    $DBX_Full_Missing = @()
+    foreach ($hash in $JSON_DBX_FULL_HASHSET.Keys) { 
+        if ($UEFI_DBX_EFI_SET.ContainsKey($hash)) { 
+            $DBX_Full_Matches += $hash 
+        } else { 
+            $DBX_Full_Missing += $hash 
+        } 
+    }
+
+    #  Display mandatory revocation results
+    Write-Host ("{0,-20} : " -f "Entire revocations") -NoNewline    
+    if ($DBX_Full_Missing.Count -eq 0) {
+        $label = "SUCCESS: $($DBX_Full_Matches.Count) revocations detected." 
+        Write-Host "$green$label" 
+    } else {
+        $label = "FAIL: $($DBX_Full_Missing.Count) revocations missing, $($DBX_Full_Matches.Count) detected." 
+        Write-Host "$red$label"
+    }
+
     # Check against mandatory JSON revocations
     $DBX_Mandatory_Matches = @() 
     $DBX_Mandatory_Missing = @()
@@ -442,6 +463,10 @@ $archMap = @{
 }
 $archJson = $archMap[$archWin]
 
+# Full revocations while Microsoft JSON versioning is faulty
+$JSON_DBX_FULL_HASHSET = @{}; $json.images.$archJson | 
+    ForEach-Object { $JSON_DBX_FULL_HASHSET[$_.authenticodeHash] = $True }
+
 # Mandatory revocations
 $JSON_DBX_MANDATORY_HASHSET = @{}; $json.images.$archJson | 
     Where-Object { -not $_.PSObject.Properties['isOptional']} | 

From a560fccffb17dd920135a139f3ace73c3c0fd804 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Sat, 13 Jun 2026 21:51:29 +0200
Subject: [PATCH 08/11] Revert "Add entire revocations check"

This reverts commit 2cf39cd5b7379478f04ae3f9223eff293f33ca52.
---
 ...heck UEFI PK, KEK, DB and DBX-Remaster.ps1 | 25 -------------------
 1 file changed, 25 deletions(-)

diff --git a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1 b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1
index 6627cc8..aecdbe3 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
@@ -265,27 +265,6 @@ function Show-UEFIDBX {
         $UEFI_DBX_SVN_APPS[$appHash] = $True}}
 
     # --- EFI Images ---
-    # Check against full JSON revocations # While Microsoft version is broken
-    $DBX_Full_Matches = @() 
-    $DBX_Full_Missing = @()
-    foreach ($hash in $JSON_DBX_FULL_HASHSET.Keys) { 
-        if ($UEFI_DBX_EFI_SET.ContainsKey($hash)) { 
-            $DBX_Full_Matches += $hash 
-        } else { 
-            $DBX_Full_Missing += $hash 
-        } 
-    }
-
-    #  Display mandatory revocation results
-    Write-Host ("{0,-20} : " -f "Entire revocations") -NoNewline    
-    if ($DBX_Full_Missing.Count -eq 0) {
-        $label = "SUCCESS: $($DBX_Full_Matches.Count) revocations detected." 
-        Write-Host "$green$label" 
-    } else {
-        $label = "FAIL: $($DBX_Full_Missing.Count) revocations missing, $($DBX_Full_Matches.Count) detected." 
-        Write-Host "$red$label"
-    }
-
     # Check against mandatory JSON revocations
     $DBX_Mandatory_Matches = @() 
     $DBX_Mandatory_Missing = @()
@@ -463,10 +442,6 @@ $archMap = @{
 }
 $archJson = $archMap[$archWin]
 
-# Full revocations while Microsoft JSON versioning is faulty
-$JSON_DBX_FULL_HASHSET = @{}; $json.images.$archJson | 
-    ForEach-Object { $JSON_DBX_FULL_HASHSET[$_.authenticodeHash] = $True }
-
 # Mandatory revocations
 $JSON_DBX_MANDATORY_HASHSET = @{}; $json.images.$archJson | 
     Where-Object { -not $_.PSObject.Properties['isOptional']} | 

From 6b9037e9337237c941a886ce87e08488ffcc5e90 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Sun, 14 Jun 2026 18:45:34 +0200
Subject: [PATCH 09/11] Fix other cert status

Add various minor visual improvements
---
 ...heck UEFI PK, KEK, DB and DBX-Remaster.ps1 | 219 +++++++++---------
 1 file changed, 110 insertions(+), 109 deletions(-)

diff --git a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1 b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1
index aecdbe3..2b1ccfa 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
@@ -2,14 +2,13 @@
 # License: MIT
 # Repository: https://github.com/cjee21/Check-UEFISecureBootVariables
 
-# Tracking vulnerable certificate presence for Optional Revocations checks
+# Tracking vulnerable certificate presence
 $script:vulnerableCertPresentDB = $null
 $script:vulnerableCertPresentDBDefault = $null
 
 # ANSI colors
-$reset = "$([char]0x1b)[0m"
+$reset = "$([char]0x1b)[00m"
 $white = "$([char]0x1b)[97m"
-$cyan = "$([char]0x1b)[96m"
 $yellow = "$([char]0x1b)[93m"
 $green = "$([char]0x1b)[92m"
 $red   = "$([char]0x1b)[91m"
@@ -21,49 +20,52 @@ if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdent
     Break
 }
 
-function Get-SignatureCN([string]$s) {
+function Get-SignatureCN {
+    param([string]$s)
+
     if (-not $s) { return $null }
     ($s -split ',')[0].Trim() -replace '^CN\s*=\s*', ''
 }
 
-function Get-SignatureOrg([string]$s) {
+function Get-SignatureOrg {
+    param([string]$s)
+
     if (-not $s) { return $null }
     ($s -split ',')[1].Trim() -replace '^O\s*=\s*', ''
 }
 
 function Get-LatestJsonBySVN {
     param(
-        [object]$LocalJson,
-        [object]$BaselineJson
+        [object]$FirstJson,
+        [object]$SecondJson # Default
     )
 
-    $localMoreRecent = $False
+    $firstMoreRecent = $False
 
-    $local = $LocalJson.svns.version | ForEach-Object { [version]$_ }
-    $baseline = $BaselineJson.svns.version | ForEach-Object { [version]$_ }
+    $first = $FirstJson.svns.version | ForEach-Object { [version]$_ }
+    $second = $SecondJson.svns.version | ForEach-Object { [version]$_ }
 
     # Compare amount of SVNs
-    if ($local.Count -gt $baseline.Count) {
-        $localMoreRecent = $True
+    if ($first.Count -gt $second.Count) {
+        $firstMoreRecent = $True
     } else {
         # Compare SVN values
-        for ($i = 0; $i -lt $local.Count; $i++) {
-            # Immediately determine from first difference
-            if ($local[$i] -gt $baseline[$i]) {
-                $localMoreRecent = $True
+        for ($i = 0; $i -lt $first.Count; $i++) {
+            # Immediately determine on first difference
+            if ($first[$i] -gt $second[$i]) {
+                $firstMoreRecent = $True
                 break
-            } elseif ($baseline[$i] -gt $local[$i]) { 
+            } elseif ($second[$i] -gt $first[$i]) { 
                 break 
             }
         }
     }
 
-    # Return latest JSON
-    if ($localMoreRecent) {
-        return $LocalJson
+    if ($firstMoreRecent) {
+        return $FirstJson # First if more recent
     } 
     
-    return $BaselineJson
+    return $SecondJson # Default
 }
 
 function Split-SVNEntry {
@@ -81,9 +83,7 @@ function Split-SVNEntry {
     # Sample: 01|612B139DD5598843AB1C185C3CB2EB92|0000|0900|0000000000000000000000
     # Sample interpretated as "Windows Bootmgr SVN 9.0"
     
-    $b = for ($i = 0; $i -lt $hex.Length; $i += 2) {
-        [Convert]::ToByte($hex.Substring($i,2),16)
-    }
+    $b = for ($i = 0; $i -lt $hex.Length; $i += 2) { [Convert]::ToByte($hex.Substring($i,2),16) }
 
     $applications = @{
         "612B139DD5598843AB1C185C3CB2EB92" = "Windows Bootmgr SVN"
@@ -94,7 +94,7 @@ function Split-SVNEntry {
     $applicationHash = ($b[1..16] | ForEach-Object { $_.ToString("X2") }) -join ''
     
     $application = $applications[$applicationHash]
-    if (-not $application) { $application = "UNKNOWN" }
+    if (-not $application) { $application = $applicationHash } # Return the hash if name not recognized
 
     $minor = [BitConverter]::ToUInt16($b, 17)
     $major = [BitConverter]::ToUInt16($b, 19)
@@ -106,21 +106,29 @@ function Split-SVNEntry {
     }
 }
 
-function Get-DaysUntilExpiration($validTo) {
+function Get-TimeUntilExpiration {
+    param(
+        [datetime]$validTo,
+        [string]$Key
+    )
+
+    # Skip for Default PK, KEK, DB. Only Current
+    if ($Key -like "*Default*") { return "" }
+        
     $now = Get-Date
-    $validTo = [datetime]$validTo
-    $isValid = $now -le $validTo
-    $span = if ($validTo -ge $now) { $validTo - $now } else { $now - $validTo }
-    $time = [math]::Floor($span.TotalDays)
-    if ($isValid) {
+    $time = [math]::Floor(($validTo - $now).TotalDays)
+    
+    # Not expired yet
+    if ($now -le $validTo) {
         if ($time -lt 365) { 
             $suffix = if ($time -eq 1) { "" } else { "s" }
-            return "$yellow$time day$suffix$reset" # Less than a year: Yellow
+            return "$yellow$time day$suffix$reset" # Less than a year: n day(s)
         } else { 
             $time = [int]($time / 365)
             $suffix = if ($time -eq 1) { "" } else { "s" }
-            return "$green$time year$suffix$reset" # Longer than a year: Green
+            return "$green$time year$suffix$reset" # Longer than a year: n year(s)
         }
+    # Already expired
     } else {
         $text = "Expired"
         return "$yellow$text$reset"
@@ -142,98 +150,92 @@ function Show-UEFICerts {
         return 
     }
 
-    # Current DBX for Current lookup, Default DBX for Defaults.
+    # Lookup DBX / DBXDefault 
     if ($Key -like "*Default*") { $reference = "DBXDefault" } else { $reference = "DBX" }
 
     # UEFI values
     $Values = $UEFI_Values[$Key]
 
-    # Check against Microsoft Baseline
+    # Check against Microsoft baseline
     foreach ($entry in $Baseline) {
-        $name = $entry.Name
+        
+        $name = $entry.Name # Cert CN
+        $tag = "$reset$($entry.Tag)$reset" # MS Baseline identification tag, ensure length as other tags
 
         # Found match
         $match = $Values | Where-Object { (Get-SignatureCN $_.Subject) -eq $name }
         $present = $null -ne $match
         
-        # Display Microsoft PK only if present. Since there can only be one PK.
+        # Display Microsoft PK baseline only if present. Since there can only be one PK.
         if (($Key -eq "PK" -or $Key -eq "PKDefault") -and -not $match) { continue }
 
         # Verify SignatureOwner to be Microsoft
         if ($present -and (-not ($Values.SignatureOwner -eq $SignatureOwnerMicrosoft))) {
             Write-Host $red"SignatureOwner not Microsoft, the certificate might impersonate one."
-        } 
+        }
 
-        # Check if revoked in DBX/DBXDefault
+        # Check if revoked in reference: DBX or DBXDefault
         $revoked = $UEFI_Values[$reference] | Where-Object {
             $_.SignatureOwner -eq $match.SignatureOwner -and
             $_.Subject -eq $match.Subject
         }
 
-        # Show expiration time for current certificates
-        if ($Key -like "*Default*") { 
-            $expiration = "" 
-        } else { 
-            $expiration = Get-DaysUntilExpiration $entry.ValidTo 
-        }
-
-        # Status text
+        # Assign text and color
         if ($revoked) {
             $state = "REVOKED"
+            $color = $red
         } elseif ($present) {
             $state = "PRESENT"
+            $color = $green
         } else {
             $state = "ABSENT"
+            $color = $gray
         }
 
-        # Status color
-        $color = switch ($state) {
-            "REVOKED" { $red }
-            "PRESENT" { $green }
-            "ABSENT"  { $gray }
-        }
-
-        # Add asterix if cert is marked as vulnerable in Microsoft JSON.
-        $revocation = $json.certificates | Where-Object { (Get-SignatureCN $_.subjectName) -eq $name }
-        if ($revocation) {
+        # Add asterix if cert is marked vulnerable in Microsoft JSON.
+        $vulnerable = $json.certificates | Where-Object { (Get-SignatureCN $_.subjectName) -eq $name }
+        if ($vulnerable) {
             $name = switch ($state) {
-                "REVOKED" { "{0}{1}{2}{3}" -f $name, $gray, "*", $reset } # Successfully revoked
-                "PRESENT" { "{0}{1}{2}{3}" -f $name, $red, "*", $reset; # Caution: Vulnerable cert present 
+                "ABSENT"  { "$name$gray*$reset" } # Recommended state for vulnerable cert
+                "REVOKED" { "$name$gray*$reset" } # Recommended state for vulnerable cert
+                "PRESENT" { "$name$red*$reset"; # CAUTION state for vulnerable cert
                     if ($reference -eq "DBX") { 
-                        $script:vulnerableCertPresentDB = $True # Present in Current DB
-                    } elseif ($reference -eq "DBXDefault") { 
-                        $script:vulnerableCertPresentDBDefault = $True # Present in Default DB
+                        $script:vulnerableCertPresentDB = $True 
+                    } else { 
+                        $script:vulnerableCertPresentDBDefault = $True 
                     }
                 }
-                "ABSENT"  { "{0}{1}{2}{3}" -f $name, $gray, "*", $reset } # Successfully removed, or never added
             } 
-        }
-
-        $msTag = "$($entry.Tag)$reset" # MS cert identification tag
-        $status = "$color$state$reset"
+        } else { $name = "$name$reset$reset" } # Reserve same space without revocation asterix
 
-        "{0,-16} {1,-38} [{2}] {3}" -f $status, $name, $msTag, $expiration
+        "{0,-17} {1,-48} {2} {3}" -f 
+            "$color$state$reset", $name, "[$tag]", (Get-TimeUntilExpiration $entry.ValidTo $Key)
     }
 
     # Remaining certs, outside of Microsoft Baseline
     $remaining = $Values | Where-Object { (Get-SignatureCN $_.Subject) -notin ($Baseline | ForEach-Object { $_.Name }) }
     foreach ($entry in $remaining) {
-        $name = Get-SignatureCN $entry.Subject
 
-        # Automatically present
-        $state = "PRESENT"
+        $name = Get-SignatureCN $entry.Subject # Cert CN
+        $tag = "$gray$(Get-SignatureOrg $entry.Subject)$reset" # Cert O
 
-        # Show expiration time only for current certificates, not default
-        if ($Key -like "*Default*") { 
-            $expiration = "" 
-        } else { 
-            $expiration = Get-DaysUntilExpiration $entry.ValidTo 
+        # Check if revoked in reference: DBX or DBXDefault
+        $revoked = $UEFI_Values[$reference] | Where-Object {
+            $_.SignatureOwner -eq $match.SignatureOwner -and
+            $_.Subject -eq $match.Subject
         }
 
-        $nonMsTag = "$gray$(Get-SignatureOrg $entry.Subject)$reset" # Non-MS cert organization
-        $status = "{0}{1}{2}" -f $green, $state, $reset 
+        # Assign text and color
+        if ($revoked) {
+            $state = "REVOKED"
+            $color = $red
+        } else {
+            $state = "PRESENT"
+            $color = $green
+        } 
 
-        "{0,-16} {1,-38} [{2}] {3}" -f $status, $name, $nonMsTag, $expiration
+        "{0,-17} {1,-48} {2} {3}" -f 
+            "$color$state$reset", "$name$reset$reset", "[$tag]", (Get-TimeUntilExpiration $entry.ValidTo $Key)
     }
 }
 
@@ -254,15 +256,18 @@ function Show-UEFIDBX {
         return 
     }
 
-    # All UEFI DBX revocations
+    # EFI images (All Hashes excluding SVN hashes)
     $UEFI_DBX_EFI_SET = @{}; $UEFI_Values[$Key].Where({ $_.SignatureOwner -ne "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
         ForEach-Object { if ($_.Hash) { $UEFI_DBX_EFI_SET[$_.Hash] = $True }}
+    # Certificates
     $UEFI_DBX_CERT_SET = @{}; $UEFI_Values[$Key] | ForEach-Object { if ($_.Subject) { $UEFI_DBX_CERT_SET[$_.Subject] = $True }}
+    # SVN hashes
     $UEFI_DBX_SVN_SET = @{}; $UEFI_Values[$Key].Where({ $_.SignatureOwner -eq "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
         ForEach-Object { if ($_.Hash) { $UEFI_DBX_SVN_SET[$_.Hash] = $True }}
+    # Apps derived SVN hashes
     $UEFI_DBX_SVN_APPS = @{}; foreach ($entry in $UEFI_DBX_SVN_SET.GetEnumerator()) {
-    if (($appHash = (Split-SVNEntry $entry.Name).ApplicationHash)) {
-        $UEFI_DBX_SVN_APPS[$appHash] = $True}}
+        if (($appHash = (Split-SVNEntry $entry.Name).ApplicationHash)) { $UEFI_DBX_SVN_APPS[$appHash] = $True}
+    }
 
     # --- EFI Images ---
     # Check against mandatory JSON revocations
@@ -275,14 +280,13 @@ function Show-UEFIDBX {
             $DBX_Mandatory_Missing += $hash 
         } 
     }
-
     #  Display mandatory revocation results
     Write-Host ("{0,-20} : " -f "Main revocations") -NoNewline    
     if ($DBX_Mandatory_Missing.Count -eq 0) {
-        $label = "SUCCESS: $($DBX_Mandatory_Matches.Count) revocations detected." 
+        $label = "SUCCESS: $($DBX_Mandatory_Matches.Count) successes." 
         Write-Host "$green$label" 
     } else {
-        $label = "FAIL: $($DBX_Mandatory_Missing.Count) revocations missing, $($DBX_Mandatory_Matches.Count) detected." 
+        $label = "FAIL: $($DBX_Mandatory_Missing.Count) missing, $($DBX_Mandatory_Matches.Count) successes." 
         Write-Host "$red$label"
     }
 
@@ -299,13 +303,12 @@ function Show-UEFIDBX {
             } else { 
                 $DBX_Optional_Missing += $hash } 
         }
-
         # Display optional revocations results
         if ($DBX_Optional_Missing.Count -eq 0) { 
-            $label = "SUCCESS: $($DBX_Optional_Matches.Count) revocations detected." 
+            $label = "SUCCESS: $($DBX_Optional_Matches.Count) successes." 
             Write-Host "$green$label" 
         } else { 
-            $label = "FAIL: $($DBX_Optional_Missing.Count) revocations missing, $($DBX_Optional_Matches.Count) detected." 
+            $label = "FAIL: $($DBX_Optional_Missing.Count) missing, $($DBX_Optional_Matches.Count) successes." 
             Write-Host "$red$label" 
         }
 
@@ -315,13 +318,12 @@ function Show-UEFIDBX {
     }
     
     # --- SVNs ---
-    # Read highest UEFI SVNs for each Application, e.g. Bootmgr might have multiple historical entries with increasing SVN.
+    # Determine high UEFI SVNs for each application, e.g. Bootmgr might have multiple historical entries with increasing SVN.
     $UEFI_SVN_LOOKUP = @{}
     foreach ($entry in $UEFI_DBX_SVN_SET.GetEnumerator()) {
         $obj = Split-SVNEntry $entry.Name
         if (-not $UEFI_SVN_LOOKUP.ContainsKey($obj.ApplicationHash) -or $obj.SVN -gt $UEFI_SVN_LOOKUP[$obj.ApplicationHash].SVN) { 
-            $UEFI_SVN_LOOKUP[$obj.ApplicationHash] = $obj 
-        }
+            $UEFI_SVN_LOOKUP[$obj.ApplicationHash] = $obj }
     }
 
     # Check UEFI SVNs against Microsoft JSON baseline
@@ -332,10 +334,10 @@ function Show-UEFIDBX {
         Write-Host ("{0,-20} : " -f $json.ApplicationName) -NoNewline
         # UEFI SVN applied 
         if ($fw) {
-            # UEFI meets JSON Baseline: Compliant
+            # UEFI meets JSON Baseline
             if ($fw.SVN -ge $json.SVN) {
                 Write-Host $green$($fw.SVN)
-            # UEFI lower than JSON Baseline: Not compliant, Show target version
+            # UEFI fails JSON Baseline: Show JSON target SVN
             } else {
                 Write-Host "$red$($fw.SVN) (Target $($json.SVN))"
             }
@@ -346,15 +348,15 @@ function Show-UEFIDBX {
         }
     }
 
-    ("{0,-20} : {1} EFI images, {2} certificates, {3} SVNs from {4} apps") -f 
+    ("{0,-20} : {1} EFI images, {2} certificates, {3} SVNs for {4} apps") -f 
         "Revocation summary", 
-        ($UEFI_DBX_EFI_SET.Count), 
+        $UEFI_DBX_EFI_SET.Count, 
         $UEFI_DBX_CERT_SET.Count,
         $UEFI_DBX_SVN_SET.Count, 
         $UEFI_DBX_SVN_APPS.Count
 }
 
-# Read UEFI once; 'dbt' and 'dbtDefault' omitted.
+# Read Secure Boot UEFI once; 'dbt' and 'dbtDefault' not used.
 $UEFI_Keys = @("SecureBoot","SetupMode","PK","PKDefault","KEK","KEKDefault","db","dbDefault","dbx","dbxDefault")
 $UEFI_Values = @{}
 foreach ($Key in $UEFI_Keys) {
@@ -378,13 +380,13 @@ $baselineJson = Get-Content "$PSScriptRoot\..\dbx_info\dbx_info_msft_latest.json
 $localJsonPath = (Join-Path (Split-Path (Get-Command Get-SecureBootUEFI).DLL -Parent) "hashes.json") 
 $localJson = Get-Content $localJsonPath -Raw | ConvertFrom-Json
 
-# Determine which JSON (GitHub, Local) is more recent
-$json = Get-LatestJsonBySVN $localJson $baselineJson
+# Determine most recent JSON (from GitHub, or local Windows Update rollout)
+$json = Get-LatestJsonBySVN $localJson $baselineJson # Second = Default
 
-# MS Signature
+# MS Signature for certificate verification
 $SignatureOwnerMicrosoft = "77fa9abd-0359-4d32-bd60-28f4e78f784b"
 
-# Expected Microsoft certs
+# Baseline Microsoft certs
 $MicrosoftPK = @(
     @{ Name = "Windows OEM Devices PK"; Tag = "MS-PK"; ValidTo = "2038-09-18 22:28:26Z" }
 )
@@ -431,8 +433,9 @@ try {
 Show-UEFICA2023Status "SB : " 
 Show-WindowsUEFICA2023Capable "SB : "
 Show-AvailableUpdates "SB : "
+Spacer
 
-# Determine arch for the correct revocation hashes
+# Determine arch for the correct EFI revocation hashes
 $archWin = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -ErrorAction SilentlyContinue).OSArchitecture
 $archMap = @{
     "amd64" = "x64"
@@ -447,34 +450,32 @@ $JSON_DBX_MANDATORY_HASHSET = @{}; $json.images.$archJson |
     Where-Object { -not $_.PSObject.Properties['isOptional']} | 
     ForEach-Object { $JSON_DBX_MANDATORY_HASHSET[$_.authenticodeHash] = $True }
 
-# Optional revocations (for certificates that are expected to be revoked)
+# Optional revocations (likely for certificates that are expected to be revoked)
 $JSON_DBX_OPTIONAL_HASHSET = @{}; $json.images.$archJson | 
     Where-Object { $_.PSObject.Properties['isOptional']} | 
     ForEach-Object { $JSON_DBX_OPTIONAL_HASHSET[$_.authenticodeHash] = $True }
 
 # Display PK, KEK, DB, DBX
-Spacer
 Show-UEFICerts -Title "Current PK"   -Baseline $MicrosoftPK   -Key "PK"
 Write-Host
 Show-UEFICerts -Title "Default PK"   -Baseline $MicrosoftPK   -Key "PKDefault"
-Spacer
+Write-Host
 Show-UEFICerts -Title "Current KEK"  -Baseline $MicrosoftKEK  -Key "KEK"
 Write-Host
 Show-UEFICerts -Title "Default KEK"  -Baseline $MicrosoftKEK  -Key "KEKDefault"
-Spacer
+Write-Host
 Show-UEFICerts -Title "Current DB"   -Baseline $MicrosoftDB   -Key "DB"
 
 # Certificate revocation disclaimer
 if ($script:vulnerableCertPresentDB) {
-    Write-Host ("{0}*CAUTION: Vulnerable certificate expected to be REVOKED or REMOVED." -f $red, $gray)
+    Write-Host ("{0}*CAUTION: Vulnerable certificate recommended to be ABSENT or REVOKED." -f $red, $gray)
 } else {
-    Write-Host ("{0}*Vulnerable certificate in expected state." -f $gray)
+    Write-Host ("{0}*Vulnerable certificate in recommended state." -f $gray)
 }
 
 Write-Host
 Show-UEFICerts -Title "Default DB"   -Baseline $MicrosoftDB   -Key "DBDefault"
-Spacer
+Write-Host
 Show-UEFIDBX -Title "Current DBX"  -Key "dbx"
 Write-Host
 Show-UEFIDBX -Title "Default DBX"  -Key "dbxDefault"
-Spacer

From caea8d2234ec9a47068c10c433b3c0b11830eb91 Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Wed, 17 Jun 2026 23:19:22 +0200
Subject: [PATCH 10/11] Lookup KEK update package for PK

Further add var. total bytes size and error codes
---
 dbx_info/dbx_info_msft_latest.json            |  209 +-
 dbx_info/kek_update_map.json                  | 3810 +++++++++++++++++
 ...heck UEFI PK, KEK, DB and DBX-Remaster.ps1 |  180 +-
 3 files changed, 4094 insertions(+), 105 deletions(-)
 create mode 100644 dbx_info/kek_update_map.json

diff --git a/dbx_info/dbx_info_msft_latest.json b/dbx_info/dbx_info_msft_latest.json
index 8404950..2871ad2 100644
--- a/dbx_info/dbx_info_msft_latest.json
+++ b/dbx_info/dbx_info_msft_latest.json
@@ -497,6 +497,7 @@
                 "flatHash": "3D23947C39680B9FCF22B092B97C9D38EDCC02F7AD13D3A925D1EE0B62797E73",
                 "filename": "grubx64.efi",
                 "description": "CVE-2020-10713; CVE-2020-14308; CVE-2020-14309; CVE-2020-14310; CVE-2020-14311; CVE-2020-15705; CVE-2020-15706; CVE-2020-15707",
+                "isOptional": "true",
                 "companyName": "Canonical",
                 "dateOfAddition": "2020-07-01",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
@@ -507,6 +508,7 @@
                 "flatHash": "0AC2943ABF5EF953B939247B74331FB2C437E405A81DD5569D9CFF1D6183D53A",
                 "filename": "gcdx64.efi",
                 "description": "CVE-2020-10713; CVE-2020-14308; CVE-2020-14309; CVE-2020-14310; CVE-2020-14311; CVE-2020-15705; CVE-2020-15706; CVE-2020-15707",
+                "isOptional": "true",
                 "companyName": "Canonical",
                 "dateOfAddition": "2020-07-01",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
@@ -517,6 +519,7 @@
                 "flatHash": "8E8ADDB29426D845A0101C2C1F26C2E7FE8C78128AB04F16CFCB4E06461B0101",
                 "filename": "grubnetx64.efi",
                 "description": "CVE-2020-10713; CVE-2020-14308; CVE-2020-14309; CVE-2020-14310; CVE-2020-14311; CVE-2020-15705; CVE-2020-15706; CVE-2020-15707",
+                "isOptional": "true",
                 "companyName": "Canonical",
                 "dateOfAddition": "2020-07-01",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
@@ -4321,8 +4324,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "CBFA2A86144EB21D65A6B17245BAD4F73058436C7292BE56DC6EBAB29DA61606",
                 "hashType": "SHA256",
                 "flatHash": "A4A5D536E11A12E1023ED51ACDBA64107C5B463822D31C6F5F7855B32FF031D1",
@@ -4331,8 +4334,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "9D7E7174C281C6526B44C632BAA8C3320ADD0C77DC90778CC148938829F45E5E",
                 "hashType": "SHA256",
                 "flatHash": "1BA53A168EA9F0C2835BBD11EC1DD4DCAE9D8C9312F8FFEE1362359844674870",
@@ -4341,8 +4344,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "9B1F35052CFC5FB06DAB5E8F7B47F081DA28D722DB59ADE253B9E38AB5A19847",
                 "hashType": "SHA256",
                 "flatHash": "821C96C73C476C194ED456F70826DA9BC06857A29B0EB6A0FE9B1286686DAD18",
@@ -4351,8 +4354,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "E3C5E55E84371D3F2FBCA2241EF0711FF80876EBF71BAB07D8E6E45AAA8B45AF",
                 "hashType": "SHA256",
                 "flatHash": "FBE157A9E4D1522A6A06BF9AACB7F4792EE631E4F8D447D7DBD81315178098A6",
@@ -4361,8 +4364,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "EE093913ABBD3D4CB85EA31375179A8B55A298353C03AFE5055AA4E8EBD10EC2",
                 "hashType": "SHA256",
                 "flatHash": "495157D91DFD7F1255C56E4C6A389DA5B35D1F542B35360512AAED05CFEDC880",
@@ -4371,8 +4374,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "B4E1880425F7857B741B921D04FD9276130927CF90A427C454B970E7A28EB88B",
                 "hashType": "SHA256",
                 "flatHash": "27E2C712A58ACA27B35E78303E46E24E50061C955743363AE6D10F5C9A823A6D",
@@ -4381,8 +4384,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "CDA0B4A59390B36E1B654850428CBB5B4C7B5E4349E87ACDE97FB5437D64D9FC",
                 "hashType": "SHA256",
                 "flatHash": "D3AFD86D86D52AF45964DF9ECD2B01EEE9B3A5468C660A88EA12E857D961DC42",
@@ -4391,8 +4394,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "C87EFD057497F90321D62A69B311912BE8EF8A045FE9C5E6BD5C8C1A41D6B295",
                 "hashType": "SHA256",
                 "flatHash": "FB4CE9A346B67C4C706834A95B81910DDE9C2CAFE4996D2BFBB8CAA4BAD8942D",
@@ -4401,8 +4404,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "9E19DD645235341A555DA6C065594543AE1E3918ECD37DF22DFEBE91E71C3A59",
                 "hashType": "SHA256",
                 "flatHash": "663A8A79C13174E7B262A1C49080F6E7A44B0717B006AB54B9D5D5CC5A6C9304",
@@ -4411,8 +4414,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "63F67824FDA998798964FF33B87441857DA92F3A8EE3E04166EEC315E6600FD1",
                 "hashType": "SHA256",
                 "flatHash": "71EDB98CBB9E136BE2E22AF4EC2727854D906B613185B46FA128DC559144F73F",
@@ -4421,8 +4424,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "0BC4F078388D41AB039F87AE84CF8D39302CCBDD70C4ADE02263EBFCE6DEF0F5",
                 "hashType": "SHA256",
                 "flatHash": "9F068CD3ABD8BC4291C3A3AAC3E009F90343DF138EA06D6940C689110BC7E687",
@@ -4431,8 +4434,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "E2AEC271B9596A461EB6D54D8B1785E4E4C615CFAD5F4504BCC0A329433A9747",
                 "hashType": "SHA256",
                 "flatHash": "799DDA62A826D774074B7DB847593020F95BC43A11C66CA7AE41691954D97CF5",
@@ -4441,8 +4444,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "6B4328EBCBE46ED9118FF2D4472DE329D70BA83016DF7A6F50F8AF923883BC54",
                 "hashType": "SHA256",
                 "flatHash": "A11996AAF7F32AA09F78DB608106E25A47970BFEEEC76D49AF743EEE71B55F06",
@@ -4451,8 +4454,8 @@
                 "companyName": "DT Research Inc",
                 "dateOfAddition": "2025-05-07",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              },
-              {
+            },
+            {
                 "authenticodeHash": "E14C88DC48339C0555686849A4E3F8986D558E65C4FC863A1A4F1D40478BD47C",
                 "hashType": "SHA256",
                 "flatHash": "0C1E0821CEF69A0BC2798996C6CE0B60564B2A1A9D67EF89F3059023EDAB720C",
@@ -4461,9 +4464,129 @@
                 "companyName": "IGEL",
                 "dateOfAddition": "2025-09-02",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
-              }
-            ],
-            "ia32": [
+            },
+            {
+                "authenticodeHash": "D013BA511AEE89BA3285D1CAC0C9F4F21EF4810873C2EBBFFE7712BF0BE8CED3",
+                "hashType": "SHA256",
+                "flatHash": "926BB1A08E1427AB7E14587955D451A8A05808BE609C92CB74668B0828DD8CE1",
+                "filename": "shdloader.efi",
+                "description": "EasyFix tool from EAZ solutions",
+                "companyName": "EAZ Solutions",
+                "dateOfAddition": "2026-04-02",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "AE75F0D82BA3DF824FBFC69340CC3B4D66C598373B1AB54CDB6C8BFD83A6B961",
+                "hashType": "SHA256",
+                "flatHash": "1D18DF4B15D3BC3DFFA1777A557075210DD0C53B",
+                "filename": "bootX64.efi",
+                "description": "Uploaded to VirusTotal as a part of ZIP archive named spyrus.zip which contains files related to WTGCreator software in version V4.2",
+                "companyName": "Spyrus",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "7B2A3F5C96F95BD8086CE54B0825E300F9C8F11FE3401BB631B3215C8DE9EB10",
+                "hashType": "SHA256",
+                "flatHash": "3F24DD838C5C9E35B104FA2F3B74AC6A5BF92FD2",
+                "filename": "BOOTX64.EFI",
+                "description": "The shim can be found in the rhel-server-7.2-x86_64-dvd.iso",
+                "companyName": "RedHat",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "EB86FA1386FE6E4533B8B938DCC1250616D2F1C14C15E2FCF80834A161018A0A",
+                "hashType": "SHA256",
+                "flatHash": "E133BE08E8AD17AC00E3C8ED215499C5F3C54E64",
+                "filename": "BOOTX64.EFI",
+                "description": "The shim can be found in the CentOS-7-x86_64-DVD-1511.iso",
+                "companyName": "RedHat",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "FD23D6E57DE6F4E1F9D7118DA1C5F31A8AF6BE5E5D9E8170F9493447268D50C5",
+                "hashType": "SHA256",
+                "flatHash": "8637D7EFA23A8A5738F2E4AACB6C9919B405AA2C",
+                "filename": "shim_x64.efi",
+                "description": "Part of Baramanudi Management Suite software",
+                "companyName": "Baramundi",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "A0DE9333442C1BF9349A460141AE5E80F911955C6506040FA3D021BF6C1AE3E4",
+                "hashType": "SHA256",
+                "flatHash": "8A402AFCD3C23D9253BBEA08576113C63E448AD0",
+                "filename": "",
+                "description": "part of ISO image named wd-enterprise-dongle.iso",
+                "companyName": "WhiteCanyon/blancco",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "95B6D71FC0C0F8C5E1533A37AEF92CF6B0C961E2CC612A97117FA6759CE5FC06",
+                "hashType": "SHA256",
+                "flatHash": "8A83FA30DBF0073F33EAD298A7D5CD69A47C3A4B",
+                "filename": "vbootx64.efi",
+                "description": "",
+                "companyName": "Finland's Matriculation Examination Board",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "236A9CB0D71951C36398A32EB660CE2CD4A52CCFA7CF751CC6A35D9DE549E19B",
+                "hashType": "SHA256",
+                "flatHash": "8F9E8DB8E2C2157C2A591F2BE070FF96BFE318C7",
+                "filename": "",
+                "description": "The shim can be found in ROSA.FRESH.PLASMA.R9.x86_64.uefi.iso or ROSA.FRESH.PLASMA.R10.x86_64.uefi.iso",
+                "companyName": "NTC IT ROSA, LLC",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "5E594C448760A3135B1A3A83E07A4F2E6FBE49414EF2C7CAB1CBA77F284FA63B",
+                "hashType": "SHA256",
+                "flatHash": "A16136899A12AD214FA4FBA60072BA72FBAB8BCA",
+                "filename": "shimx64.efi",
+                "description": "The shim can be found in the OracleLinux-R7-U2-Server-x86_64-dvd.iso or shim-signed-0.9-2.0.3.el7.src.rpm package from the OracleLinux 7.2",
+                "companyName": "Oracle America, Inc.",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "8A964D5F8373948D20A1D4296FB92E545DAD4617A0C810F3B934B53D98AE8963",
+                "hashType": "SHA256",
+                "flatHash": "BC01320D8FF8343B348EF8F3C947A66EB8FD9CE2",
+                "filename": "bootx64.efi",
+                "description": "",
+                "companyName": "PC-Doctor, Inc.",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "410260B1B6F5AF5FBEEB9EA3220658435E876CB3247126EE907A437F312DB373",
+                "hashType": "SHA256",
+                "flatHash": "3CF8BEB1E2885F51CA04002425C4F3C796D105BC",
+                "filename": "shimx64.efi",
+                "description": "OpenSUSE shim-0.9-10.1.x86_64.rpm",
+                "companyName": "OpenSUSE",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "96275DFD6282A522B011177EE049296952AC794832091F937FBBF92869028629",
+                "hashType": "SHA256",
+                "flatHash": "6DB5266E80C9D51CDD54421E736DF2E6E6879A56",
+                "filename": "shimx64.efi",
+                "description": "OpenSUSE shim-0.9-2.1.x86_64.rpm",
+                "companyName": "OpenSUSE",
+                "dateOfAddition": "2026-04-09",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            }
+        ],
+        "ia32": [
             {
                 "authenticodeHash": "363384D14D1F2E0B7815626484C459AD57A318EF4396266048D058C5A19BBF76",
                 "hashType": "SHA256",
@@ -5427,6 +5550,16 @@
                 "companyName": "IGEL",
                 "dateOfAddition": "2025-09-02",
                 "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
+            },
+            {
+                "authenticodeHash": "A059D649606A11F88E6BA2883491C6EB4CAD48E433846E29CAB8D14547164016",
+                "hashType": "SHA256",
+                "flatHash": "C458F16FEB497594F5E15575FBF17734161A4DE8FF04E37585B0ED081FB0F9A1",
+                "filename": "shdloader.efi",
+                "description": "EasyFix tool from EAZ solutions",
+                "companyName": "EAZ Solutions",
+                "dateOfAddition": "2026-04-02",
+                "signingAuthority": "CN = Microsoft Corporation UEFI CA 2011"
             }
         ],
         "aarch64": [
@@ -6891,7 +7024,7 @@
                 "signingAuthority": "CN = Microsoft Windows Production PCA 2011"
             }
         ]
-	},
+    },
     "certificates": [
         {
             "value": "MicWinProPCA2011_2011-10-19.der",
@@ -6903,15 +7036,15 @@
         }
     ],
 	"svns": [
-		{
-            "value": "01612B139DD5598843AB1C185C3CB2EB92000008000000000000000000000000",
-            "version": "8.0",
+        {
+            "value": "01612B139DD5598843AB1C185C3CB2EB92000009000000000000000000000000",
+            "version": "9.0",
             "filename": "bootmgfw.efi",
             "guid": "{9d132b61-59d5-4388-ab1c-185c3cb2eb92} == EFI_BOOTMGR_DBXSVN_GUID",
             "description": "Windows Bootmgr SVN CVE-2023-24932",
             "dateOfLastChange": "2026-04-10"
         },
-		{
+        {
             "value": "019D2EF8E827E15841A4884C18ABE2F284000003000000000000000000000000",
             "version": "3.0",
             "filename": "cdboot.efi",
@@ -6919,7 +7052,7 @@
             "description": "Windows cdboot SVN CVE-2023-24932",
             "dateOfLastChange": "2024-04-01"
         },
-		{
+        {
             "value": "01C2CA99C9FE7F6F4981279E2A8A535976000003000000000000000000000000",
             "version": "3.0",
             "filename": "wdsmgfw.efi",
@@ -6928,4 +7061,4 @@
             "dateOfLastChange": "2024-04-01"
         }
 	]
-}
\ No newline at end of file
+}
diff --git a/dbx_info/kek_update_map.json b/dbx_info/kek_update_map.json
new file mode 100644
index 0000000..1d2bc41
--- /dev/null
+++ b/dbx_info/kek_update_map.json
@@ -0,0 +1,3810 @@
+{
+    "9a3056b5260f628645b4d9ac61aebd8060305c3e": {
+        "KEKUpdate": "AMI/KEKUpdate_AMI_PK1.bin",
+        "Certificate": {
+            "serial_number": "ea01f2fb64c48b8f4390e52d69123b85",
+            "issued_to": "CN=DO NOT TRUST - AMI Test PK",
+            "issued_by": "CN=DO NOT TRUST - AMI Test PK"
+        }
+    },
+    "a773113bafaf5129aa83fd0912e95da4fa555f91": {
+        "KEKUpdate": "AMI/KEKUpdate_AMI_PK2.bin",
+        "Certificate": {
+            "serial_number": "e4126c1da6b1d49f4194e0fe365059c9",
+            "issued_to": "CN=DO NOT TRUST - AMI Test PK",
+            "issued_by": "CN=DO NOT TRUST - AMI Test PK"
+        }
+    },
+    "6592a50636faf8be9ae74f0f7f8bd744fa44b329": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK1.bin",
+        "Certificate": {
+            "serial_number": "55fbef878123008447170bb3cd873af4",
+            "issued_to": "CN=DO NOT TRUST - AMI Test PK",
+            "issued_by": "CN=DO NOT TRUST - AMI Test PK"
+        }
+    },
+    "2b6ccde909230f89447d8a583d03a432d686faee": {
+        "KEKUpdate": "AMI/KEKUpdate_AMI_PK4.bin",
+        "Certificate": {
+            "serial_number": "f73d2e3c9364aeb04c8395fdf7ed32a7",
+            "issued_to": "CN=DO NOT TRUST - AMI Test PK",
+            "issued_by": "CN=DO NOT TRUST - AMI Test PK"
+        }
+    },
+    "e71d30efce55f3cc7184b4d582acd54cef64d231": {
+        "KEKUpdate": "ASRock/KEKUpdate_ASRock_PK1.bin",
+        "Certificate": {
+            "serial_number": "ab1e4330c991e68849ad787b8e49347d",
+            "issued_to": "CN=ASRock Inc.",
+            "issued_by": "CN=Root Agency"
+        }
+    },
+    "bf90b4eb7bba92f95444d7ba960f0a874d2682ab": {
+        "KEKUpdate": "ASRock/KEKUpdate_ASRock_PK2.bin",
+        "Certificate": {
+            "serial_number": "89b49b649638a59e46b5463528aa06ff",
+            "issued_to": "CN=ASOCK - PK",
+            "issued_by": "CN=Root Agency"
+        }
+    },
+    "be7a5fc4b20bd4266d36097d98fd0b47d4b617ed": {
+        "KEKUpdate": "ASRock/KEKUpdate_ASRock_PK3.bin",
+        "Certificate": {
+            "serial_number": "98e2f7fbe4d5c4a84c2416f3c79a172e",
+            "issued_to": "CN=ASRock Rack Inc.",
+            "issued_by": "CN=ASRock Rack Inc."
+        }
+    },
+    "b0f4706c049a7143c6de32f3ec71891b0a597cb0": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK9.bin",
+        "Certificate": {
+            "serial_number": "a4e34e3689fe2e9e465bc8836bb71d5d",
+            "issued_to": "CN=ASUS PK Certificate",
+            "issued_by": "CN=ASUS PK Certificate"
+        }
+    },
+    "440ede47b78d3bab3a9c8fac51a586bcff3df686": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK11.bin",
+        "Certificate": {
+            "serial_number": "980ab35fc290aa904406656b4260833c",
+            "issued_to": "CN=SIMATIC IPC",
+            "issued_by": "CN=SIMATIC IPC"
+        }
+    },
+    "131a78741e5d4152489b838ed8f717fb167d6888": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK131A7874.bin",
+        "Certificate": {
+            "serial_number": "e354f2a30935d3954b734b7641c91fe1",
+            "issued_to": "CN=ASUSTeK Notebook PK Certificate",
+            "issued_by": "CN=ASUSTeK Notebook PK Certificate"
+        }
+    },
+    "e13627fbf64300cc535e7d38a7ef4e8fea11908b": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK2.bin",
+        "Certificate": {
+            "serial_number": "a6c4f142c359bea54a164bb8e29a0475",
+            "issued_to": "CN=Quanta Notebook PK Certificate 2022",
+            "issued_by": "CN=Quanta Notebook PK Certificate 2022"
+        }
+    },
+    "21303e44ff724e7ba4a998a8bb87fc7bbca62dd0": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK21303E44.bin",
+        "Certificate": {
+            "serial_number": "d7d37421fbfbfbb7472c7c57005b1882",
+            "issued_to": "CN=ASUS Secure Boot PK",
+            "issued_by": "CN=ASUS Secure Boot Root CA"
+        }
+    },
+    "b174673b11abb5d048ca1a6c1fb7768767ace48b": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK3.bin",
+        "Certificate": {
+            "serial_number": "e85c673307b5688c4c5fdd08adfe008a",
+            "issued_to": "CN=PEGASW2_PK",
+            "issued_by": "CN=PEGASW2_PK"
+        }
+    },
+    "d91870d4ab35916ea281fc62769b22747d0ae30b": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK4.bin",
+        "Certificate": {
+            "serial_number": "4238256238813fab4f31de855fe58652",
+            "issued_to": "CN=db_Manufacture20150617",
+            "issued_by": "CN=db_Manufacture20150617"
+        }
+    },
+    "6aec08d989c03d1ca0d4adc7af7dafa6da6fc8e4": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK5.bin",
+        "Certificate": {
+            "serial_number": "1a3a8ca42fa07fa3400d843215e80b40",
+            "issued_to": "CN=Huaqin NBD2 PlatformKey Certificate",
+            "issued_by": "CN=Huaqin NBD2 PlatformKey Certificate"
+        }
+    },
+    "04c223b184ea600a0a6fadb1c172fecc4f8c706d": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK6.bin",
+        "Certificate": {
+            "serial_number": "cacbdc6cd453c2a24947464d40dc6adb",
+            "issued_to": "CN=ASUSTeK Notebook PK Certificate",
+            "issued_by": "CN=ASUSTeK Notebook PK Certificate"
+        }
+    },
+    "d3295ee0bed3aa7ecea6cff7e2a741729dafc3de": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK7.bin",
+        "Certificate": {
+            "serial_number": "bea69406680d00ac4bca54960198e94d",
+            "issued_to": "CN=HQ Platform Key Certificate",
+            "issued_by": "CN=HQ Platform Key Certificate"
+        }
+    },
+    "ecd988462ebc25e7eea79172089ef3fdd1b02497": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PK8.bin",
+        "Certificate": {
+            "serial_number": "5341e015c43af8a84836b9a5ff691488",
+            "issued_to": "CN=ASUSTeK MotherBoard PK Certificate",
+            "issued_by": "CN=ASUSTeK MotherBoard PK Certificate"
+        }
+    },
+    "b3840dfcf8ab23704e6c5e51ce6f3e38459ef9ac": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PKB3840DFC.bin",
+        "Certificate": {
+            "serial_number": "6c679148f8ae798342fc15ac4ed3bef1",
+            "issued_to": "CN=DO NOT TRUST - OEM PK",
+            "issued_by": "CN=DO NOT TRUST - OEM PK"
+        }
+    },
+    "eabcb3d43c0f3353f6396e297a8cbc4ef5f2ad39": {
+        "KEKUpdate": "ASUS/KEKUpdate_ASUS_PKEABCB3D4.bin",
+        "Certificate": {
+            "serial_number": "c3c0a8e726f29aa2476e76e6a263e81e",
+            "issued_to": "CN=HQ NBD1 PlatformKey Certificate",
+            "issued_by": "CN=HQ NBD1 PlatformKey Certificate"
+        }
+    },
+    "be4a1ac7ff36c0faf0c643274a80a5e78d0b2551": {
+        "KEKUpdate": "Aava Mobile Oy/KEKUpdate_Aava_Mobile_Oy_PK1.bin",
+        "Certificate": {
+            "serial_number": "82186208b7486373",
+            "issued_to": "CN=UEFI PK Aava test",
+            "issued_by": "CN=UEFI PK Aava test"
+        }
+    },
+    "f2b275e88a170fea01364af397baf44b7f6af804": {
+        "KEKUpdate": "Aava Mobile Oy/KEKUpdate_Aava_Mobile_Oy_PK3.bin",
+        "Certificate": {
+            "serial_number": "dd68b91d4b23f3c1",
+            "issued_to": "CN=uefi_pk",
+            "issued_by": "CN=uefi_pk"
+        }
+    },
+    "97b12a139d3858e70de4dc785d4c24767914af04": {
+        "KEKUpdate": "Acer/KEKUpdate_Acer_PK1.bin",
+        "Certificate": {
+            "serial_number": "5c43f0519fbeb3ae47d3d46e347411d4",
+            "issued_to": "CN=Acer Platform Key,O=Acer,L=Taipei,ST=TW,C=Taiwan",
+            "issued_by": "CN=Acer Root CA,O=Acer,L=Taipei,ST=TW,C=Taiwan"
+        }
+    },
+    "6cd7005bdf38b270649ae6ad19ee46c7b040f8c2": {
+        "KEKUpdate": "Acer/KEKUpdate_Acer_PK6CD7005B.bin",
+        "Certificate": {
+            "serial_number": "fad95b59cd8a3bd5",
+            "issued_to": "CN=Acer India,OU=HEAD OFFICE,O=Acer India Private Limited,L=BANGALORE,ST=KARNATAKA,C=IN",
+            "issued_by": "CN=Acer India,OU=HEAD OFFICE,O=Acer India Private Limited,L=BANGALORE,ST=KARNATAKA,C=IN"
+        }
+    },
+    "9dbdabc291fb598cb61ac0826b3273b37648b9f4": {
+        "KEKUpdate": "Acer/KEKUpdate_Acer_PK9DBDABC2.bin",
+        "Certificate": {
+            "serial_number": "b023c7b2fa4763cb",
+            "issued_to": "OU=RD,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW",
+            "issued_by": "OU=RD,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW"
+        }
+    },
+    "2f005cebcf48ecc720406c24350113298328f044": {
+        "KEKUpdate": "Adlink/KEKUpdate_Adlink_PK1.bin",
+        "Certificate": {
+            "serial_number": "8fb14a09c371be7a",
+            "issued_to": "CN=Dell secure boot platform key 2022,O=Dell Technologies Inc.,L=Portland,ST=California,C=US",
+            "issued_by": "CN=Dell secure boot platform key 2022,O=Dell Technologies Inc.,L=Portland,ST=California,C=US"
+        }
+    },
+    "5221a9531628347c8ab59a4724b0990874ced8ff": {
+        "KEKUpdate": "Adlink/KEKUpdate_Adlink_PK5221A953.bin",
+        "Certificate": {
+            "serial_number": "574d860c1d33e9f474aeef6e3cfc557",
+            "issued_to": "CN=ADLINK PK Certificate",
+            "issued_by": "CN=ADLINK PK Certificate"
+        }
+    },
+    "5ecf2d6a6727b27ab195498d9c10d8ae88d3d606": {
+        "KEKUpdate": "Adlink/KEKUpdate_Adlink_PK5ECF2D6A.bin",
+        "Certificate": {
+            "serial_number": "86a97d2c010f0059",
+            "issued_to": "CN=Adlink Platform Key,O=Adlink Technology Inc.,L=Taipei,ST=Taiwan,C=TW",
+            "issued_by": "CN=Adlink Platform Key,O=Adlink Technology Inc.,L=Taipei,ST=Taiwan,C=TW"
+        }
+    },
+    "f77be268ff7cd9691721db46df7405b93fc4ee89": {
+        "KEKUpdate": "Attis/KEKUpdate_Attis_PK1.bin",
+        "Certificate": {
+            "serial_number": "6c2d3d56189f89e4f809035cc5a3d7c",
+            "issued_to": "CN=QCI_2017",
+            "issued_by": "CN=Root Agency"
+        }
+    },
+    "4ee9678b0484faad48be51753f07b6ae8a41909c": {
+        "KEKUpdate": "BIOSTAR/KEKUpdate_BIOSTAR_PK4EE9678B.bin",
+        "Certificate": {
+            "serial_number": "897e9e44e98c5075",
+            "issued_to": "CN=www.biostar.com.tw,OU=BIOS,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW",
+            "issued_by": "CN=www.biostar.com.tw,OU=BIOS,O=BIOSTAR Microtech International Corp,L=TAIPEI,ST=TAIWAN,C=TW"
+        }
+    },
+    "06abf5601931233f0b12425e95d466917bf745f2": {
+        "KEKUpdate": "CVTE/KEKUpdate_CVTE_PK06abf5.bin",
+        "Certificate": {
+            "serial_number": "59fa608e8671801578420362977aa310012b7c01",
+            "issued_to": "CN=CVTE_PK,OU=SW,O=YK,ST=JS,C=CN",
+            "issued_by": "CN=CVTE_PK,OU=SW,O=YK,ST=JS,C=CN"
+        }
+    },
+    "1ce8e5e9f0674a7e2b6967bcf9dc84116b5b7a69": {
+        "KEKUpdate": "Casper Bilgisayar Sistemleri/KEKUpdate_Casper_Bilgisayar_Sistemleri_PK1.bin",
+        "Certificate": {
+            "serial_number": "5f49cbc985aa89944347e876f12a59a2",
+            "issued_to": "CN=CASPER",
+            "issued_by": "CN=CASPER"
+        }
+    },
+    "6a936cdbaf119b4b8ecc3f39fe34c2c19a0cc46a": {
+        "KEKUpdate": "Epson/KEKUpdate_Epson_PK2.bin",
+        "Certificate": {
+            "serial_number": "1fa72092aa9f37964da2326250b354cd",
+            "issued_to": "CN=Notebook Certificate",
+            "issued_by": "CN=Notebook Certificate"
+        }
+    },
+    "5e5a676bcf908192f18d6d8ad363d34a4a95e6d5": {
+        "KEKUpdate": "Epson/KEKUpdate_Epson_PK4.bin",
+        "Certificate": {
+            "serial_number": "f4146bf4351734b94f6f89fc6b63f85a",
+            "issued_to": "CN=Test Certificate",
+            "issued_by": "CN=Test Certificate"
+        }
+    },
+    "4a84ba89ab91c3c3168ffb5756add18bc0d78b6e": {
+        "KEKUpdate": "Clevo/KEKUpdate_Clevo_PK7.bin",
+        "Certificate": {
+            "serial_number": "80dc244b305eb289452cedf78f329ec8",
+            "issued_to": "CN=Test Certificate",
+            "issued_by": "CN=Test Certificate"
+        }
+    },
+    "fcd223f7d6e25423ded421473b5a6a5a6fed6f5c": {
+        "KEKUpdate": "Clevo/KEKUpdate_Clevo_PK6.bin",
+        "Certificate": {
+            "serial_number": "96a0d386c6a96db449cbc0fa7f3ff0a2",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK CO",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK CO"
+        }
+    },
+    "1b5a9604d8dc7e9df58672e45f7fa8ba03d981e6": {
+        "KEKUpdate": "Clevo/KEKUpdate_Clevo_PK8.bin",
+        "Certificate": {
+            "serial_number": "d434cfa85c260fa54217a7ee9e892844",
+            "issued_to": "CN=Test Certificate",
+            "issued_by": "CN=Test Certificate"
+        }
+    },
+    "1dc0d641169a82c6de4bed4849be14b0611ea212": {
+        "KEKUpdate": "Colorful/KEKUpdate_Colorful_PK1.bin",
+        "Certificate": {
+            "serial_number": "8ff5af92a3e81cbf4c9238e5c946b8ef",
+            "issued_to": "CN=BYD Certificate PK",
+            "issued_by": "CN=BYD Certificate PK"
+        }
+    },
+    "38a346b84c0e230ca4f235e7355b872460770264": {
+        "KEKUpdate": "Dell/KEKUpdate_Dell_PK1.bin",
+        "Certificate": {
+            "serial_number": "1be73a41f9b608894dd8487996936fd0",
+            "issued_to": "CN=Dell Technologies Inc. Platform Key,OU=Dell PowerEdge BIOS,O=Dell Technologies Inc.,L=Round Rock,ST=Texas,C=US",
+            "issued_by": "CN=Dell Technologies Inc. Platform Key,OU=Dell PowerEdge BIOS,O=Dell Technologies Inc.,L=Round Rock,ST=Texas,C=US"
+        }
+    },
+    "ff7116ca01ea3196718a9e785179a0e553ace1ee": {
+        "KEKUpdate": "Dell/KEKUpdate_Dell_PK2.bin",
+        "Certificate": {
+            "serial_number": "31771969e09798ad4888b6416c50f2e0",
+            "issued_to": "CN=Dell Technologies Inc. Platform Key Gen16 3K,OU=Dell Infrastructure Solutions Group,O=Dell Technologies Inc.,L=Round Rock,ST=Texas,C=US",
+            "issued_by": "CN=Dell Technologies Inc. Platform Key Gen16 3K,OU=Dell Infrastructure Solutions Group,O=Dell Technologies Inc.,L=Round Rock,ST=Texas,C=US"
+        }
+    },
+    "44d641caca0809002398b4877b8e982ed26f7b76": {
+        "KEKUpdate": "Dell/KEKUpdate_Dell_PK4.bin",
+        "Certificate": {
+            "serial_number": "50a1bd858ae7b6bc402dca78cdd268a1",
+            "issued_to": "CN=Dell Inc. Platform Key,O=Dell Inc.,L=Round Rock,ST=Texas,C=US",
+            "issued_by": "CN=Dell Inc. Platform Key,O=Dell Inc.,L=Round Rock,ST=Texas,C=US"
+        }
+    },
+    "77817b50c187d6453c41add4a45a8ac94e1910d6": {
+        "KEKUpdate": "Diebold Nixdorf/KEKUpdate_Diebold_Nixdorf_PK1.bin",
+        "Certificate": {
+            "serial_number": "1",
+            "issued_to": "C=DE,O=Diebold Nixdorf,OU=DN Systems,CN=DN Platform Key",
+            "issued_by": "C=DE,O=Diebold Nixdorf,OU=DN Systems,CN=DN Platform Key"
+        }
+    },
+    "98a3fc94369c61d2544e7a8c327576ac21a4c5c6": {
+        "KEKUpdate": "Diebold Nixdorf/KEKUpdate_Diebold_Nixdorf_PK2.bin",
+        "Certificate": {
+            "serial_number": "3bf1af6b6d85068c49dbb8913498192e",
+            "issued_to": "CN=DN Retail ADL Platform Key,O=Diebold Nixdorf,OU=DN Systems,C=DE",
+            "issued_by": "CN=DN Retail ADL Platform Key,O=Diebold Nixdorf,OU=DN Systems,C=DE"
+        }
+    },
+    "d48cb7ba757f8c27c3e30287f51f9e9b24be714f": {
+        "KEKUpdate": "Dynabook/KEKUpdate_Dynabook_PK1.bin",
+        "Certificate": {
+            "serial_number": "98da32e84f4648a8430f464e6db1bdaa",
+            "issued_to": "CN=Toshiba Client Solutions Co.\\, Ltd. Platform Root 2016,O=Toshiba Client Solutions Co.\\, Ltd.,L=Ome,ST=Tokyo,C=JP",
+            "issued_by": "CN=Toshiba Client Solutions Co.\\, Ltd. Platform Root 2016,O=Toshiba Client Solutions Co.\\, Ltd.,L=Ome,ST=Tokyo,C=JP"
+        }
+    },
+    "ac0f667f8600551f432e9a1b97f26997b5aea656": {
+        "KEKUpdate": "Dynabook/KEKUpdate_Dynabook_PK2.bin",
+        "Certificate": {
+            "serial_number": "d2db6e686bca859f42e85a64a43701d8",
+            "issued_to": "CN=Dynabook Inc. Platform Root 2019,O=Dynabook Inc.,L=Tachikawa,ST=Tokyo,C=JP",
+            "issued_by": "CN=Dynabook Inc. Platform Root 2019,O=Dynabook Inc.,L=Tachikawa,ST=Tokyo,C=JP"
+        }
+    },
+    "f4fd6b9b66cd63173ca512e97ec0a97224163eae": {
+        "KEKUpdate": "Dynabook/KEKUpdate_Dynabook_PK3.bin",
+        "Certificate": {
+            "serial_number": "ebe518542d17239148e9fb27608992f6",
+            "issued_to": "CN=Toshiba Corporation Platform Root 2012,O=Toshiba Corporation,L=Ome,ST=Tokyo,C=JP",
+            "issued_by": "CN=Toshiba Corporation Platform Root 2012,O=Toshiba Corporation,L=Ome,ST=Tokyo,C=JP"
+        }
+    },
+    "66489621a433e8f8758a90639f709ffa633b16e8": {
+        "KEKUpdate": "ECS/KEKUpdate_ECS_PK1.bin",
+        "Certificate": {
+            "serial_number": "a1e1d1aae7c68c8f4853a938972cf6d2",
+            "issued_to": "CN=ECS",
+            "issued_by": "CN=ECS"
+        }
+    },
+    "9e53d6f005e08e53ca8ae14f148ed0addc5fa36a": {
+        "KEKUpdate": "ECS/KEKUpdate_ECS_PK2.bin",
+        "Certificate": {
+            "serial_number": "37f771d7d914d3a24872c2f68913bbe9",
+            "issued_to": "CN=Channel Secure Boot - PK",
+            "issued_by": "CN=Root Agency"
+        }
+    },
+    "f7cae751ea80c34a89a79b04d6e4f04cb19baf38": {
+        "KEKUpdate": "Emdoor/KEKUpdate_Emdoor_PK1.bin",
+        "Certificate": {
+            "serial_number": "356c83e2fc36f7b74ff8e378d377f842",
+            "issued_to": "CN=Emdoor",
+            "issued_by": "CN=Emdoor"
+        }
+    },
+    "38d2d05c4e4c51edd37050bed7389819772fd8f2": {
+        "KEKUpdate": "Epson/KEKUpdate_Epson_PK1.bin",
+        "Certificate": {
+            "serial_number": "c9c7224cf2c1a84b1ef0a809c4f43d",
+            "issued_to": "CN=Pegatron Eagle PK",
+            "issued_by": "CN=Pegatron Eagle PK"
+        }
+    },
+    "9cdeec73fca82fcfdca097d3b764c86455d4f3ab": {
+        "KEKUpdate": "Epson/KEKUpdate_Epson_PK3.bin",
+        "Certificate": {
+            "serial_number": "694015f2ad6362a84720fa3c3c453a19",
+            "issued_to": "CN=PEGA_PK",
+            "issued_by": "CN=PEGA_PK"
+        }
+    },
+    "2170250deb716684d57086da4e1edaabfe7bfce3": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK1.bin",
+        "Certificate": {
+            "serial_number": "9d6560c54b2a0f61",
+            "issued_to": "CN=Fujitsu BIOS PK 2022 Certificate,OU=FWPJ.Core Tech.,O=FUJITSU CLIENT COMPUTING LIMITED,C=JP",
+            "issued_by": "CN=Fujitsu BIOS PK 2022 Certificate,OU=FWPJ.Core Tech.,O=FUJITSU CLIENT COMPUTING LIMITED,C=JP"
+        }
+    },
+    "95f0221938052be21b7e3c4d9af7bf4b567d7f72": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK10.bin",
+        "Certificate": {
+            "serial_number": "6df729cbb34f5f964295cdcc1a4cc29b",
+            "issued_to": "CN=PK,OU=Fujitsu Limited Platform Key CA 4K2023,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP",
+            "issued_by": "CN=PK,OU=Fujitsu Limited Platform Key CA 4K2023,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP"
+        }
+    },
+    "b2b363ccff40abc50f6818e70a3471e6399bc425": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK11.bin",
+        "Certificate": {
+            "serial_number": "6529fad8918de3bfdbd23a3e54d3744f57c44826",
+            "issued_to": "CN=PQ2000T2,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP",
+            "issued_by": "CN=Fujitsu Firmware Private Intermediate CA 2023,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP"
+        }
+    },
+    "77cb9ac3a6f547839110100140ba76ca5526185a": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK12.bin",
+        "Certificate": {
+            "serial_number": "54f516e239b80242550b3cfa19a9af5431c222bd",
+            "issued_to": "CN=PQ2000T3,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP",
+            "issued_by": "CN=Fujitsu Firmware Private Intermediate CA 2023,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP"
+        }
+    },
+    "b6a11efda298b858c20272b1144e695c07a4dcf1": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK13.bin",
+        "Certificate": {
+            "serial_number": "59a4562ca98fd5e956841f777da8bebb9e64050a",
+            "issued_to": "CN=PQ/PY M4,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP",
+            "issued_by": "CN=Fujitsu Firmware Private Intermediate CA 2023,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP"
+        }
+    },
+    "62d8b9c65a0dae7997d66cd16c2692836f4e7ced": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK14.bin",
+        "Certificate": {
+            "serial_number": "73d6441dea181cf01f60c018cbf41bfc39fa519d",
+            "issued_to": "CN=PQ/PY M5,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP",
+            "issued_by": "CN=Fujitsu Firmware Private Intermediate CA 2023,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP"
+        }
+    },
+    "3213dda6daae6898ee87ba4a16ea56ccb2b9217c": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK15.bin",
+        "Certificate": {
+            "serial_number": "2f3274147d728d5ebfd12269b66e395229b5e260",
+            "issued_to": "CN=PQ/PY M7,OU=bios/bmc firmware,O=fujitsu,L=kawasaki,ST=kanagawa,C=JP",
+            "issued_by": "CN=PQ/PY M7,OU=bios/bmc firmware,O=fujitsu,L=kawasaki,ST=kanagawa,C=JP"
+        }
+    },
+    "c14aa7b059eb384db56a70c11542581e595aff3b": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK16.bin",
+        "Certificate": {
+            "serial_number": "1010e50644a6e95a84be27bf985222cd755044fb",
+            "issued_to": "CN=PY M6,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP",
+            "issued_by": "CN=Fujitsu Firmware Private Intermediate CA 2023,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP"
+        }
+    },
+    "f5d4bf68688fc71474e97c79c183a4ed877bff89": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK17.bin",
+        "Certificate": {
+            "serial_number": "31c8581b96956fa24b32bd62b4cd5a49",
+            "issued_to": "CN=Fujitsu ODM Gigabyte BIOS PK Certificate",
+            "issued_by": "CN=Fujitsu ODM Gigabyte BIOS PK Certificate"
+        }
+    },
+    "4bd956b3b6f124d67154b421485f0057ede51ccb": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK18.bin",
+        "Certificate": {
+            "serial_number": "83189d294f8920a846a643390a1741da",
+            "issued_to": "CN=Fujitsu ODM Pegatron BIOS PK Certificate",
+            "issued_by": "CN=Fujitsu ODM Pegatron BIOS PK Certificate"
+        }
+    },
+    "220c3c5cdde89ff48b32bedc740c23360651fa63": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK2.bin",
+        "Certificate": {
+            "serial_number": "4733e00078d8fda344f0249e0fb35e89",
+            "issued_to": "CN=Fujitsu BIOS PK Certificate",
+            "issued_by": "CN=Fujitsu BIOS PK Certificate"
+        }
+    },
+    "2f11679789edfdbc29808b94b599b47913ffebad": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK3.bin",
+        "Certificate": {
+            "serial_number": "2d686658684ac1ab4743d8cc88c5e051",
+            "issued_to": "CN=Fujitsu ODM Inventec BIOS PK Certificate",
+            "issued_by": "CN=Fujitsu ODM Inventec BIOS PK Certificate"
+        }
+    },
+    "ce3c4e83820649407ca6ea929b0a2b3b2ac9d2b4": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK4.bin",
+        "Certificate": {
+            "serial_number": "4df758cff9c2b19f4a29c595deb47e90",
+            "issued_to": "CN=Fujitsu ODM LCFC BIOS PK Certificate",
+            "issued_by": "CN=Fujitsu ODM LCFC BIOS PK Certificate"
+        }
+    },
+    "4cd2bdb798b83352ecc9cc898b3a562b0761e7c2": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK5.bin",
+        "Certificate": {
+            "serial_number": "eb76e1162d5ffe2d",
+            "issued_to": "CN=Fujitsu ODM Quanta BIOS PK 2022 Certificate,OU=FWPJ.Core Tech.,O=FUJITSU CLIENT COMPUTING LIMITED,C=JP",
+            "issued_by": "CN=Fujitsu ODM Quanta BIOS PK 2022 Certificate,OU=FWPJ.Core Tech.,O=FUJITSU CLIENT COMPUTING LIMITED,C=JP"
+        }
+    },
+    "355ff702a19b03bef9e8ed1c50d7069c58b39262": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK6.bin",
+        "Certificate": {
+            "serial_number": "8b69e3da06aee3a14a3681198ea0a35e",
+            "issued_to": "CN=Fujitsu ODM Quanta BIOS PK Certificate",
+            "issued_by": "CN=Fujitsu ODM Quanta BIOS PK Certificate"
+        }
+    },
+    "6f02e62d09c2b529c3d41f3a525ed8e212e499be": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK7.bin",
+        "Certificate": {
+            "serial_number": "97028b7b55301990",
+            "issued_to": "CN=Fujitsu ODM Wistron BIOS PK 2022 Certificate,OU=FWPJ.Core Tech.,O=FUJITSU CLIENT COMPUTING LIMITED,C=JP",
+            "issued_by": "CN=Fujitsu ODM Wistron BIOS PK 2022 Certificate,OU=FWPJ.Core Tech.,O=FUJITSU CLIENT COMPUTING LIMITED,C=JP"
+        }
+    },
+    "23418edf30a986c275808aae30ac56d8774634c4": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK8.bin",
+        "Certificate": {
+            "serial_number": "619f57e2d14ef895473549458c707aad",
+            "issued_to": "CN=Fujitsu ODM Wistron BIOS PK Certificate",
+            "issued_by": "CN=Fujitsu ODM Wistron BIOS PK Certificate"
+        }
+    },
+    "4187b547978301d80fb338b9d30b30eb7b179824": {
+        "KEKUpdate": "Fujitsu (& FCCL)/KEKUpdate_Fujitsu_(&_FCCL)_PK9.bin",
+        "Certificate": {
+            "serial_number": "65b43cefd40ef8af4b67c969473b1ca7",
+            "issued_to": "CN=PK,OU=Fujitsu Limited Platform Key CA 2022,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP",
+            "issued_by": "CN=PK,OU=Fujitsu Limited Platform Key CA 2022,O=Fujitsu Limited,L=Kawasaki,ST=Kanagawa,C=JP"
+        }
+    },
+    "882f696954b86cf29108ccd5248eda936406ea2c": {
+        "KEKUpdate": "Getac/KEKUpdate_Getac_PK1.bin",
+        "Certificate": {
+            "serial_number": "9f189a92acf3ad3a",
+            "issued_to": "CN=Getac Platform CA 2012,OU=IBU\\, Software,O=Getac Technology Corporation,L=Taipei,ST=Taipei,C=TW",
+            "issued_by": "CN=Getac Software Certificate Authority,OU=IBU\\, Software,O=Getac Technology Corporation,L=Taipei,ST=Taipei,C=TW"
+        }
+    },
+    "6200912afa8eb958ba68ed841fb3d710e21d5599": {
+        "KEKUpdate": "Gigabyte/KEKUpdate_Gigabyte_PK1.bin",
+        "Certificate": {
+            "serial_number": "2decafd84908d7bf48ae6d65352ef9e6",
+            "issued_to": "CN=GIGABYTE",
+            "issued_by": "CN=GIGABYTE"
+        }
+    },
+    "fcfc537049ff5260ef60b640c18d994236d60280": {
+        "KEKUpdate": "Gigabyte/KEKUpdate_Gigabyte_PK2.bin",
+        "Certificate": {
+            "serial_number": "bdc67056de877e8247ac699c054fee44",
+            "issued_to": "CN=GIGABYTE",
+            "issued_by": "CN=GIGABYTE"
+        }
+    },
+    "d52ac7db954c167a386e1aa955249a4d9bdadedd": {
+        "KEKUpdate": "HP/KEKUpdate_HP_PK1.bin",
+        "Certificate": {
+            "serial_number": "5fb660d4c2fb166b6576b7257a4c37ab",
+            "issued_to": "O=HP Inc.,C=US,OU=CODE-SIGN,CN=HP UEFI Secure Boot PK 2017",
+            "issued_by": "CN=HP Inc. PK 2016 CA,O=HP Inc.,C=US"
+        }
+    },
+    "ef40e88b7f2cc718a087051db5d5d4c26043c5aa": {
+        "KEKUpdate": "HP/KEKUpdate_HP_PK5.bin",
+        "Certificate": {
+            "serial_number": "7758a5f8cb1dcfd32c6a7f8f03816b04",
+            "issued_to": "CN=HP UEFI Secure Boot 2013 PK Key,OU=Long Lived CodeSigning Certificate,O=Hewlett-Packard Company",
+            "issued_by": "CN=Hewlett-Packard Printing Device Infrastructure CA,O=Hewlett-Packard Company,C=US"
+        }
+    },
+    "bba4b07810638f77e1a86200e36ec1619df14e81": {
+        "KEKUpdate": "HP/KEKUpdate_HP_PK3.bin",
+        "Certificate": {
+            "serial_number": "1b6aef498cfb7f90b681321ae89ec2ef",
+            "issued_to": "CN=Hewlett-Packard UEFI Secure Boot Platform Key,OU=Long Lived CodeSigning Certificate,O=Hewlett-Packard Company",
+            "issued_by": "CN=Hewlett-Packard Printing Device Infrastructure CA,O=Hewlett-Packard Company,C=US"
+        }
+    },
+    "30c1554337e11377a52bf3b111bfd42ca1a5c4cd": {
+        "KEKUpdate": "HP/KEKUpdate_HP_PK4.bin",
+        "Certificate": {
+            "serial_number": "77378497e4baff8b4aabb90ca4003af8",
+            "issued_to": "O=Hewlett Packard Enterprise Company,C=US,OU=CODE-SIGN,CN=HPE UEFI Secure Boot 2016 PK Key",
+            "issued_by": "CN=Hewlett Packard Enterprise Private Code Signing Intermediate CA,O=Hewlett Packard Enterprise Company,C=US"
+        }
+    },
+    "fbf45fd17e6fa21ab21ac1fd7b760fee70f78002": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK1.bin",
+        "Certificate": {
+            "serial_number": "f1dd91d3a6d22bb341dc9d7a4e3d94d3",
+            "issued_to": "CN=Fermi_Born_G_PK",
+            "issued_by": "CN=Fermi_Born_G_PK"
+        }
+    },
+    "cbfaa626bdd65fe5fd245176513951fcfc5cf3bd": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK10.bin",
+        "Certificate": {
+            "serial_number": "d2ca45452d47fc9d4019b77b7762b26a",
+            "issued_to": "CN=GalileoN2021_PK",
+            "issued_by": "CN=GalileoN2021_PK"
+        }
+    },
+    "dd250ac204f708aeaf31bf68e68a9402a2442fb3": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK11.bin",
+        "Certificate": {
+            "serial_number": "703920eb3e4364b84f55aca052728daf",
+            "issued_to": "CN=BornF_SE_PK",
+            "issued_by": "CN=BornF_SE_PK"
+        }
+    },
+    "de9048643c6f2962bba901aaabb131fd2b54b47f": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK2.bin",
+        "Certificate": {
+            "serial_number": "c716b1bba577618f47fbe67de9b20873",
+            "issued_to": "CN=FB_H_PK",
+            "issued_by": "CN=FB_H_PK"
+        }
+    },
+    "9385a73282f37f295e1e49387907e19765c3083c": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK3.bin",
+        "Certificate": {
+            "serial_number": "41e84cd7f2e426b14b129020f92c657a",
+            "issued_to": "CN=Fermi_Born_Platform_Key",
+            "issued_by": "CN=Fermi_Born_Platform_Key"
+        }
+    },
+    "6dcd9928680c1a993508ae12354a026b660916ab": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK4.bin",
+        "Certificate": {
+            "serial_number": "b449f662af91a84594c67ead5d1df3",
+            "issued_to": "CN=HQRoot",
+            "issued_by": "CN=HQRoot"
+        }
+    },
+    "b1b70dba8d3b82d1df3048012b711067edd23dd5": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK5.bin",
+        "Certificate": {
+            "serial_number": "dd1c0010b7a667ae441bd9af94538b1e",
+            "issued_to": "CN=HQTGLRoot",
+            "issued_by": "CN=HQTGLRoot"
+        }
+    },
+    "29272bd3ab586a09f87b14bc61e6824c89b67169": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK6.bin",
+        "Certificate": {
+            "serial_number": "f27bb4e8a304d3914c1854abb353b66e",
+            "issued_to": "CN=HiggsF_PK",
+            "issued_by": "CN=HiggsF_PK"
+        }
+    },
+    "549ce87cf422dfe62fcd82e33328c333eeb16b59": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK8.bin",
+        "Certificate": {
+            "serial_number": "6cc90862759d6b82407e3a003043e463",
+            "issued_to": "CN=GalileoF2021_PK",
+            "issued_by": "CN=GalileoF2021_PK"
+        }
+    },
+    "3365999d7ce2d0e794dcf9c831dea68b6fcfb089": {
+        "KEKUpdate": "Honor/KEKUpdate_Honor_PK9.bin",
+        "Certificate": {
+            "serial_number": "1c4e21dbbf03c49d4f9c1dd566bc1a2d",
+            "issued_to": "CN=GalileoG platform key：",
+            "issued_by": "CN=GalileoG platform key："
+        }
+    },
+    "04c4adbcde6eebd0e940cf18f5546c9eb403a523": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK1.bin",
+        "Certificate": {
+            "serial_number": "2415e76f75355e9f42d8a559191dfc82",
+            "issued_to": "CN=HWIAlderLake",
+            "issued_by": "CN=HWIAlderLake"
+        }
+    },
+    "d29208632ac2a728c454d7d2a7bb872978496dfc": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK3.bin",
+        "Certificate": {
+            "serial_number": "fb5a13edbcb76d954d40fef5c8007e5e",
+            "issued_to": "CN=hubbleb",
+            "issued_by": "CN=hubbleb"
+        }
+    },
+    "a506a5fb1aa2ce57c2441ce70c4754ccf514327d": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK11.bin",
+        "Certificate": {
+            "serial_number": "68253f2e35ef828e4def06239ed46f6f",
+            "issued_to": "CN=HWARenoir",
+            "issued_by": "CN=HWARenoir"
+        }
+    },
+    "867fe5655a941026e54f3e76c7230f9033d95787": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK2.bin",
+        "Certificate": {
+            "serial_number": "a3b68749ec57a7b04d0128fe28903879",
+            "issued_to": "CN=HWIRaptor",
+            "issued_by": "CN=HWIRaptor"
+        }
+    },
+    "143682d7a4bedc6feb3c2d4b855d8bfdd825abb4": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK4.bin",
+        "Certificate": {
+            "serial_number": "5462fbe50d8b8ab841df3e3bc219630c",
+            "issued_to": "CN=HWITigerLake",
+            "issued_by": "CN=HWITigerLake"
+        }
+    },
+    "74b98a9dae80b60ccc6e2424971cd6844b2eb88b": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK5.bin",
+        "Certificate": {
+            "serial_number": "e0d7eb8b547d9944f47bf63bbdca72d",
+            "issued_to": "CN=HWIRockLake",
+            "issued_by": "CN=HWIRockLake"
+        }
+    },
+    "b8857a79368d3d40d773a1c81654924da21c6fe0": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK6.bin",
+        "Certificate": {
+            "serial_number": "482b435fab823dbb4f189041bb2737f2",
+            "issued_to": "CN=HWARenoir",
+            "issued_by": "CN=HWARenoir"
+        }
+    },
+    "a7b0b2a7e6493d676cd5b68fe6d3a66b8699c2b1": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK7.bin",
+        "Certificate": {
+            "serial_number": "879b00c048dac89e41456d131f0aa6b0",
+            "issued_to": "CN=HWACezanne",
+            "issued_by": "CN=HWACezanne"
+        }
+    },
+    "177d1a65e54d137955630b3a311715bcf047ef68": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK8.bin",
+        "Certificate": {
+            "serial_number": "a5180c29616f309443d788bae02cce06",
+            "issued_to": "CN=HWALucienne",
+            "issued_by": "CN=HWALucienne"
+        }
+    },
+    "3ddfeeea3c3674d4ef7ee770478e9b8e3e76297e": {
+        "KEKUpdate": "Huawei/KEKUpdate_Huawei_PK9.bin",
+        "Certificate": {
+            "serial_number": "fbbc06e7bdc5d19c473164e95d3714c3",
+            "issued_to": "CN=HUAWEI",
+            "issued_by": "CN=HUAWEI"
+        }
+    },
+    "caadec03a7c81fe296ded88c19274d66ccf9e614": {
+        "KEKUpdate": "Infinix/KEKUpdate_Infinix_PK1.bin",
+        "Certificate": {
+            "serial_number": "c9ae200aa04d29bc4b791aa13d90bd5a",
+            "issued_to": "CN=Infinix",
+            "issued_by": "CN=Infinix"
+        }
+    },
+    "ea9f36eed1ce5326e028769d72d0c13de25c57aa": {
+        "KEKUpdate": "Intel/KEKUpdate_Intel_PK1.bin",
+        "Certificate": {
+            "serial_number": "3c5dee3968c53f8c4288d887b3e58625",
+            "issued_to": "CN=Foo",
+            "issued_by": "CN=Foo"
+        }
+    },
+    "62900d9144c32aaaba368b7131bfee7353dc255e": {
+        "KEKUpdate": "Intel/KEKUpdate_Intel_PK4.bin",
+        "Certificate": {
+            "serial_number": "1068",
+            "issued_to": "CN=SBoot1,O=Intel Corporation,L=Santa Clara,ST=CA,C=US",
+            "issued_by": "CN=azsdssprd04.ch.intel.com,OU=EDSS,O=Intel Corporation,L=Chandler,ST=Arizona,C=US"
+        }
+    },
+    "18214beef30b7a8eea945c9068376595ec51d4ed": {
+        "KEKUpdate": "J.P. Sá Couto SA/KEKUpdate_J.P._Sá_Couto_SA_PK1.bin",
+        "Certificate": {
+            "serial_number": "8918145b11e5a69044109544448d02b0",
+            "issued_to": "CN=JPik",
+            "issued_by": "CN=JPik"
+        }
+    },
+    "9f9c14b59d14ba2be810c697402643809e888e28": {
+        "KEKUpdate": "JDL/KEKUpdate_JDL_PK9F9C14B5.bin",
+        "Certificate": {
+            "serial_number": "172347c60d25f7a7414bec46aa3d1db3",
+            "issued_to": "CN=JDL PK 2021,O=Japan Digital Laboratory Co.\\, Ltd.,C=JP",
+            "issued_by": "CN=JDL PK 2021,O=Japan Digital Laboratory Co.\\, Ltd.,C=JP"
+        }
+    },
+    "c1604e286d306f082fc289ac121c480fb85b4bdf": {
+        "KEKUpdate": "Juniper/KEKUpdate_Juniper_PK1.bin",
+        "Certificate": {
+            "serial_number": "58721c6e206b3018e65d062adeae23822a8150db",
+            "issued_to": "CN=Juniper Systems\\, Inc. ST1 PK,O=Juniper Systems\\, Inc.,L=Logan,ST=Utah,C=US",
+            "issued_by": "CN=Juniper Systems\\, Inc. ST1 PK,O=Juniper Systems\\, Inc.,L=Logan,ST=Utah,C=US"
+        }
+    },
+    "497dc889965d8bdd6b66710e3de70857649e7743": {
+        "KEKUpdate": "Kontron/KEKUpdate_Kontron_PK1.bin",
+        "Certificate": {
+            "serial_number": "63809e947df075aa97378c0655c74ceaf982ee24",
+            "issued_to": "CN=Kontron EPC-Boards PK,OU=EPC-Boards,O=Kontron Europe GmbH,C=DE",
+            "issued_by": "CN=Kontron EPC-Boards PK,OU=EPC-Boards,O=Kontron Europe GmbH,C=DE"
+        }
+    },
+    "940708c942905ed073ac47f3bd67397dd6560532": {
+        "KEKUpdate": "LG/KEKUpdate_LG_PK1.bin",
+        "Certificate": {
+            "serial_number": "67eb6476fbb5069b42ca733f9dcd6aae",
+            "issued_to": "CN=LG Electronics inc.",
+            "issued_by": "CN=LG Electronics inc."
+        }
+    },
+    "f44a2967222909b8d97b731c83b762271919eee5": {
+        "KEKUpdate": "LG/KEKUpdate_LG_PK2.bin",
+        "Certificate": {
+            "serial_number": "4bad88265909f29eb7827157954a75a5",
+            "issued_to": "CN=LG Electronics Inc.,O=LG Electronics Inc.,L=경기도 평택시,ST=경기도 평택시,C=KR",
+            "issued_by": "CN=VeriSign Class 3 Code Signing 2010 CA,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\\, Inc.,C=US"
+        }
+    },
+    "bdeab99f8bf89c3d5b4f98433503e29bc7fcb416": {
+        "KEKUpdate": "LG/KEKUpdate_LG_PK3.bin",
+        "Certificate": {
+            "serial_number": "6899b994460771561324368e930e04e99e053be1",
+            "issued_to": "CN=LGE Linux PK Certificate",
+            "issued_by": "CN=LGE Linux PK Certificate"
+        }
+    },
+    "46c73daf3047d1ece967d093edf72ac5ffc86586": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK1.bin",
+        "Certificate": {
+            "serial_number": "d6002fb8e15b2459",
+            "issued_to": "1.2.840.113549.1.9.1=SWQAGENT@LENOVO.COM,CN=PSD_CDC-KEK,OU=PSD_CDC,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN",
+            "issued_by": "1.2.840.113549.1.9.1=SWQAGENT@LENOVO.COM,CN=PSD_CDC-KEK,OU=PSD_CDC,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN"
+        }
+    },
+    "90eb7eae089eb05686f2ae3316f483f87d2585e2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK10.bin",
+        "Certificate": {
+            "serial_number": "ad859bde20593a9744d1c94069c8d8d3",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "c788d999f238ec8a781e8ac579d09ed2c4c2fd3e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK100.bin",
+        "Certificate": {
+            "serial_number": "92942bd14e9781b64261d60e365803cb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5554c1c04fefb3db516de239af72680c3cdfae5a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK101.bin",
+        "Certificate": {
+            "serial_number": "e09f1e8f60df33a84c2e991260d56099",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9e09b375967a8f46f9f9c5720d548c6f28c850d2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK102.bin",
+        "Certificate": {
+            "serial_number": "36f7a72c02c5989146b41b5cdfc617c2",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7e33d68a9141d16f2962fa658a1ce14a90cbe10d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK103.bin",
+        "Certificate": {
+            "serial_number": "2284d37c9b2c27a64ba41854d0e07421",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "2d123ce60cb3c4399f90efac6b8be22fbf1ba91b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK104.bin",
+        "Certificate": {
+            "serial_number": "79ab1cf97af50592481e31471665996f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9fae9ea35241513c75ab3dd0381ba61a3eb27b2b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK105.bin",
+        "Certificate": {
+            "serial_number": "e2f002e2ed39e0aa49c35ce54d653a10",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d8ca73198f051b315f2900be78c02a59836d28c1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK106.bin",
+        "Certificate": {
+            "serial_number": "8b8ee1454702d5bd40fc47961e5efa4d",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "594582e9320a786c3c662ff86a5f3358271e4a4c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK107.bin",
+        "Certificate": {
+            "serial_number": "afcad2ef5222099a429398db4ac71301",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "0f64eea2b32bb65bf82d30fc7e8fdaac2f4163ee": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK108.bin",
+        "Certificate": {
+            "serial_number": "8aaf3948ff18d8874edb10b222d38cb6",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7065b7b50f9d595f433429ae23e73ba6a9ec0c2c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK109.bin",
+        "Certificate": {
+            "serial_number": "5762ed51c61c668f43f9a6c037ca3fee",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "470d90ab03c032c390dc7b62f031d9e5b60fdd28": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK11.bin",
+        "Certificate": {
+            "serial_number": "41085c06d50a11ba4fb19b2b3808fd25",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "d0108569935f061a3079053e5f544bc4259ec6c9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK110.bin",
+        "Certificate": {
+            "serial_number": "24ebcc658b2db1af4c2dcf3d9c9acb6e",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ea98b067f62f5bd0051836d1a6d9f20113a9476b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK111.bin",
+        "Certificate": {
+            "serial_number": "bed354b9d563e19b4852468705ddcd29",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f91552f96cda0bd35d2f2838ba34dd8f18ec52f7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK112.bin",
+        "Certificate": {
+            "serial_number": "8dc6bf36cdaf499d4b217bd08c44605c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "3d07d09a174bc8a484a8db6b57a10da499e5bc2b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK113.bin",
+        "Certificate": {
+            "serial_number": "789496c7c8621e8149aac51052957b42",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5c87c3aba87c157ae05895bb976b49afed228f5f": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK114.bin",
+        "Certificate": {
+            "serial_number": "9f1c1754c3a691ab4b3a6fcf5d0b40ce",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f42b6a34c301e3d7682fd82644a47fee337b012c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK115.bin",
+        "Certificate": {
+            "serial_number": "4361a8ac20fa12b142f33459880d8326",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "bdb32086f3e526c94c5ffbd7fbe56e956d286600": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK116.bin",
+        "Certificate": {
+            "serial_number": "ee1d295fb9e1dcae417a8f494aed3aeb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "4c913ff75e0045d9801b120edba595257da6c57c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK117.bin",
+        "Certificate": {
+            "serial_number": "91e1a7f11b8948964e6f2af5c4fcf14f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f6c5945bb84e1296c6fc147679d5cf70c9bac65e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK118.bin",
+        "Certificate": {
+            "serial_number": "4f3f961b62d2039e4bef1171ec33b017",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8f349b3f9a5d0195080498b7200d92f773687bad": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK119.bin",
+        "Certificate": {
+            "serial_number": "cacc845edb8c278a41b5c60fa80ce287",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f3aa33ee8173f80ce2720ef5870bd7da87323fa6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK12.bin",
+        "Certificate": {
+            "serial_number": "5bf075a69dde6daf468ac5a9574edab0",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "009c2135db2de91dd9f50989dea0dfc0931dd774": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK120.bin",
+        "Certificate": {
+            "serial_number": "f29fa0eeb7b6e58244c3b14d73f7b2ee",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "bc22754a1c71d5c42ab573feb66b55224fb577b7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK121.bin",
+        "Certificate": {
+            "serial_number": "6300d5f130a755bb4b4bac87b8180591",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8964b2a4342bb10d0794e793fd5c341820398ec2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK122.bin",
+        "Certificate": {
+            "serial_number": "4bb000ef9fcbbf984da2f6049e91cf30",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "59192ca2f6a6bf6d62d0b2afd84f95144d4c2a27": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK282.bin",
+        "Certificate": {
+            "serial_number": "89bebcc0745f548747c0b4a11e8cab25",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b26b25a1ac09eb6f4fe1178d1e1f706c6db2f8a6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK124.bin",
+        "Certificate": {
+            "serial_number": "347850ada9d6b98648ab34a0a3a9a151",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5cd3eed294b66a114140cde15193fa559bd2a643": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK125.bin",
+        "Certificate": {
+            "serial_number": "9459c3fa7f8f249b4165577c5b8a9d18",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "fd0c9d1fe0233211d01e9593f6d91faff2102d27": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK286.bin",
+        "Certificate": {
+            "serial_number": "5ad42c3cb458598a43fcee1c977b862c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b6a696cb0a9c7dc4e37980a5db0e35bc07ebee59": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK127.bin",
+        "Certificate": {
+            "serial_number": "eb36aa079778b493489127ff2c432447",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "02f76b7683fb683b90e7cf7d2543d26bf618dc96": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK128.bin",
+        "Certificate": {
+            "serial_number": "be542c25627c96ac4af0ad2f7608703c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1b5649db7b8a5361eeb86aadf334a326f7e63d43": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK129.bin",
+        "Certificate": {
+            "serial_number": "8986f146e93d529d4939cdb04d65b937",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "fbd0f36f7124729e35cdc74632a2ad1eb5963c54": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK13.bin",
+        "Certificate": {
+            "serial_number": "f4b41a0d904eda80440d9527b9ea5214",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "c9f9feacec772cda2d71178751b35d59eeeb5537": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK130.bin",
+        "Certificate": {
+            "serial_number": "4ab59218f4dc72b14f1bf36f127068e8",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "4b46a1e4c889844b281a3ac8d99de6d4933cdebc": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK131.bin",
+        "Certificate": {
+            "serial_number": "af1e4c4ad12c6ca54d2d365ae990b0db",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "6d61659ed0184c5ec678c9c5080f0a9a26901efd": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK132.bin",
+        "Certificate": {
+            "serial_number": "90265254ae3194a04bbae253e28e174a",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "fc6db8147dc4bae78a0b483f7a27deff284afc06": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK133.bin",
+        "Certificate": {
+            "serial_number": "fa838516a13c779440f3522be3a1931b",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "5bdd2a8ea21fd4d3135d84e609f639542375758b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK134.bin",
+        "Certificate": {
+            "serial_number": "ebf879c478f42baa4bbf4a37442f68fb",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "b6f441ffc795086ba78d3ddb05ce825ce73b0134": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK135.bin",
+        "Certificate": {
+            "serial_number": "61bacdb8859591b14f1b67e57efeea2d",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "901bcfc4138ac79b70b7eeec56f739ecc5558404": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK136.bin",
+        "Certificate": {
+            "serial_number": "2a813dd98256bd9d45156ce4c224e108",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "de4f05f4e2bdeddfc5dbd13a43c4856c6f0a42f0": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK137.bin",
+        "Certificate": {
+            "serial_number": "cffe8a56a00bac9d41ac70859aac1407",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "424582bd216feb64d117a3301ba917e6207bc4ad": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK138.bin",
+        "Certificate": {
+            "serial_number": "11c41eacebe1dfab402f2bdb3c418af2",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "73c23893c61a530d1d9837455ea4b4d30b1a0823": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK139.bin",
+        "Certificate": {
+            "serial_number": "9012e9ac76c4aea1451e16eb1a779bc5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "512af0b28cc5fd471a6d691c0063691333891bc7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK14.bin",
+        "Certificate": {
+            "serial_number": "992e32f7aa456c9945a4d6ba484abccf",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f7eb983c91d67f92df0b0703d70883c2f22e6a26": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK140.bin",
+        "Certificate": {
+            "serial_number": "a27f8350447fb89c470b63b2f1395c20",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "cfa8dfc1e188a14ecb3762601486eeecb458184a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK141.bin",
+        "Certificate": {
+            "serial_number": "5e009fd52798da844710d8f6bd9994f0",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "e8c1d02832b39c0a4a5eca27ef5f7b75453a52a5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK142.bin",
+        "Certificate": {
+            "serial_number": "17f7b108f6e2b8804cde66c51e789927",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "737faa675de1b40597b21da3970c58ed90f49146": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK143.bin",
+        "Certificate": {
+            "serial_number": "3590acd67558b8b842c8f10db86ae3e1",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "f73abc0418ae5e897d1e0bd2599b88d41633de10": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK144.bin",
+        "Certificate": {
+            "serial_number": "7c30ec485891cfb949bfcfefb8e29ce4",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "fef8ef45f14464f41ed9d4deeaac58c81275861c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK145.bin",
+        "Certificate": {
+            "serial_number": "4dcea02eb0bfb48c454c16da3738f871",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "811cef4da1280d572016c600c94190562ae234da": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK146.bin",
+        "Certificate": {
+            "serial_number": "ed10cba97c47c5ac4c45bb27c1c260f5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d66120bf251495dd71145f0d30de8f70565a1299": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK147.bin",
+        "Certificate": {
+            "serial_number": "b47bc02ef38f3b8d4a45234bcb822811",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "c538e85a06aeaccf5e7dca18b807b8d0b1cab4d7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK148.bin",
+        "Certificate": {
+            "serial_number": "c78ed4a2fb8f1bb440ebb906741102f5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "db47ad917a5da43146d971a8b7aa3d034e5612f1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK149.bin",
+        "Certificate": {
+            "serial_number": "c929e120b082df8749eb7ab8da3d0072",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9181095f8e26c8d48a8d074efd7c716b1361b439": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK15.bin",
+        "Certificate": {
+            "serial_number": "594857f492c976b54df60976318c9ad0",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "78d7f3dc5e7522158b405df56d347d5d5baf93b8": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK150.bin",
+        "Certificate": {
+            "serial_number": "bdcf530438199a9543e48b6fba5670cf",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5ae68fc8196b8943bb508c09e33e4f0dfc5be8b3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK151.bin",
+        "Certificate": {
+            "serial_number": "6c4134b117bf87a043262961f0d84d68",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a4461dc0076e0d651488cb916c876a3ec194d3b6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK152.bin",
+        "Certificate": {
+            "serial_number": "19379df6e8dc20814218ab7294d919f1",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "fe29adea8f28e087fcef92f4a69da54242de2e10": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK153.bin",
+        "Certificate": {
+            "serial_number": "535f00a5a94053a7443a5fcf25648339",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8b70af33ff1c6c7d4bb8d4fb9319314efc941536": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK154.bin",
+        "Certificate": {
+            "serial_number": "ea471aaacd566a9544d9ceac1ba72397",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f8c737f9c6bd6302eb0afd7a4f63c9a601bea696": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK155.bin",
+        "Certificate": {
+            "serial_number": "4bc4ed49352e05864b3ce5011c8c7ed4",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b2035254a6c39e33e86006e921d445fda66a6373": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK156.bin",
+        "Certificate": {
+            "serial_number": "916d5f1fb1db60ba45c55040a2940d5c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "712fdda33b78e97a3370d5293e27c8e2828d221b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK157.bin",
+        "Certificate": {
+            "serial_number": "f2c3fe4691400aa5442824d909471e94",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "68e43b64cb48e3ec39eee80d37117d96a8afd72a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK158.bin",
+        "Certificate": {
+            "serial_number": "455df6907f7221a34ff8d45e6fd955ab",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "97fef08b2ddcf46d90e4df3a3df1a4ba838f577c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK159.bin",
+        "Certificate": {
+            "serial_number": "a253efd7dbc3a0a64658f216b006c563",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d7ee0ac4aba6c03f1bb5b0866b99433861ba7ca5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK16.bin",
+        "Certificate": {
+            "serial_number": "b7976ee0f20149be4c4e0e504a32119f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "aebfa17f2bdada1fccca0a36ec42cca195ea26f2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK160.bin",
+        "Certificate": {
+            "serial_number": "816dd2143f62359147cd3fe88ba5b48c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "88c688dfd79f474ad89243c80cc95a9ca7bc6383": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK161.bin",
+        "Certificate": {
+            "serial_number": "a47fb692101675bf4e992d5d264c3595",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "e6ba42852054c7e0b85e3bb7e482f646933c4544": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK162.bin",
+        "Certificate": {
+            "serial_number": "677c7bbe40b45f8743f7bb8fe2bba6c6",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "e4a56c654866c20bf16b0b8374ee0ee5dcd4c9bb": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK163.bin",
+        "Certificate": {
+            "serial_number": "ae00e0b7ad5d8e864d6e586d96f13511",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "fdec21a3087cc0a6bacdedb68ea80c5164cbe1a4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK164.bin",
+        "Certificate": {
+            "serial_number": "fd7ca91d0b81f99148987aaa82012b61",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "aa18fc29e271ef31c6f8ef4aecc562c12161e0a7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK165.bin",
+        "Certificate": {
+            "serial_number": "44f2e2e84b6aeaae4ef0f281d1461319",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cc92ffaf33b827941c566e4ee000231afe5a28ce": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK166.bin",
+        "Certificate": {
+            "serial_number": "91d09e51a048d6ab4e90afbb563fbc41",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "09b9824229da65df57601e7387694e63c5a2b297": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK167.bin",
+        "Certificate": {
+            "serial_number": "99df0dffadcd89bc46108cc4e12c20c9",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d7914da3e05b1d4300b6b3e95da0436c8a70064e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK168.bin",
+        "Certificate": {
+            "serial_number": "c24864ef3864f98949a7a8a407325398",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "4378c3565d6b054858e4d011cb51e5e86b1aebfd": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK169.bin",
+        "Certificate": {
+            "serial_number": "9f174846b5da3587478478e52bff7731",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "82245714ce3f426c191438088918695ee3d20c90": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK17.bin",
+        "Certificate": {
+            "serial_number": "663fc06a880812bb4d4de1d45b4345a8",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "6c064a3bb2a6464bc4a10e9c9378c1e6336a12eb": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK170.bin",
+        "Certificate": {
+            "serial_number": "a6d026a4e4400d964bfb9803cd1d78ed",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d4db3f5c4ef6fdcd96562419c023b19972312462": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK171.bin",
+        "Certificate": {
+            "serial_number": "1f2eb95f601368b24dc558df42f510e5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "4859bbe7343b0126f2270e18b6a53aa6983d6410": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK172.bin",
+        "Certificate": {
+            "serial_number": "a0954cd84c232e8644db2112dca9bf9b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "53c7f18e060601a9edfd03a091a49fc0f6972d32": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK173.bin",
+        "Certificate": {
+            "serial_number": "235e7a382bfb468f4259fe0ac3a3a784",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "455b4fde063bfce906d77731e520aa8c51b3257f": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK174.bin",
+        "Certificate": {
+            "serial_number": "348b251601b82e8241377caf2f63e02a",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "6333a5e62f60c78bf2b876468544dc4d35381049": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK175.bin",
+        "Certificate": {
+            "serial_number": "7fbb09d4d95b259c4a0356a05f796893",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "0518317d431b34af9148cbcf81feaaff34000680": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK176.bin",
+        "Certificate": {
+            "serial_number": "888ea30c719740aa403d6e2b70334d8c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a83935792289668e48ff5a38abd2a13b5fed6bf5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK177.bin",
+        "Certificate": {
+            "serial_number": "5b4699a45a72fa9e4a0865b7046ca023",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "3a72e39f0df8d3cb1281aa9c0ef526663470c2fa": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK178.bin",
+        "Certificate": {
+            "serial_number": "2f12fdcfeffbdc83410f215d79405091",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1f2139be9754f96288367f3f8c16fea581395894": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK179.bin",
+        "Certificate": {
+            "serial_number": "e38ad5c2375142a14919c2e6e6aeaa27",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "00aa9031c609b2b196f7d1305bbf8e25d1287512": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK18.bin",
+        "Certificate": {
+            "serial_number": "c5c93e19a1090ca840bb68566634d5a4",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1dd0a4cd107be5257b411b61538edd1c79efff13": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK180.bin",
+        "Certificate": {
+            "serial_number": "27999504aa27529749c84d30abe131a3",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8e1d841f1a05b5722b7f80cab98609c8b9444cf6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK181.bin",
+        "Certificate": {
+            "serial_number": "919531e5dcedf8b94cd36548050bfc12",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "37965449c7b0ad5f6b8cd6b47deb610ed48006e0": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK182.bin",
+        "Certificate": {
+            "serial_number": "e7b764461230459344a47b8e0995d1a4",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "636fc4532cd2d16b0c5036bb14b7e840180c4242": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK183.bin",
+        "Certificate": {
+            "serial_number": "1ba96c3f06710af479efb24db577525",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cc07c17e48bd23c15360598127390bdcc3d22370": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK184.bin",
+        "Certificate": {
+            "serial_number": "2b17a8f594ec16a44897992c66d694f3",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "0994c699ad01947d694018527178e46829c45624": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK185.bin",
+        "Certificate": {
+            "serial_number": "3544433b94f033b6443fe56ab41c956f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f9768f1d83571e087f4868cc7d3b7fe7beb29c85": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK186.bin",
+        "Certificate": {
+            "serial_number": "f38ae6da773d0a8748ecd7032f4dd059",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "2194ee0a0dfd962184a750b2f0b7b420b0b0d9c8": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK187.bin",
+        "Certificate": {
+            "serial_number": "938cb565f547ce974af7af857e3c9735",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "6f8568a59464660eff0faaf3b9f4a10418f91713": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK188.bin",
+        "Certificate": {
+            "serial_number": "5255f170cfd0de9245f42782ca5c6769",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "2c1a260ee50b0577f9988715ffdc1afa0101f873": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK189.bin",
+        "Certificate": {
+            "serial_number": "54047d5fd4836d894cc033dab55f663d",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7273dcfa9c5430b5a468dde1367646504dd0f91f": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK19.bin",
+        "Certificate": {
+            "serial_number": "e4b519a53e2a21bc452cfd823c1de377",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "74a75c323054b2edab07754065a8e1b91e2300d0": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK190.bin",
+        "Certificate": {
+            "serial_number": "381c01ac8133068b4464cee41cce6f80",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "49878da901312281e2064ce6323972461f651531": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK191.bin",
+        "Certificate": {
+            "serial_number": "862a02d8cf94398f48b2fe1b719c68db",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "3ba7162a9b375ab82887cec1562d19e94f2fabe9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK192.bin",
+        "Certificate": {
+            "serial_number": "39f2ffaaf0606804d9dff3ec0cb6d29",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "75dcf400f73789b6184a8cee490827c1039db62e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK193.bin",
+        "Certificate": {
+            "serial_number": "bcaeb2389e03668443da706588db38b6",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "36f0683224e3a8d152306967d2b8a27c19581be0": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK194.bin",
+        "Certificate": {
+            "serial_number": "52eace13da017ebe4876ae9eae52e5eb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b7d4a2d68376a66a9e28a227a3cc016302c15e2e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK195.bin",
+        "Certificate": {
+            "serial_number": "c8f9070658672d8649fc4aa0dced18b5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "4bb11ded84ed3b605414fcea4a16b8c0e1ff49b2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK196.bin",
+        "Certificate": {
+            "serial_number": "c9abead160986791400b10b6f9216274",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "c771d375febed6097f79d34f654a418d9d12cbc8": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK197.bin",
+        "Certificate": {
+            "serial_number": "db9eab4140b193914df65894314cb2f0",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "428590a716733e16670cfd1b34d91cfd698824c3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK198.bin",
+        "Certificate": {
+            "serial_number": "c707e2f4a9b417814a1db235317db4c0",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d8453cad66c8a5616983128563f6b8e52c2149c1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK199.bin",
+        "Certificate": {
+            "serial_number": "588359dec7ccc59240deaf235d87f045",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7b4d9735151cb81afdc09531ebbff2f0e3588775": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK2.bin",
+        "Certificate": {
+            "serial_number": "91dafcdb9605b0d8",
+            "issued_to": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=TPCDL-KEK,OU=TPCDL,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN",
+            "issued_by": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=TPCDL-KEK,OU=TPCDL,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN"
+        }
+    },
+    "aca176b593206a4128a02247935ae88706f4076e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK20.bin",
+        "Certificate": {
+            "serial_number": "cd94ad8a5324f29149d46bea0cc751ab",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f4157a0b604bcb96aea8084deb0aaaa6677efa5d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK200.bin",
+        "Certificate": {
+            "serial_number": "c05c84b62681ab54c8bcbae230bee40",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cfecae4e8f2ebed2e6d54d590201e726f72a5051": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK201.bin",
+        "Certificate": {
+            "serial_number": "a69afdb219ad868b4fafe8bff5d963cb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "37e5574f1992988ac86addc4cbeac7363c68cd37": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK202.bin",
+        "Certificate": {
+            "serial_number": "5a4cbc51412af6a04f4c4c25ef2fc191",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b099c76cb270f9fae504f7004c9c22177af315ff": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK203.bin",
+        "Certificate": {
+            "serial_number": "bcfc8ab5cbef72a046fb547ca07a9edc",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9637fc6a13266b22a6852e114db5f8cc6f2d34e0": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK204.bin",
+        "Certificate": {
+            "serial_number": "99d982955897d48c4dea8761c1ede43c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "59eee5d69e7d3233767aa8487d28808dc3a641af": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK205.bin",
+        "Certificate": {
+            "serial_number": "1199dbd9a6a2ddab44096353a67d7790",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "07382e86314b5437d8554e0dcc853cb6a82d50b7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK206.bin",
+        "Certificate": {
+            "serial_number": "c6f549423fe9e3884c8229cd2ed46793",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "874b13c5f2eb1d3e98a55134a83b6d8cce8e5a80": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK207.bin",
+        "Certificate": {
+            "serial_number": "af98c7bafc2ecda44f5caaf7a0fbf202",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5df078e0f2c7a612ec37704d89ffc38bea469095": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK208.bin",
+        "Certificate": {
+            "serial_number": "9382d1905601874e308edea78ef73a",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f883f7e6271e904854485148410355bae4898392": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK209.bin",
+        "Certificate": {
+            "serial_number": "b3140a3cf7061db743ea3ebc6e0ab31c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a75aaf90e75de4c9a713aca5a282cec049071ff5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK21.bin",
+        "Certificate": {
+            "serial_number": "d333fbfc5668b834ef7d7ed434fdcb6",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f52ce5560743f71489c73126394f306027e1643a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK210.bin",
+        "Certificate": {
+            "serial_number": "a94957f2f5ac9881416e1f4aa83d22f3",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7579a8333a2bc94655b3ad02931dfcacb00f30b4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK211.bin",
+        "Certificate": {
+            "serial_number": "d462c85a26cc96bc493b726985b52615",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "e965825480086fc83a8d149071344b836dfcca46": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK212.bin",
+        "Certificate": {
+            "serial_number": "6ceeea8a4fa1fd8d41cbfa8f1cefc6dc",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "4e4520b84a9df036e03463d4a226ae36437fa2fc": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK213.bin",
+        "Certificate": {
+            "serial_number": "d3a474382cc4719343cc907ff34b950a",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f30fb2eda15f839197bee2fce8723e9fb9f6cea4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK214.bin",
+        "Certificate": {
+            "serial_number": "e3d111c5844ece85471cf37f996ef8fc",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a5b82801222497b6454a15886acafccc022cf0b9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK215.bin",
+        "Certificate": {
+            "serial_number": "2bd4df97d1059f884924bd5ef3e14d44",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a2867ef211dec0fa997e7d7709302308e847d7e3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK216.bin",
+        "Certificate": {
+            "serial_number": "42c1d8eae2c091ae40d188cb298e8dcd",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "e8b15382b70749a9065fae93a95bfb9b6722beb9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK217.bin",
+        "Certificate": {
+            "serial_number": "c9bd7bd4dfd5bfb6494e071f5e9cc44c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "711a8885f6c1245e218111a289eca79e126eee0d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK218.bin",
+        "Certificate": {
+            "serial_number": "5f566427a9714fbb4aea1d0338a7fa7e",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "953c7e2331dcd09df11efebd39aeb1432d4e7f6c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK219.bin",
+        "Certificate": {
+            "serial_number": "2b35d6c519a5339f456c886e0fb35ea5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d3e26c3b79a762285e4a5e431361b0409e978d89": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK22.bin",
+        "Certificate": {
+            "serial_number": "647fa3598a3f539a471e5f372480c0bd",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b1eda3b4a6963079144d99dbc78295125d1587cf": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK220.bin",
+        "Certificate": {
+            "serial_number": "633c4879ca25de8d4ad244fb7a2f3d16",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "2e66bff79d5f14b7d94735eb6d602cb5cf8a54af": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK221.bin",
+        "Certificate": {
+            "serial_number": "b692377e88433a949a2ee5210322fc3",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "c11c89b8f79f1b368c48c2e3e7a3ba461d8bbba5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK222.bin",
+        "Certificate": {
+            "serial_number": "e0e221aa3374ceb14313997ad665c64c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "c15a48303612afb1885f6176cd0dec30357c013d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK223.bin",
+        "Certificate": {
+            "serial_number": "b28a9846d79b10bf406b9da4d49aff33",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cffdd46e0a70b8158fb8d879e13787edf7e8e827": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK224.bin",
+        "Certificate": {
+            "serial_number": "d3003f7214f16880456b07586ad37c9b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "53ce3c7a641cd03d2020e4ae42c769a8c6d353df": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK225.bin",
+        "Certificate": {
+            "serial_number": "20a718d19f089db04a8e2c1f162da905",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "61c446ae133d5cc220f154873b876abda4672770": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK226.bin",
+        "Certificate": {
+            "serial_number": "b45906da5f58bd94418b8e530ac8f5b6",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ac56435c63b80eb7dcb43c6ddbe4f4e4e0faaaf9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK227.bin",
+        "Certificate": {
+            "serial_number": "a5e4229b17d3bab5495d5767676f4621",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "92857c91364c6dd5ec16ea11d913c1f1d96d0c4e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK228.bin",
+        "Certificate": {
+            "serial_number": "5084d0f7054a91bb42ca7bb6bb6b2434",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "56fedb0a9ddc898e514b045486d1a4bc9253f142": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK229.bin",
+        "Certificate": {
+            "serial_number": "daa79e8e858056b640ec2693fa73928c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "36cb17380c71bc5cfb000a8bbbc801c24484bef7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK23.bin",
+        "Certificate": {
+            "serial_number": "49475bdf6aac25bb491dcf99ec8b1111",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "3be3a2e862b956a1fe2bda1083eceb92da995b82": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK230.bin",
+        "Certificate": {
+            "serial_number": "a7622fcaffb17bbf4568c5130d55d87b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f6484061087d2ea5bd64361918cb6a4cf0e71833": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK231.bin",
+        "Certificate": {
+            "serial_number": "e42316b2f88fb7894c0c188e77ec7a85",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "56e533bec9fad69d29c677cd46dee9aea8853262": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK232.bin",
+        "Certificate": {
+            "serial_number": "7444e7bb97d277824a39f65af13ef547",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cd2fdebc1a64b60f6a8c9c9120ac98ae86755932": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK233.bin",
+        "Certificate": {
+            "serial_number": "3e3b336e683b4d9e4d39f0214a9e33a2",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "61acef140425176fb81598c59187a3e66ac6ac8a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK299.bin",
+        "Certificate": {
+            "serial_number": "50401d8fa3db63a5498848df25f3f9bb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ab4ec663a9a129eb656b4276578ac422a6efc109": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK235.bin",
+        "Certificate": {
+            "serial_number": "3b8476cbcd6d71ac4f69b48cbee132d4",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "40ea0930c8cb6837ccf6a413591eb0d0c06995b6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK236.bin",
+        "Certificate": {
+            "serial_number": "f2ea8f0c3732678f47eb51905458c9f1",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "67c4e67a36341371cdb408aaba93c518a16a8025": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK296.bin",
+        "Certificate": {
+            "serial_number": "db296e4a6e8380914b6205884819ec1c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b146e020f5b50fc3f3d934097e4c446fad34fb01": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK238.bin",
+        "Certificate": {
+            "serial_number": "9214bdca8183b4884153ca8076e1fd3f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "763d4618a6e38efa97f7981b20eb8028a2f81e96": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK297.bin",
+        "Certificate": {
+            "serial_number": "6b4929cd3158c7ad4953abb88e1a499e",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7aa5faf496fa7187f6aa8519f09958dc64c0b9f0": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK24.bin",
+        "Certificate": {
+            "serial_number": "fcbdd6865919e8ad4e66a31e3fbd3afa",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "1cb613c4d328efb82a05a487ed478180e14ebd6d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK240.bin",
+        "Certificate": {
+            "serial_number": "95c64743430f6baf424a31d3f1505c38",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "781c2f108d4288abbde56449d3423a95dd65e6f2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK305.bin",
+        "Certificate": {
+            "serial_number": "5d45503d0896b99347deff7dd2aea1cd",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1d94f2cad3b762970d9f5dbdf11a7531d85ecdd1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK304.bin",
+        "Certificate": {
+            "serial_number": "cf84f32e6313189a425fe54a54c360ab",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f6ed06653ca6da1a9cbf6f3e5fbf43ca6eb5caa2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK301.bin",
+        "Certificate": {
+            "serial_number": "7640b9bae602e9a7446e30d4c1cf9ad9",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5a32745c32da00dade89facf47b3c4cfd247615e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK302.bin",
+        "Certificate": {
+            "serial_number": "49e250db013c2584442f8b10d705f62f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "2783e79cb571f9cea672a3202844f868a4936169": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK303.bin",
+        "Certificate": {
+            "serial_number": "576da1259d5dec89462b7147e9df8573",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "bdcc83dcf7edb2709f37ce4e04268deb6288593e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK307.bin",
+        "Certificate": {
+            "serial_number": "92f57b2ae20d4cb64d6c046d376f7513",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ae0d9c9dbb888f1be593967bd402d379188717d1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK247.bin",
+        "Certificate": {
+            "serial_number": "16fee65dafcb63894000fcb69be439e2",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "793ea31212b4898d4b04f25414d7035d8e2924eb": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK248.bin",
+        "Certificate": {
+            "serial_number": "c651f5b982fdb9944a452ebdb168a72d",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "dbb6be913c548b3ae61a2bbdd5ec617682a567f3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK249.bin",
+        "Certificate": {
+            "serial_number": "9fb2d31761f8f08e4babb9822bf0da2f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "48909899fa9acb5329f534efdd406dd2e2b94eba": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK25.bin",
+        "Certificate": {
+            "serial_number": "ac79282547a756834125e3225837d01a",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "531c9081ac017ffebd280690a4f326bee94365f7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK250.bin",
+        "Certificate": {
+            "serial_number": "cbf81a2d41b793a7403e2681390c6b67",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d3aa7041d81188d1888d5bb9635cf363b18efa56": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK251.bin",
+        "Certificate": {
+            "serial_number": "3795b364104fb8b74d31d14f51ecd6c0",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7696aefa450bd31667bc2b2b06fe8e135359d58e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK252.bin",
+        "Certificate": {
+            "serial_number": "b39c7d3958331686456ef627a03fd8d5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "76d9e6a0e20a905f055432554a936f9a15d38d20": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK253.bin",
+        "Certificate": {
+            "serial_number": "c60e611c26657be4d042d27f019070e",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8dd780cee1b84afc10e986ca8685901e8775a552": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK254.bin",
+        "Certificate": {
+            "serial_number": "8631955619e1d185486000b80887f915",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5f11eeccb10336e653088cba0abc62f2533271a6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK255.bin",
+        "Certificate": {
+            "serial_number": "994f8b12db0c8db2496ed70ffb2dd913",
+            "issued_to": "CN=Ideapad Products",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "dbec83469fcf583cd7b61690744ce321d3c46510": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK256.bin",
+        "Certificate": {
+            "serial_number": "8e8383831d02840c",
+            "issued_to": "CN=Lenovo UEFI Whitley PK,O=Lenovo,L=Raleigh,ST=NC,C=US",
+            "issued_by": "CN=Lenovo UEFI Whitley PK,O=Lenovo,L=Raleigh,ST=NC,C=US"
+        }
+    },
+    "30e8b2877678e1f8605535ad4f5e2840d63571b8": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK257.bin",
+        "Certificate": {
+            "serial_number": "c6b285ab3d2d2799",
+            "issued_to": "CN=Lenovo UEFI AMD PK,OU=DCG,O=Lenovo,L=Morrisville,ST=NC,C=US",
+            "issued_by": "CN=Lenovo UEFI AMD PK,OU=DCG,O=Lenovo,L=Morrisville,ST=NC,C=US"
+        }
+    },
+    "428c2b176518898ac2e093f729b9c9df1dc6c96a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK258.bin",
+        "Certificate": {
+            "serial_number": "aaaffa3d01cd7ae3",
+            "issued_to": "CN=Lenovo,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US",
+            "issued_by": "CN=Lenovo,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US"
+        }
+    },
+    "5e84afcc7127c4e7c78bc24b757c8a7a27240cd2": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK259.bin",
+        "Certificate": {
+            "serial_number": "99e9d5871461bf79",
+            "issued_to": "CN=Lenovo,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US",
+            "issued_by": "CN=Lenovo,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US"
+        }
+    },
+    "1b6648716004895e27e53ed665eca63b7f91e1a5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK26.bin",
+        "Certificate": {
+            "serial_number": "21b2d552f98f44b04ba2238bb015d4a8",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "2c731d0aa43ea0a26dc3d5d411ee90cd79ae5ef9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK260.bin",
+        "Certificate": {
+            "serial_number": "ecf4a5d39817e0ee",
+            "issued_to": "CN=\\ Lenovo UEFI Idaville PK,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US",
+            "issued_by": "CN=\\ Lenovo UEFI Idaville PK,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US"
+        }
+    },
+    "43992837612fc135aeb3594fbec5e7cc17016e32": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK261.bin",
+        "Certificate": {
+            "serial_number": "be58f5a8c01415bd",
+            "issued_to": "CN=\\ Lenovo UEFI Siena PK,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US",
+            "issued_by": "CN=\\ Lenovo UEFI Siena PK,OU=ISG,O=Lenovo,L=Morrisville,ST=North Carolina,C=US"
+        }
+    },
+    "b72ec1f8eaeecad025a8e46fba1e74083e34c5f1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK262.bin",
+        "Certificate": {
+            "serial_number": "6b060f310fb9f9864f07787135dd70b4",
+            "issued_to": "CN=Fujitsu Client Computing Limited PK Certificate CA 2020",
+            "issued_by": "CN=Fujitsu Client Computing Limited PK Certificate CA 2020"
+        }
+    },
+    "29ad09046f5c4ae5f40afa9ecf22a07ae3587bf3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK263.bin",
+        "Certificate": {
+            "serial_number": "1",
+            "issued_to": "CN=PK,OU=Fujitsu Technology Solutions Code Signing CA,O=Fujitsu Technology Solutions GmbH,L=Munich,ST=Bavaria,C=DE",
+            "issued_by": "CN=PK,OU=Fujitsu Technology Solutions Code Signing CA,O=Fujitsu Technology Solutions GmbH,L=Munich,ST=Bavaria,C=DE"
+        }
+    },
+    "aeebf078103f455746efb0d67c5a864e0cd60dcc": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK264.bin",
+        "Certificate": {
+            "serial_number": "198d9207732d67a7edea3fc45a1f34d66a086e4",
+            "issued_to": "CN=Lenovo UEFI PK,O=Lenovo,L=Raleigh,ST=NC,C=US",
+            "issued_by": "CN=Lenovo UEFI PK,O=Lenovo,L=Raleigh,ST=NC,C=US"
+        }
+    },
+    "4e4ec063bfa084761214f55fe4ad0a404599f4d6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK265.bin",
+        "Certificate": {
+            "serial_number": "9ec6736fafd2e8548cbd812012e0843",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "182cb6b1b555d987d40315d9b04cedcbce6dd99f": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK82.bin",
+        "Certificate": {
+            "serial_number": "31e2c8a16bd4c6834517f13bcba58187",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "59f9c7c740c2f98e2dcd4643162eb8644e93f34f": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK267.bin",
+        "Certificate": {
+            "serial_number": "49b5b32e1f5c3498437b003226f0fa39",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "c4c1178f969d7b10774f0e62b2d8072f65b67367": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK268.bin",
+        "Certificate": {
+            "serial_number": "57d73385a403478047480469ce5058d5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1268fb893e50ff040d904d589a3690133c715c88": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK99.bin",
+        "Certificate": {
+            "serial_number": "27902bebbd10408648b3c4eca97e168c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "195b85e6f9a651bbf81dd21e30d276ddf9a6438e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK27.bin",
+        "Certificate": {
+            "serial_number": "37f81e3e363fc7b94f3ca7b67d8df9b6",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "964ec79cb896fe03ac69e9e109916539dcc7e0c3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK270.bin",
+        "Certificate": {
+            "serial_number": "ede8e095b7f78bf46df53a958b8a5b5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7244e70921cc54843e3c5f07580b91372851c154": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK271.bin",
+        "Certificate": {
+            "serial_number": "23da405c83ab9887468bfe453f515c05",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1e8299bcf63c74b93a7224f189f8f2a477c3ce5a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK272.bin",
+        "Certificate": {
+            "serial_number": "75127850e92faaf40b1bea4c1c8fd6f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ef95e29cce285d87734012ef940fb14ee0a7118b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK273.bin",
+        "Certificate": {
+            "serial_number": "5bf2ab96448a068e4f79706c1444b638",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "17d661a0ce6435e45ea437bc4c15a7db8867b9c4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK285.bin",
+        "Certificate": {
+            "serial_number": "113a5182ace883a94534440b410b08a6",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "79ee86fa9056716c6db30b91efdcc7707fe79550": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK275.bin",
+        "Certificate": {
+            "serial_number": "e415f90977c2cfb44376fb872fb161d9",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5e430cb124e928c0a9f3e268230d64f4c1416279": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK276.bin",
+        "Certificate": {
+            "serial_number": "849c235f03b276a5460db29fed241ede",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9cee85974079ea71411ad374ea99e50abaa4c03d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK281.bin",
+        "Certificate": {
+            "serial_number": "dac915b2348a36b64d5074ce00834dc9",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "24cf0744b9f47a0d22af2a9c315d60a6ac2ddc25": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK278.bin",
+        "Certificate": {
+            "serial_number": "245e787d3198c8ab404bbbdd252656cf",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cc516f7cdf05e9ff595df892e2dec6001c41ad81": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK280.bin",
+        "Certificate": {
+            "serial_number": "756480cbd09e01a74395ca368c137df5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a5a3cdecd3f8e9cabcf700a7e8c99f764669a7a9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK28.bin",
+        "Certificate": {
+            "serial_number": "13f5309caa3051aa4cd24485df20dcb7",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "f228c575a9de2a1540a4c74c99c3d0bda7ad0de4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK284.bin",
+        "Certificate": {
+            "serial_number": "848517e1a29d9db645ae77f8f7f7cfd4",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "6d92ef6a5020ae314ce8f09ae773be30bf18fa24": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK287.bin",
+        "Certificate": {
+            "serial_number": "e6e53c5efd67c5864ee5505a04075967",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "00722a6c02b506e58de6b46f0b4f35b100ad831a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK288.bin",
+        "Certificate": {
+            "serial_number": "6b252060bd753898440a44972fdb1019",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d51c18ea87d3c2177b88e60e097befefa110e955": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK289.bin",
+        "Certificate": {
+            "serial_number": "d4b294dc9d17ccb8473ac0fa6b643ce2",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "182c8f23df75661d8f506e76465bb6c2cf7417c1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK29.bin",
+        "Certificate": {
+            "serial_number": "a888bc4c689800b442710be1dda44b24",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "288fbed9acd7fdbb7fc87a1cd64c8c893d8d5a14": {
+        "KEKUpdate": "MEDION/KEKUpdate_PK1.bin",
+        "Certificate": {
+            "serial_number": "8742f4c8e657b4a44f303df3728573a7",
+            "issued_to": "CN=MEDION Certificate",
+            "issued_by": "CN=MEDION Certificate"
+        }
+    },
+    "c0f5f4f09ec708fb443b5719d884fdc682f01898": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK291.bin",
+        "Certificate": {
+            "serial_number": "fd0e8539ebecfbb243cf47c48fe15ee1",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "aabcd6b2e12f11daab01a98aff24f1f25d17b554": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK292.bin",
+        "Certificate": {
+            "serial_number": "6dbbcfd4f5273ab743d024c07c7ef93e",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7cd58d830062d198837ba00716606b3aaa17dfae": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK293.bin",
+        "Certificate": {
+            "serial_number": "cd5961b22a9dae914d101b5f3c02bdcb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "85b3a8a0c4f1d6d79a5483606ac71f89902413ee": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK306.bin",
+        "Certificate": {
+            "serial_number": "809fdd11cdd0aca84e61744d0a9a63d2",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "3846b24205ce00238a2e31270db639577e6d649a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK3.bin",
+        "Certificate": {
+            "serial_number": "ea61a0a5773ef5fc",
+            "issued_to": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=IDC-CDC -KEK,OU=IDC-CDC,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN",
+            "issued_by": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=IDC-CDC -KEK,OU=IDC-CDC,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN"
+        }
+    },
+    "3e994a16b9415d1d801e8fc4ff63686e68af3b19": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK30.bin",
+        "Certificate": {
+            "serial_number": "db183300014de6b346e3943dae3b900f",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "d0b089ce2f5b4dfefda59940f7fd852b2cb2a6cb": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK308.bin",
+        "Certificate": {
+            "serial_number": "bc19ccf68446c18b4a08dce9b1cb4deb",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "49c6331a4b581010fc63f80617c012f5e04f39fa": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK309.bin",
+        "Certificate": {
+            "serial_number": "ebb513d46bb1dc6e",
+            "issued_to": "CN=Lenovo Ltd. PK CA 2012,O=Lenovo Ltd.,L=Yokohama,ST=Kanagawa,C=JP",
+            "issued_by": "CN=Lenovo Ltd. PK CA 2012,O=Lenovo Ltd.,L=Yokohama,ST=Kanagawa,C=JP"
+        }
+    },
+    "b70ca7b5cc666ef1d4b9f14a4b41d9ffd98f5af6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK31.bin",
+        "Certificate": {
+            "serial_number": "534be028f9d779a748bec4b5174d8461",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "99399e8e394ad40915db84cc6795a08090da85dd": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK310.bin",
+        "Certificate": {
+            "serial_number": "81facc4d75299cb84280890848a85520",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b0de4e007bbda17bac26ef802e423be805f974c7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK71.bin",
+        "Certificate": {
+            "serial_number": "16ad3feb09704be44aebcc271332bd8",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "601bcd53e553aa529e43a501d583bf70b6dd61a7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK312.bin",
+        "Certificate": {
+            "serial_number": "e43682fbb8211c8c4286b59ac86c985f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cdc8c7f0d079f900df976519e16ac97b115b57da": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK313.bin",
+        "Certificate": {
+            "serial_number": "c422093827a5b34bdaac90bcc53b8d",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "fdbd28209caf122cd7cb223f1cb2e8366480caa5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK314.bin",
+        "Certificate": {
+            "serial_number": "bed4ebe53edacebc49e2af73fbb3251b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "4e8652e286dffe6032d9293e39bc7c696a47f6ef": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK315.bin",
+        "Certificate": {
+            "serial_number": "49f635016789a7a947a68b98ffdaf246",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f37cd660ca3153b6283eb2932c552956164a2f3a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK316.bin",
+        "Certificate": {
+            "serial_number": "991c6f2cf693e6934e9521400146eddb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ec8a6b176346ebff71aecde8c6294e7559d9c8f5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK317.bin",
+        "Certificate": {
+            "serial_number": "940250c66a6568a945921ca39a3f821b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9278a62e012ad1fe31b2c75e7603ac37969ac3fc": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK318.bin",
+        "Certificate": {
+            "serial_number": "4e9b2943904acd914cf5baf8380b6ec3",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "c571ee0ff9020d502323427ab71f7bdc8fa26aa4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK319.bin",
+        "Certificate": {
+            "serial_number": "24917f9e655a0a049cc7f436e1ca802",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "fc2468ca684e7c03e61470595d35017329edd8be": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK32.bin",
+        "Certificate": {
+            "serial_number": "5d236256a070b6ac49a78bae9db85782",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "64f528d9db252491df46153bc64ab2aff9359fcc": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK33.bin",
+        "Certificate": {
+            "serial_number": "35a3bd08bb4260b74ac406f885cc59eb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "15b8674981cfd505b56822b1b81e460edc2534b7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK34.bin",
+        "Certificate": {
+            "serial_number": "8f1ee5fb31d1009f4dbf0ea5986c9a3b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "81877956b87588233894da039baa69c4c71f2375": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK35.bin",
+        "Certificate": {
+            "serial_number": "566abe937917db348fcaed751a31b1a",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "91ba155812e8aff490636d938a0f54d6951ca623": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK36.bin",
+        "Certificate": {
+            "serial_number": "a62f9e7faeb7529a4c799ff70baff8b5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "b83592be779fa1ff1de5b55074c707236d0022b4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK37.bin",
+        "Certificate": {
+            "serial_number": "36b3392161bab68040fbab41a733534d",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "4d25773ba45d191bc718468b4d3b426cfee61995": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK38.bin",
+        "Certificate": {
+            "serial_number": "9e48e50f8f87e1884f0d0738c6c7fbca",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8f9217a8981715ef4608099c585010ff93f964a7": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK39.bin",
+        "Certificate": {
+            "serial_number": "51fbecd118a026af419c22606ee0bc1c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "94ac3654dbcbb59c8d0c92945aa588b20a6e7da5": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK4.bin",
+        "Certificate": {
+            "serial_number": "93ca32a9d87ab8e4",
+            "issued_to": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=PCSD_CDC-KEK,OU=PCSD_CDC,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN",
+            "issued_by": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=PCSD_CDC-KEK,OU=PCSD_CDC,O=Lenovo(Beijing) Ltd.,L=Beijing,ST=Beijing,C=CN"
+        }
+    },
+    "cc4010a6946284b6312d0a8beef3e0493d631855": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK40.bin",
+        "Certificate": {
+            "serial_number": "ac8792b8d7eb758741bd03641cb52eab",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "381477a13ff3139088f4c31379a6ff800dee0470": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK41.bin",
+        "Certificate": {
+            "serial_number": "e6687bce3252aba14dafd0a3fed28d40",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cd1b2f9e01fd81f38cb71228b9236e2089391eab": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK42.bin",
+        "Certificate": {
+            "serial_number": "5d87b4fa9d72d19241b121a2bf588a6c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "46e565ccfdd2041faa193367d18802bcbf81429d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK43.bin",
+        "Certificate": {
+            "serial_number": "bdca967346dd4a8341ba4a3451c232b9",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ddc8447cada1f408014b269f0a8d8fa6c2d35086": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK44.bin",
+        "Certificate": {
+            "serial_number": "5e21b5995b54d18a4f0bd7fc30a1befc",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ddc81bd19706ee64f1eef65eeb48b4ba0d22feef": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK45.bin",
+        "Certificate": {
+            "serial_number": "7d947e061f8f90bc400f00cf55ffa01e",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "581292d20085e4c0e928e41b59bf4bb9d5348508": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK46.bin",
+        "Certificate": {
+            "serial_number": "5e57c0a910b71b8f4a8ba7f4fe8f55e0",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "56f88d8ae89f66e6293495541303eeaebc32965b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK47.bin",
+        "Certificate": {
+            "serial_number": "ecb900af4449dc914bf0c991e40eaaf2",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "787fedaa8fcc050d1796b5c62fd534bc0c1e3d4a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK48.bin",
+        "Certificate": {
+            "serial_number": "6c88d196141a8e964f3a6b960b66fada",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ec22c5da616fb0657afe7dc772392cf52d47a6cb": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK49.bin",
+        "Certificate": {
+            "serial_number": "2aab50d67f0cdf9344424b32cd2d5093",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8f3f76cfeef8ed20c228e8f5204c8e85f719d703": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK5.bin",
+        "Certificate": {
+            "serial_number": "9bc01f3bafdb710e",
+            "issued_to": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=swqagent,OU=CCD,O=Lenovo(Beijing) Ltd,L=Beijing,ST=Beijing,C=CN",
+            "issued_by": "1.2.840.113549.1.9.1=swqagent@lenovo.com,CN=swqagent,OU=CCD,O=Lenovo(Beijing) Ltd,L=Beijing,ST=Beijing,C=CN"
+        }
+    },
+    "8e337cd49839d08055b6d1077357b54adf7cdee6": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK50.bin",
+        "Certificate": {
+            "serial_number": "c47bf4f9087c2cbb415095c5a69b98a7",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "bc786596daac49583eeb611728fa72abacf33141": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK51.bin",
+        "Certificate": {
+            "serial_number": "fd3966d9d5b122ad4313820f45b34315",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ce22a3b906844459f2998737ae8166ddf6aa0e3b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK52.bin",
+        "Certificate": {
+            "serial_number": "dd88789e5751098e49be6629beb4b4d6",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d29077fc4b53c9247da258ccf715c0cea927eb31": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK53.bin",
+        "Certificate": {
+            "serial_number": "c264ba116b91f49741dd1a101ba9726f",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "2fc1e96d4ccb3193a4c7ed0bb41a3631d104b196": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK54.bin",
+        "Certificate": {
+            "serial_number": "5281451871719c8e47391022937c02e3",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "232f4d5939143eb69a58ded45298d4e73daf1d52": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK55.bin",
+        "Certificate": {
+            "serial_number": "b2eda08413c0029144b5f4e632b845ce",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1ae095bdd403d8ab0ec955a94f8140a73c7e9ce0": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK56.bin",
+        "Certificate": {
+            "serial_number": "9352292934a63394462464ac590932ba",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5588d5386303f8bf83d3e58d7555d30068ce8b16": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK57.bin",
+        "Certificate": {
+            "serial_number": "83e677227e5edaa8452df6697b71a6d8",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "76811f6e08e0422d3207fc3fd9132b8795ab3804": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK58.bin",
+        "Certificate": {
+            "serial_number": "6ab171cac873a68b4ec00ae8a4989b23",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8a55e8381272172b2e1fd810012fc9c9e0619790": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK59.bin",
+        "Certificate": {
+            "serial_number": "fcb1ad163357718745bb8d9149778b1d",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1621a83141aa8c56698b8a40c5cb9340e22b9444": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK6.bin",
+        "Certificate": {
+            "serial_number": "4027475e4d811ab144ab4d0078f771e1",
+            "issued_to": "CN=Trust - Lenovo Certificate",
+            "issued_by": "CN=Trust - Lenovo Certificate"
+        }
+    },
+    "d078d189fd327ddb622b03a0c7afc332c8fa611c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK60.bin",
+        "Certificate": {
+            "serial_number": "b8d65a1081c6c0864a698281df695395",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d9fbe8ea40b882ec87fd4d4f9f443266b15b48dd": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK61.bin",
+        "Certificate": {
+            "serial_number": "9e5410dc12d52db54b28a8a0154dac35",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "7492574a186297f6a0ccab991d5db9822b557252": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK62.bin",
+        "Certificate": {
+            "serial_number": "85568d773350b78a4b8ee5b0ed427f34",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5c844dd4201265a0ac741ef3dd4ba803196f50e1": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK63.bin",
+        "Certificate": {
+            "serial_number": "b50be0ca23c200ae435fab555e8455ee",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "17e38a18043d596e79b66f8354d2a2e2a59419d8": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK64.bin",
+        "Certificate": {
+            "serial_number": "d0346dbfefc550994ca61b9311345757",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "50614e57fb67e4fc609fcbc23300359a400c9c52": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK65.bin",
+        "Certificate": {
+            "serial_number": "24cc92a1b47db6824fb33aaa9eaa6251",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ac340da0ac140edec7e687c29c956ae3215145cc": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK66.bin",
+        "Certificate": {
+            "serial_number": "33a7442baa11bba04ad9ffb3a422df59",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "e17fdaa00c2bbcf70f56f05c59901272c3547614": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK67.bin",
+        "Certificate": {
+            "serial_number": "cfd8de36f54e4bc4a241c43eb23386a",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1afc8f49fb75821ee4a2c47110bb135894eb0bed": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK68.bin",
+        "Certificate": {
+            "serial_number": "16ebccb457b7a1b44c632603eefe6b98",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "991f526b566adfca85b07a87f2d6b0ebd5b2c687": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK69.bin",
+        "Certificate": {
+            "serial_number": "768bfd82f52c95814d5cd68af8ccff1c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "59376f27aa8e99c4790a66b55eb79779f588ec99": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK7.bin",
+        "Certificate": {
+            "serial_number": "64b806506ca43fb348fad6680fa1a602",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "f2e851a4d6c74f0671dc0dcf392c96f94ae30816": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK70.bin",
+        "Certificate": {
+            "serial_number": "2e07eabc7a2ba69c47e136f9761ce124",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "3bdf26cb22ba0fc2d522b8575f1165e03a962067": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK72.bin",
+        "Certificate": {
+            "serial_number": "14e848223ec61bab44311ad09433eb6b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "75ed571b4f7044d6eb75a930db667909168e85c3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK73.bin",
+        "Certificate": {
+            "serial_number": "88449e70fe6a689e4cbeb5cf5612dbc2",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8451c3540a55d15f9dacbd39f0d3dac289c72994": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK74.bin",
+        "Certificate": {
+            "serial_number": "7c1d76eba21ed5b6490a776d96d2164a",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "dd1a17b5222d470c1dfd0c86dceb559b14e5996e": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK75.bin",
+        "Certificate": {
+            "serial_number": "b670822a31343bb448c441c02979b019",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "5b67517bd1d4df7e3a633cc8a6eccff5b783a951": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK76.bin",
+        "Certificate": {
+            "serial_number": "b42063d4db2622a04e31f33c76770148",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "30172f708cd2ccfdf4674bbd7a5d5091cfb2b2b3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK77.bin",
+        "Certificate": {
+            "serial_number": "82f731f99a8f84bd4b2eb1c0419c4138",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "8cd2799930784741f0e8591f9d3b84b66a2c9237": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK78.bin",
+        "Certificate": {
+            "serial_number": "aa0884dd46ec769243a9628753aae0f5",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "115ea830167d3fa04ccafd6269c75f209881e13a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK79.bin",
+        "Certificate": {
+            "serial_number": "5d0921e627dd13ba42c6bd2440d946bd",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9d69fa827af466e44aea60d47a11ad40c88c5ef3": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK8.bin",
+        "Certificate": {
+            "serial_number": "3062921d37cb2a844c26e89f06dbc9d0",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "e7b1f925797828ccc5b407000164037d07243e40": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK80.bin",
+        "Certificate": {
+            "serial_number": "186220837dbb54894f00f758f76a8816",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "86bc7b91b048a7b42a70f45e13abb7d74a0d315a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK81.bin",
+        "Certificate": {
+            "serial_number": "6bf74060f46bcc99497f917eaea385be",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "49fd049376ad549d9ebe3665dca5639ac463c3e8": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK83.bin",
+        "Certificate": {
+            "serial_number": "1c6b8c308b2732be4a1d5abeda46a177",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "47101516814f6d558e4bcbb4c946a6d3db36d7fd": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK84.bin",
+        "Certificate": {
+            "serial_number": "c8200c3b389537ac4b86586d8e70c314",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "29b12154ef8e50674e53ccd446f5de02f20f2126": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK85.bin",
+        "Certificate": {
+            "serial_number": "e1db78f0d9409844cead7aa5bbf6132",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a897ef2390abdf47508ec0ee698e226fa8081bcc": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK86.bin",
+        "Certificate": {
+            "serial_number": "383fed8155f51ca24aadda8a4f6a4558",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "dc88b3f2a22e4047f07797c1c61a0baf19eba91b": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK87.bin",
+        "Certificate": {
+            "serial_number": "26449a28c9dfc2b9425dddcd27924a48",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ec46c96de2f2ccaec07e8536035e2d715690f579": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK88.bin",
+        "Certificate": {
+            "serial_number": "604a6c1b28c6caba46a2197547d24ab3",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "970eeaff5e3943884a58ec599a5ab4544da1f651": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK89.bin",
+        "Certificate": {
+            "serial_number": "8c45fcb91b23daa843b166686675c05c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "cbdf1d171ffc494e329f0cbe629bf6d4de0486b4": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK9.bin",
+        "Certificate": {
+            "serial_number": "126166fd737039a44959552ca84b390b",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "06f2f8d82b4e42fe4c4c509dc26c86addf456167": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK90.bin",
+        "Certificate": {
+            "serial_number": "76e5927a5b9482ab4106143c5936a393",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "13439cf8fc47c4055b6b04d25d11949cb10948be": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK91.bin",
+        "Certificate": {
+            "serial_number": "bdf0ecb2966f8a924625e171cb867cb4",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "92868174320b6e31ac725557235e8a6f496ab20a": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK92.bin",
+        "Certificate": {
+            "serial_number": "c4db67c173f3bea74ab1bb8d1ee67f06",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "0f3cb0b6b00d2a025d0e2563d9dcc5f6b86c1a8d": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK93.bin",
+        "Certificate": {
+            "serial_number": "b0ddd71576e050be4f830d6338f74f01",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "2c763c1389924ec2ef9357825f4964d4085de59c": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK94.bin",
+        "Certificate": {
+            "serial_number": "6b9b002d0eb7d88b45edbc2ca26067cb",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "1caa1691637d1ae1c8915e205e2b71d661299800": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK95.bin",
+        "Certificate": {
+            "serial_number": "e7ed068c864fe9a342e05d3b22ec750c",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "9f5ff0a640fa7f13b8526f0d78c0a9c52b9da212": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK96.bin",
+        "Certificate": {
+            "serial_number": "6184b3a49f46f0944f0099c8ee80f8ce",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "d4c6e6de3d8fb99fdd3b41eb4a94ed72faddcf9f": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK97.bin",
+        "Certificate": {
+            "serial_number": "6c23ca970ad18ca2488a9d59dc561e04",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "a04bd153dc84e12a34caff6450c000e0d4c24aa9": {
+        "KEKUpdate": "Lenovo/KEKUpdate_Lenovo_PK98.bin",
+        "Certificate": {
+            "serial_number": "a1aec5a02ff2ef93405e5dabd9d04d96",
+            "issued_to": "CN=LENOVO",
+            "issued_by": "CN=LENOVO"
+        }
+    },
+    "ebb51e6221c7b626ba6c39402d7450a1018d12eb": {
+        "KEKUpdate": "MSI/KEKUpdate_MSI_PK3.bin",
+        "Certificate": {
+            "serial_number": "ec684b5376e1e3a9415848710b13a2a6",
+            "issued_to": "CN=MSI SHIP PK",
+            "issued_by": "CN=MSI SHIP PK"
+        }
+    },
+    "33c0eeea5e92a06e26b3f3b8cc3b013d26ca314f": {
+        "KEKUpdate": "MCJ Co, Ltd/KEKUpdate_MCJ_Co,_Ltd_PK2.bin",
+        "Certificate": {
+            "serial_number": "db5fb6f674b994bc48085d791780f5fe",
+            "issued_to": "CN=MSI SHIP PK",
+            "issued_by": "CN=Root Agency"
+        }
+    },
+    "5fb475a6dbbd6eeb7145dee46c55feea1f1ad444": {
+        "KEKUpdate": "MEDION/KEKUpdate_PK2.bin",
+        "Certificate": {
+            "serial_number": "76603bec04d218b14b2b3d9ac7aee985",
+            "issued_to": "CN=MEDION Certificate",
+            "issued_by": "CN=MEDION Certificate"
+        }
+    },
+    "961021660f68e24430288803ed9c848354bb177e": {
+        "KEKUpdate": "MEDION/KEKupdate_PK3.bin",
+        "Certificate": {
+            "serial_number": "3518b5116a93db914e4643823ce5e9ea",
+            "issued_to": "CN=MEDION_AG",
+            "issued_by": "CN=MEDION_AG"
+        }
+    },
+    "2ca96734e4a5c4056f527f0016c8c65e1224ad26": {
+        "KEKUpdate": "MSI/KEKUpdate_MSI_PK1.bin",
+        "Certificate": {
+            "serial_number": "8cb17834fb1237a04c72ab6631f4143e",
+            "issued_to": "CN=MSI NB - 2013 PK",
+            "issued_by": "CN=MSI NB - 2013 PK"
+        }
+    },
+    "c82b1878468f40413fa308557b10ed78c683345a": {
+        "KEKUpdate": "MSI/KEKUpdate_MSI_PK2.bin",
+        "Certificate": {
+            "serial_number": "1dcdb29760a12aa0433d0430993c8d84",
+            "issued_to": "CN=MSI NB PK 2022",
+            "issued_by": "CN=MSI NB PK 2022"
+        }
+    },
+    "5cff8a49a6516fa15b1f02eeb1b90608cecdecfa": {
+        "KEKUpdate": "MiTAC/KEKUpdate_MiTAC_PK1.bin",
+        "Certificate": {
+            "serial_number": "45b3fbc3fa9f298b4b0dd11e683c1aad",
+            "issued_to": "CN=MiTAC Certificate",
+            "issued_by": "CN=MiTAC Certificate"
+        }
+    },
+    "10d8609df90643180acb0d4b041332a25717465b": {
+        "KEKUpdate": "MiTAC/KEKUpdate_MiTAC_PK2.bin",
+        "Certificate": {
+            "serial_number": "18bb51d31283e7a248297891ac5feccd",
+            "issued_to": "CN=MiTAC Certificate",
+            "issued_by": "CN=MiTAC Certificate"
+        }
+    },
+    "8058e8cc51749652804bbd6f39aed713d119c64b": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK1.bin",
+        "Certificate": {
+            "serial_number": "3300000020f15e25249fab75d0000000000020",
+            "issued_to": "CN=Microsoft Hyper-V Firmware PK,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Corporation Third Party Marketplace PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "5677e0c5d061f1f9b22103dfe513f2a2a6413259": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK10.bin",
+        "Certificate": {
+            "serial_number": "33000000074b5ca54a5f122a3d000000000007",
+            "issued_to": "CN=Microsoft Surface LFF UEFI PK CA 2021,O=Microsoft Corporation,C=US",
+            "issued_by": "CN=Microsoft RSA Devices Root CA 2021,O=Microsoft Corporation,C=US"
+        }
+    },
+    "671e7745ce4c40b2890f67687555bd58fbb79aa9": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK11.bin",
+        "Certificate": {
+            "serial_number": "3300000004f69e567ed321c094000000000004",
+            "issued_to": "CN=Microsoft Surface NFF UEFI 2021 PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface NFF UEFI PK CA 2021,O=Microsoft Corporation,C=US"
+        }
+    },
+    "99e238668877651c7b3defcefbb44217f12351fe": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK12.bin",
+        "Certificate": {
+            "serial_number": "330000001d3fd706a8820a7c9e00000000001d",
+            "issued_to": "CN=Microsoft Surface LFF 3 UEFI PK CA 2016,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Corporation Third Party Marketplace Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "af75064ac6ed01c5eaf7b95eb545b47dce09887c": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK13.bin",
+        "Certificate": {
+            "serial_number": "33000000030daaa7a6a5f5ef72000000000003",
+            "issued_to": "CN=Microsoft Surface XLFF UEFI 2021 PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface XLFF UEFI PK CA 2021,O=Microsoft Corporation,C=US"
+        }
+    },
+    "b97acac0a8c1dfa6dbc85c9b776fdae5f8d58d77": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK14.bin",
+        "Certificate": {
+            "serial_number": "330000001ab955d27398f6a37500000000001a",
+            "issued_to": "CN=Microsoft Surface XLFF 2 UEFI PK CA 2016,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Corporation Third Party Marketplace Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "bb50ad1e16bc3ed055e25ea094f8126e8eb50369": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK15.bin",
+        "Certificate": {
+            "serial_number": "3300000003ed18f73dc11f610e000000000003",
+            "issued_to": "CN=Microsoft Surface LFF UEFI 2021 PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface LFF UEFI PK CA 2021,O=Microsoft Corporation,C=US"
+        }
+    },
+    "c0d8a5d0e7f59c513e6a51722bc42afddb796200": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK16.bin",
+        "Certificate": {
+            "serial_number": "33000000054b56d18f071bb69a000000000005",
+            "issued_to": "CN=Microsoft Surface LFF 3 UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface LFF 3 UEFI PK CA 2016,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "cca21d8378b62868de5fa6c3c02cc714e9d4c739": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK17.bin",
+        "Certificate": {
+            "serial_number": "3300000003d6ecf68b13e18f46000000000003",
+            "issued_to": "CN=Microsoft Surface AFF UEFI 2021 PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface AFF UEFI PK CA 2021,O=Microsoft Corporation,C=US"
+        }
+    },
+    "ed8e409f2358718db54c62c55ac4bee7d4511d02": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK18.bin",
+        "Certificate": {
+            "serial_number": "330000001350615e2400cec67c000000000013",
+            "issued_to": "CN=Microsoft Surface NFF UEFI PK CA 2015,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Corporation Third Party Marketplace Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "1b6f494b7881ff564f7f9ec7e80c064d9f948454": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK2.bin",
+        "Certificate": {
+            "serial_number": "3300000005b0d79d6a25b4bcfd000000000005",
+            "issued_to": "CN=Microsoft Surface XLFF 2 UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface XLFF 2 UEFI PK CA 2016,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "3f169742cbe8830e6f6a1c0b7008932598dd912d": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK3.bin",
+        "Certificate": {
+            "serial_number": "3300000009302d294244c1aa88000000000009",
+            "issued_to": "CN=Microsoft Surface NFF UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface NFF UEFI PK CA 2015,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "3d8660c0cb2d57b189c3d7995572a552f75e48b5": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK3d8660c0.bin",
+        "Certificate": {
+            "serial_number": "3300000014e8c838dede044ea7000000000014",
+            "issued_to": "CN=Windows OEM Devices PK,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft RSA Third Party PCA 2023,O=Microsoft Corporation,C=US"
+        }
+    },
+    "5b08e17664ccf0f114b7d9208dbb140bac4b4ec4": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK4.bin",
+        "Certificate": {
+            "serial_number": "3300000007e30d5ffb913e29fe000000000007",
+            "issued_to": "CN=Microsoft Surface NFF UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface NFF UEFI PK CA 2015,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "85ebb11e5f0e62d5e73fad3af1403d0f05f51897": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK5.bin",
+        "Certificate": {
+            "serial_number": "33000000073409b59c9726b274000000000007",
+            "issued_to": "CN=Microsoft Surface LFF 3 UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface LFF 3 UEFI PK CA 2016,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "a044d280ba35ed5c8e0756087a2a71946a0a52f0": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK6.bin",
+        "Certificate": {
+            "serial_number": "330000000621a2cf186e0ee0c0000000000006",
+            "issued_to": "CN=Microsoft Surface XLFF 2 UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface XLFF 2 UEFI PK CA 2016,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "ce2f9c35cdf1de1ddd0620a474ef374eb289821e": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK7.bin",
+        "Certificate": {
+            "serial_number": "33000000032f74d6eb1a5bea4a000000000003",
+            "issued_to": "CN=Microsoft Surface NFF UEFI 2021 PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface NFF UEFI PK CA 2021,O=Microsoft Corporation,C=US"
+        }
+    },
+    "2718162f2611b5b871123a9ebadb860a3740bac5": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK8.bin",
+        "Certificate": {
+            "serial_number": "330000000b156edb0c1862c93b00000000000b",
+            "issued_to": "CN=Microsoft Surface NFF UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface NFF UEFI PK CA 2015,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "3454ee1ae80d98bb5c2f731dd513c6c6628afb1f": {
+        "KEKUpdate": "Microsoft/KEKUpdate_Microsoft_PK9.bin",
+        "Certificate": {
+            "serial_number": "330000000ac2eb91922061dc5100000000000a",
+            "issued_to": "CN=Microsoft Surface NFF UEFI PK Signer,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US",
+            "issued_by": "CN=Microsoft Surface NFF UEFI PK CA 2015,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US"
+        }
+    },
+    "017439b429ac01514cc62311f5d5779341d57c82": {
+        "KEKUpdate": "Mouse Computer Co Ltd/KEKUpdate_Mouse_Computer_Co_Ltd_PK1.bin",
+        "Certificate": {
+            "serial_number": "2533b2fb861f1284418a149de0d93621",
+            "issued_to": "CN=BYD Certificate 2019",
+            "issued_by": "CN=BYD Certificate 2019"
+        }
+    },
+    "710131e366592696d44cf776fc35ea7112925484": {
+        "KEKUpdate": "NEC/KEKUpdate_NEC_PK1.bin",
+        "Certificate": {
+            "serial_number": "7be7a8bb8711f38c4e11f99a33d24636",
+            "issued_to": "CN=NEC Personal Computers Ltd.",
+            "issued_by": "CN=NEC Personal Computers Ltd."
+        }
+    },
+    "85606ab99633a1c0b85201af82ae1e86037b162a": {
+        "KEKUpdate": "NEC/KEKUpdate_NEC_PK2.bin",
+        "Certificate": {
+            "serial_number": "7a379136a627c5a446562e54346d8ea2",
+            "issued_to": "CN=NEC Personal Computers Ltd. PK CA 2023",
+            "issued_by": "CN=NEC Personal Computers Ltd. PK CA 2023"
+        }
+    },
+    "0e948a71b16772b478abb70ff905d917dac94309": {
+        "KEKUpdate": "NEC/KEKUpdate_NEC_PK3.bin",
+        "Certificate": {
+            "serial_number": "6f25c2afe6052fa34a2e00b92a9e2c8b",
+            "issued_to": "CN=NEC Corporation Secure Boot PK Key,OU=Infrastructure Technology Services Division,O=NEC Corporation,ST=TOKYO,C=JP",
+            "issued_by": "CN=NEC Root CA,OU=Infrastructure Technology Services Division,O=NEC Corporation,ST=TOKYO,C=JP"
+        }
+    },
+    "b09c3df05a1a75886afb9730a8f73116eecdf1bf": {
+        "KEKUpdate": "NEC/KEKUpdate_NEC_PK4.bin",
+        "Certificate": {
+            "serial_number": "61f3bb05b754d2af4974bc5cc3a1f599",
+            "issued_to": "CN=NEC Corporation Secure Boot PK Key,OU=IT Platform Division,O=NEC Corporation,ST=TOKYO,C=JP",
+            "issued_by": "CN=NEC Corporation,OU=IT Platform Division,O=NEC Corporation,ST=TOKYO,C=JP"
+        }
+    },
+    "185c53d833b03ed63a82ffdb6722a3ba3d37b211": {
+        "KEKUpdate": "NEC/KEKUpdate_NEC_PK5.bin",
+        "Certificate": {
+            "serial_number": "81a1d8852da8c982474a1da99a811fe1",
+            "issued_to": "CN=NEC Corporation.",
+            "issued_by": "CN=NEC Corporation."
+        }
+    },
+    "9ea97d56eaa9e94d913662bf6985cb11a992c271": {
+        "KEKUpdate": "NEC/KEKUpdate_NEC_PK6.bin",
+        "Certificate": {
+            "serial_number": "7f7e4f72007541a54e3d9e19c213ad7d",
+            "issued_to": "CN=PK v1 Key,C=JP,ST=TOKYO,O=NEC Corporation,OU=System Devices Division",
+            "issued_by": "CN=PK v1 Key,C=JP,ST=TOKYO,O=NEC Corporation,OU=System Devices Division"
+        }
+    },
+    "f567b2ef4988b7918f23f069d94a7a63a8682473": {
+        "KEKUpdate": "NEC/KEKUpdate_NEC_PK7.bin",
+        "Certificate": {
+            "serial_number": "1ba85539482dec8545c14e0602078e88",
+            "issued_to": "CN=PK v3 Key,C=JP,ST=TOKYO,O=NEC Corporation,OU=Infrastructure Technology Services Division",
+            "issued_by": "CN=PK v3 Key,C=JP,ST=TOKYO,O=NEC Corporation,OU=Infrastructure Technology Services Division"
+        }
+    },
+    "48e19c28f822effd9cb84a2b446455971df2f6d5": {
+        "KEKUpdate": "Panasonic/KEKUpdate_Panasonic_PK1.bin",
+        "Certificate": {
+            "serial_number": "c4a8f6dadeffbe1f",
+            "issued_to": "CN=Panasonic Corporation,OU=IT Products Business Unit\\, Business Solutions Business Group,O=Panasonic Corporation,L=Moriguchi,ST=Osaka,C=JP",
+            "issued_by": "CN=Panasonic Corporation,OU=IT Products Business Unit\\, Business Solutions Business Group,O=Panasonic Corporation,L=Moriguchi,ST=Osaka,C=JP"
+        }
+    },
+    "c2f2b9c576f99e0c6531c1ae5864bf5f38ef1183": {
+        "KEKUpdate": "Panasonic/KEKUpdate_Panasonic_PK2.bin",
+        "Certificate": {
+            "serial_number": "6deb4c68a35612b14aafcf8f4a1acf6d",
+            "issued_to": "CN=Panasonic Connect UEFI Platform Key Certificate,O=Panasonic Connect Co.\\, Ltd.,L=Chuo-ku,ST=Tokyo,C=JP",
+            "issued_by": "CN=Panasonic Connect Root Certification Authority,O=Panasonic Connect Co.\\, Ltd.,L=Chuo-ku,ST=Tokyo,C=JP"
+        }
+    },
+    "8c568945e5998124f38bc66ababdc074a0a59d10": {
+        "KEKUpdate": "Pegatron/KEKUpdate_Pegatron_PK1.bin",
+        "Certificate": {
+            "serial_number": "9ffd1e16170ed0a1",
+            "issued_to": "CN=JOPLIN",
+            "issued_by": "CN=JOPLIN"
+        }
+    },
+    "862b8fc1fba4b72f1136e0b576a2df7b6c64bbd3": {
+        "KEKUpdate": "Pegatron/KEKUpdate_Pegatron_PK2.bin",
+        "Certificate": {
+            "serial_number": "81c9ddf76f6067a5",
+            "issued_to": "CN=ZZTOP",
+            "issued_by": "CN=ZZTOP"
+        }
+    },
+    "90706ed4fb0d3aacb848175e986c5ca037d8b104": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK9.bin",
+        "Certificate": {
+            "serial_number": "88c0652a84d8b9a5434c68ef43b8decd",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK AK",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK AK"
+        }
+    },
+    "f460be12ace22a94d7107b274fcc906fbe44c8e3": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK2.bin",
+        "Certificate": {
+            "serial_number": "6d1d985f3e2d88bf4ab39e2a89b92fa0",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK BN",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK BN"
+        }
+    },
+    "c85e2a429122e4b519be5885fbbf8ab2aaf1e458": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK3.bin",
+        "Certificate": {
+            "serial_number": "46880633c4eba186460971f351f51ec0",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK ES",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK ES"
+        }
+    },
+    "5dcadc14798f304119120771884fafbf33147e26": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK4.bin",
+        "Certificate": {
+            "serial_number": "f328c2c2fb4a1bb04c9993857ba73ee6",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK ER",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK ER"
+        }
+    },
+    "c0594870426c12cef176fc95445c7a39527134d5": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK5.bin",
+        "Certificate": {
+            "serial_number": "b35bcd2640d521b14b03514215899ea9",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK HA",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK HA"
+        }
+    },
+    "4722480c21a3bd4e258caa71d382e15a88d7c0de": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK6.bin",
+        "Certificate": {
+            "serial_number": "6d82d69383ce15914b056bc3c180d90f",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK I3",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK I3"
+        }
+    },
+    "4cdb0aaf52e5a3b7b1ba0f0ede29f5de0feba5c4": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK7.bin",
+        "Certificate": {
+            "serial_number": "3037d74540645fa94efe454fe37c455c",
+            "issued_to": "CN=Positivo Informatica Secure Boot Root CA",
+            "issued_by": "CN=Positivo Informatica Secure Boot Root CA"
+        }
+    },
+    "c59350805533f6f3086cee880ee5827d88665b09": {
+        "KEKUpdate": "Positivo Tecnologia SA/KEKUpdate_Positivo_Tecnologia_SA_PK8.bin",
+        "Certificate": {
+            "serial_number": "1fb3c8cb65b4118d4f331415d4712f77",
+            "issued_to": "CN=Positivo Tecnologia SA Secure Boot PK VG",
+            "issued_by": "CN=Positivo Tecnologia SA Secure Boot PK VG"
+        }
+    },
+    "2e0dcdc4396d993318295ebd27608e5aafc2117d": {
+        "KEKUpdate": "Razer/KEKUpdate_Razer_PK1.bin",
+        "Certificate": {
+            "serial_number": "d8356ab88082a88e4817f6e3318ed886",
+            "issued_to": "CN=RAZER Certificate",
+            "issued_by": "CN=RAZER Certificate"
+        }
+    },
+    "fdfc7f3c7ef3e05776add79878216c9be0e19597": {
+        "KEKUpdate": "RedHat/KEKUpdate_RedHat_PK1.bin",
+        "Certificate": {
+            "serial_number": "fef588e8f396c0f1",
+            "issued_to": "1.2.840.113549.1.9.1=secalert@redhat.com,CN=Red Hat Secure Boot (PK/KEK key 1)",
+            "issued_by": "1.2.840.113549.1.9.1=secalert@redhat.com,CN=Red Hat Secure Boot (PK/KEK key 1)"
+        }
+    },
+    "a1bfcf363fb87908679239b2bd9cb632277eecd9": {
+        "KEKUpdate": "Samsung Mobile/KEKUpdate_Samsung_Mobile_PK7.bin",
+        "Certificate": {
+            "serial_number": "19737a3edc2c56a74c628d4842009967",
+            "issued_to": "CN=Samsung Mobile Experience WOA PK ROOT",
+            "issued_by": "CN=Samsung Mobile Experience WOA PK ROOT"
+        }
+    },
+    "a67fd2950f340d85b29644ef60dcfead8ac6967a": {
+        "KEKUpdate": "Samsung Mobile/KEKUpdate_Samsung_Mobile_PK2.bin",
+        "Certificate": {
+            "serial_number": "409b1dd51656029745ad9789765a0ac5",
+            "issued_to": "CN=SAMSUNG ELECTRONICS_PK",
+            "issued_by": "CN=SAMSUNG ELECTRONICS_Root"
+        }
+    },
+    "93577dcba3a6ddd54bfe9546683d321e8740c1a0": {
+        "KEKUpdate": "Samsung Mobile/KEKUpdate_Samsung_Mobile_PK9.bin",
+        "Certificate": {
+            "serial_number": "bacebbd2cf818ea54850188f5cd6b40a",
+            "issued_to": "CN=Samsung Mobile Production PK",
+            "issued_by": "CN=Samsung Mobile Production PK"
+        }
+    },
+    "e54305c4d2ab7123808c653220ead4316850803e": {
+        "KEKUpdate": "Samsung/KEKUpdate_Samsung_PK18.bin",
+        "Certificate": {
+            "serial_number": "237040e36a9ce4a740a98d4de4e9fe08",
+            "issued_to": "CN=Samsung Mobile Experience NC PK ROOT",
+            "issued_by": "CN=Samsung Mobile Experience NC PK ROOT"
+        }
+    },
+    "00206cd6f1df2e2e9eaf9d28d81a2aa671cb95ab": {
+        "KEKUpdate": "Supermicro/KEKUpdate_Supermicro_PK1.bin",
+        "Certificate": {
+            "serial_number": "3b98c74f9010d1a94c4383363dced485",
+            "issued_to": "CN=SUPERMICRO PK CA 2018,O=Super Micro Computer Inc.,L=San Jose,ST=CA,C=USA",
+            "issued_by": "CN=SUPERMICRO PK CA 2018,O=Super Micro Computer Inc.,L=San Jose,ST=CA,C=USA"
+        }
+    },
+    "892e6333fe1f30edeb1c93a16c9e20cc7bfacb3c": {
+        "KEKUpdate": "TONGFANG/KEKUpdate_TONGFANG_PK1.bin",
+        "Certificate": {
+            "serial_number": "912c75dd757f91be4911e412dc0dc3c0",
+            "issued_to": "CN=UNIWILL Tech UEFI Secure Boot 2019 PK",
+            "issued_by": "CN=UNIWILL Tech BIOS 2019 Root CA"
+        }
+    },
+    "d35360be5a518096786fc19df9d18b1aa59fa9da": {
+        "KEKUpdate": "TONGFANG/KEKUpdate_TONGFANG_PK2.bin",
+        "Certificate": {
+            "serial_number": "ac15cc78505dfe8e4100aae9696ef35c",
+            "issued_to": "CN=DO NOT TRUST - Test PK",
+            "issued_by": "CN=DO NOT TRUST - Test PK"
+        }
+    },
+    "81d940254998a36c8c1d1312d3b41ffdf88165d9": {
+        "KEKUpdate": "TONGFANG/KEKUpdate_TONGFANG_PK3.bin",
+        "Certificate": {
+            "serial_number": "af88bcd96170c7a84f639e6eb3ca276a",
+            "issued_to": "CN=OEM1 Test Certificate",
+            "issued_by": "CN=OEM1 Test Certificate"
+        }
+    },
+    "31c22f2a60bc83a1e361ee6959b5cdd7f4940a5e": {
+        "KEKUpdate": "TONGFANG/KEKUpdate_TONGFANG_PK31C22F2A.bin",
+        "Certificate": {
+            "serial_number": "24663bc83929aaac28419a3edca63bed893ff3d5",
+            "issued_to": "CN=AIStoneGlobal Platform Key 2024",
+            "issued_by": "CN=AIStoneGlobal Platform Key 2024"
+        }
+    },
+    "7bc94987ac5636c9249492b6600dd55ab9e7be47": {
+        "KEKUpdate": "TOSHIBA/KEKUpdate_TOSHIBA_PK7bc94987.bin",
+        "Certificate": {
+            "serial_number": "34cdb4902d5001cefea0580cfb7056b4836c6827",
+            "issued_to": "CN=Toshiba Industrial Computer,O=TOSHIBA,ST=Tokyo,C=JP",
+            "issued_by": "CN=Toshiba Industrial Computer,O=TOSHIBA,ST=Tokyo,C=JP"
+        }
+    },
+    "029d01cb5887c2e799b15ee9a360af0ec6e72622": {
+        "KEKUpdate": "Techvision/KEKUpdate_Techvision_PK1.bin",
+        "Certificate": {
+            "serial_number": "12a58a7682ed84974304e14f56889975",
+            "issued_to": "CN=Techvision Intelligent Technology Limited",
+            "issued_by": "CN=Techvision Intelligent Technology Limited"
+        }
+    },
+    "60d059444e045a0795b636aeffac566a2f294ebe": {
+        "KEKUpdate": "Twinhead/KEKUpdate_Twinhead_PK1.bin",
+        "Certificate": {
+            "serial_number": "c4e95ac9d36c132b2cb7922d2aa3053d2c60329",
+            "issued_to": "CN=Twinhead PK",
+            "issued_by": "CN=Twinhead PK"
+        }
+    },
+    "31874602b40e0bf0a3ec56f448117f464ebd325f": {
+        "KEKUpdate": "Unicompute/KEKUpdate_Unicompute_PK3.bin",
+        "Certificate": {
+            "serial_number": "bed8545820513dca",
+            "issued_to": "2.5.4.5=U90000A01,CN=UnisCompute Technology Ltd,O=UnisCompute.,L=ZhengZhou,ST=HeNan,C=CN",
+            "issued_by": "2.5.4.5=U90000A01,CN=UnisCompute Technology Ltd,O=UnisCompute.,L=ZhengZhou,ST=HeNan,C=CN"
+        }
+    },
+    "b2a64260344d3edbaa33e675b864a88b6be0444c": {
+        "KEKUpdate": "Wortmann AG/KEKUpdate_Wortmann_AG_PK1.bin",
+        "Certificate": {
+            "serial_number": "5e11f21ed7ed0c9840ab206195ab7747",
+            "issued_to": "CN=Oem Secure Boot PK 20231007",
+            "issued_by": "CN=Oem Secure Boot PK 20231007"
+        }
+    },
+    "4d902a7a7817493c92e5fbc0aaad36e049835993": {
+        "KEKUpdate": "Unicompute/KEKUpdate_Unicompute_PK4.bin",
+        "Certificate": {
+            "serial_number": "143f48d4da75e86c0080cfee3271f7cfe99851b8",
+            "issued_to": "CN=PK,OU=PG,O=VS,ST=CA,C=CN",
+            "issued_by": "CN=PK,OU=PG,O=VS,ST=CA,C=CN"
+        }
+    },
+    "1e57c71364bed37b1a4ad2020387e1376b26f1c3": {
+        "KEKUpdate": "VAIO/KEKUpdate_VAIO_PK1.bin",
+        "Certificate": {
+            "serial_number": "505ec5133b4192a5446bf6a8b0c3cfdb",
+            "issued_to": "CN=VAIO Platform Key,O=VAIO Corporation,L=Azumino-shi,ST=Nagano,C=JP",
+            "issued_by": "CN=VAIO Platform Key,O=VAIO Corporation,L=Azumino-shi,ST=Nagano,C=JP"
+        }
+    },
+    "5439db10dc3638787b4029dca206b140b06df1cd": {
+        "KEKUpdate": "Wingtech/KEKUpdate_Wingtech_PK1.bin",
+        "Certificate": {
+            "serial_number": "c54c15433ae707a444ab3aab3218adba",
+            "issued_to": "CN=WTSFlashKey",
+            "issued_by": "CN=WTSFlashKey"
+        }
+    },
+    "f3448b7388a778d7f304e9043ee86fc641307d3e": {
+        "KEKUpdate": "Wingtech/KEKUpdate_Wingtech_PK2.bin",
+        "Certificate": {
+            "serial_number": "f2de55a17fbff1b24684cf2eced6ae67",
+            "issued_to": "CN=Wingtech_G2",
+            "issued_by": "CN=Wingtech_G2"
+        }
+    },
+    "858ddd089dbb6d9ad970891c284db582f9efff42": {
+        "KEKUpdate": "XiaoMi/KEKUpdate_XiaoMi_PK1.bin",
+        "Certificate": {
+            "serial_number": "9ea9e017c834a39949118a369cccd5ec",
+            "issued_to": "CN=TimiTitanCert",
+            "issued_by": "CN=TimiTitanCert"
+        }
+    },
+    "627f9b15302866b991293bcfe87ffa77d7f94b91": {
+        "KEKUpdate": "XiaoMi/KEKUpdate_XiaoMi_PK2.bin",
+        "Certificate": {
+            "serial_number": "3327736486c271a34b1161723448c545",
+            "issued_to": "CN=TimiA7SCert",
+            "issued_by": "CN=TimiA7SCert"
+        }
+    },
+    "962b762c14271826218f4f8ccebb87aefa7b47c0": {
+        "KEKUpdate": "XiaoMi/KEKUpdate_XiaoMi_PK3.bin",
+        "Certificate": {
+            "serial_number": "e6bca469aed19c83426d0e94f3dca590",
+            "issued_to": "CN=TimiDiabloCert",
+            "issued_by": "CN=TimiDiabloCert"
+        }
+    },
+    "904c32882d630b36db44145078a4069dd4e5fd9b": {
+        "KEKUpdate": "XiaoMi/KEKUpdate_XiaoMi_PK4.bin",
+        "Certificate": {
+            "serial_number": "7803ecc79659488a43fae80048061066",
+            "issued_to": "CN=TimiRubyCert",
+            "issued_by": "CN=TimiRubyCert"
+        }
+    },
+    "853517a1e36c77f6b95ab58f0e71a397f6d13078": {
+        "KEKUpdate": "XiaoMi/KEKUpdate_XiaoMi_PK5.bin",
+        "Certificate": {
+            "serial_number": "fc9dd5972b277b14e8fbacbb1d5c313",
+            "issued_to": "CN=TimiA8Cert",
+            "issued_by": "CN=TimiA8Cert"
+        }
+    },
+    "910b2a69e9d04f8700d7a1f2e16230be4cd0bb52": {
+        "KEKUpdate": "Zebra/KEKUpdate_Zebra_PK5.bin",
+        "Certificate": {
+            "serial_number": "a44e3278bce99498",
+            "issued_to": "CN=ZEBRA Technologies",
+            "issued_by": "CN=ZEBRA Technologies"
+        }
+    }
+}
\ No newline at end of file
diff --git a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1 b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1
index 2b1ccfa..55b6ee1 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
@@ -2,6 +2,8 @@
 # License: MIT
 # Repository: https://github.com/cjee21/Check-UEFISecureBootVariables
 
+$sw = [System.Diagnostics.Stopwatch]::StartNew()
+
 # Tracking vulnerable certificate presence
 $script:vulnerableCertPresentDB = $null
 $script:vulnerableCertPresentDBDefault = $null
@@ -9,6 +11,7 @@ $script:vulnerableCertPresentDBDefault = $null
 # ANSI colors
 $reset = "$([char]0x1b)[00m"
 $white = "$([char]0x1b)[97m"
+$cyan = "$([char]0x1b)[96m"
 $yellow = "$([char]0x1b)[93m"
 $green = "$([char]0x1b)[92m"
 $red   = "$([char]0x1b)[91m"
@@ -22,16 +25,24 @@ if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdent
 
 function Get-SignatureCN {
     param([string]$s)
-
     if (-not $s) { return $null }
-    ($s -split ',')[0].Trim() -replace '^CN\s*=\s*', ''
+
+    if ($s -match 'CN\s*=\s*([^,]+)') {
+        return $matches[1].Trim()
+    }
+
+    return "N/A"
 }
 
 function Get-SignatureOrg {
     param([string]$s)
-
     if (-not $s) { return $null }
-    ($s -split ',')[1].Trim() -replace '^O\s*=\s*', ''
+
+    if ($s -match 'O\s*=\s*([^,]+)') {
+        return $matches[1].Trim()
+    }
+
+    return "N/A"
 }
 
 function Get-LatestJsonBySVN {
@@ -113,7 +124,7 @@ function Get-TimeUntilExpiration {
     )
 
     # Skip for Default PK, KEK, DB. Only Current
-    if ($Key -like "*Default*") { return "" }
+    if ($Key -like "*Default") { return "" }
         
     $now = Get-Date
     $time = [math]::Floor(($validTo - $now).TotalDays)
@@ -143,18 +154,18 @@ function Show-UEFICerts {
     )
 
     # Title
-    if ($UEFI_Values[$Key]) { 
-        Write-Host "$white$Title"
-    } else {
-        Write-Host "$yellow$Title not available"
+    if ($UEFI_Report[$Key].Error) {
+        Write-Host "$yellow$Title : $($UEFI_Report[$Key].Error)" 
+        Write-Host
         return 
-    }
+    } 
+    Write-Host "$white$Title"
 
     # Lookup DBX / DBXDefault 
-    if ($Key -like "*Default*") { $reference = "DBXDefault" } else { $reference = "DBX" }
+    if ($Key -like "*Default") { $reference = "DBXDefault" } else { $reference = "DBX" }
 
     # UEFI values
-    $Values = $UEFI_Values[$Key]
+    $Values = $UEFI_Report[$Key].Values
 
     # Check against Microsoft baseline
     foreach ($entry in $Baseline) {
@@ -171,11 +182,11 @@ function Show-UEFICerts {
 
         # Verify SignatureOwner to be Microsoft
         if ($present -and (-not ($Values.SignatureOwner -eq $SignatureOwnerMicrosoft))) {
-            Write-Host $red"SignatureOwner not Microsoft, the certificate might impersonate one."
+            Write-Host $red"SignatureOwner not Microsoft, following certificate might be compromised:"
         }
 
         # Check if revoked in reference: DBX or DBXDefault
-        $revoked = $UEFI_Values[$reference] | Where-Object {
+        $revoked = $UEFI_Report[$reference].Values | Where-Object {
             $_.SignatureOwner -eq $match.SignatureOwner -and
             $_.Subject -eq $match.Subject
         }
@@ -193,23 +204,30 @@ function Show-UEFICerts {
         }
 
         # Add asterix if cert is marked vulnerable in Microsoft JSON.
-        $vulnerable = $json.certificates | Where-Object { (Get-SignatureCN $_.subjectName) -eq $name }
+        $vulnerable = [bool]($json.certificates | Where-Object {(Get-SignatureCN $_.subjectName) -eq $name})
         if ($vulnerable) {
             $name = switch ($state) {
                 "ABSENT"  { "$name$gray*$reset" } # Recommended state for vulnerable cert
                 "REVOKED" { "$name$gray*$reset" } # Recommended state for vulnerable cert
-                "PRESENT" { "$name$red*$reset"; # CAUTION state for vulnerable cert
+                "PRESENT" { "$name$red*$reset";   # CAUTION state for vulnerable cert
                     if ($reference -eq "DBX") { 
-                        $script:vulnerableCertPresentDB = $True 
+                        $script:vulnerableCertPresentDB = $True
                     } else { 
-                        $script:vulnerableCertPresentDBDefault = $True 
+                        $script:vulnerableCertPresentDBDefault = $True
                     }
-                }
-            } 
+                } 
+            }
         } else { $name = "$name$reset$reset" } # Reserve same space without revocation asterix
 
         "{0,-17} {1,-48} {2} {3}" -f 
             "$color$state$reset", $name, "[$tag]", (Get-TimeUntilExpiration $entry.ValidTo $Key)
+
+        # Only for current variables: Certificate revocation disclaimer 
+        if ($Key -notlike "*Default" -and $vulnerable -and $script:vulnerableCertPresentDB) {
+            Write-Host "$red*CAUTION: Vulnerable certificate recommended state to be ABSENT or REVOKED."
+        } elseif ($Key -notlike "*Default" -and $vulnerable) {
+            Write-Host "$gray*Vulnerable certificate in recommended state."
+        }
     }
 
     # Remaining certs, outside of Microsoft Baseline
@@ -220,7 +238,7 @@ function Show-UEFICerts {
         $tag = "$gray$(Get-SignatureOrg $entry.Subject)$reset" # Cert O
 
         # Check if revoked in reference: DBX or DBXDefault
-        $revoked = $UEFI_Values[$reference] | Where-Object {
+        $revoked = $UEFI_Report[$reference].Values | Where-Object {
             $_.SignatureOwner -eq $match.SignatureOwner -and
             $_.Subject -eq $match.Subject
         }
@@ -237,6 +255,7 @@ function Show-UEFICerts {
         "{0,-17} {1,-48} {2} {3}" -f 
             "$color$state$reset", "$name$reset$reset", "[$tag]", (Get-TimeUntilExpiration $entry.ValidTo $Key)
     }
+    Write-Host
 }
 
 function Show-UEFIDBX {
@@ -249,20 +268,20 @@ function Show-UEFIDBX {
     )
 
     # Title
-    if ($UEFI_Values[$Key]) { 
-        Write-Host "$white$Title"
-    } else {
-        Write-Host "$yellow$Title not available"
+    if ($UEFI_Report[$Key].Error) {
+        Write-Host "$yellow$Title : $($UEFI_Report[$Key].Error)" 
+        Write-Host
         return 
-    }
+    } 
+    Write-Host "$white$Title"
 
     # EFI images (All Hashes excluding SVN hashes)
-    $UEFI_DBX_EFI_SET = @{}; $UEFI_Values[$Key].Where({ $_.SignatureOwner -ne "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
+    $UEFI_DBX_EFI_SET = @{}; $UEFI_Report[$Key].Values.Where({ $_.SignatureOwner -ne "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
         ForEach-Object { if ($_.Hash) { $UEFI_DBX_EFI_SET[$_.Hash] = $True }}
     # Certificates
-    $UEFI_DBX_CERT_SET = @{}; $UEFI_Values[$Key] | ForEach-Object { if ($_.Subject) { $UEFI_DBX_CERT_SET[$_.Subject] = $True }}
+    $UEFI_DBX_CERT_SET = @{}; $UEFI_Report[$Key].Values | ForEach-Object { if ($_.Subject) { $UEFI_DBX_CERT_SET[$_.Subject] = $True }}
     # SVN hashes
-    $UEFI_DBX_SVN_SET = @{}; $UEFI_Values[$Key].Where({ $_.SignatureOwner -eq "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
+    $UEFI_DBX_SVN_SET = @{}; $UEFI_Report[$Key].Values.Where({ $_.SignatureOwner -eq "9d132b6c-59d5-4388-ab1c-185cfcb2eb92" }) | 
         ForEach-Object { if ($_.Hash) { $UEFI_DBX_SVN_SET[$_.Hash] = $True }}
     # Apps derived SVN hashes
     $UEFI_DBX_SVN_APPS = @{}; foreach ($entry in $UEFI_DBX_SVN_SET.GetEnumerator()) {
@@ -313,7 +332,7 @@ function Show-UEFIDBX {
         }
 
     } else {
-        $label = "Only applicable if vulnerable certificate present."
+        $label = "Only applicable with vulnerable certificate present."
         Write-Host "$gray$label$reset"
     }
     
@@ -354,26 +373,42 @@ function Show-UEFIDBX {
         $UEFI_DBX_CERT_SET.Count,
         $UEFI_DBX_SVN_SET.Count, 
         $UEFI_DBX_SVN_APPS.Count
+    
+    Write-Host
 }
 
-# Read Secure Boot UEFI once; 'dbt' and 'dbtDefault' not used.
-$UEFI_Keys = @("SecureBoot","SetupMode","PK","PKDefault","KEK","KEKDefault","db","dbDefault","dbx","dbxDefault")
-$UEFI_Values = @{}
+# Read Secure Boot UEFI once
+$UEFI_Keys = @("SecureBoot","SetupMode","PK","PKdefault","KEK","KEKdefault","DB","DBdefault","DBX","DBXdefault", "DBT", "DBTdefault")
+$UEFI_Report = @{}
 foreach ($Key in $UEFI_Keys) {
     try {
-        $UEFI_Values[$Key] = Get-SecureBootUEFI -Name $Key -Decoded -ErrorAction Stop
+        $decoded = Get-SecureBootUEFI -Name $Key -Decoded -ErrorAction SilentlyContinue
+        $raw = Get-SecureBootUEFI -Name $Key -ErrorAction SilentlyContinue
+        $UEFI_Report[$Key] = [pscustomobject]@{
+            Key     = $Key
+            Values  = $decoded
+            Bytes   = if ($decoded) { [int64]$raw.Bytes.Length } else { 0 }
+            Error   = $null
+        }
     }
     catch {
-        $UEFI_Values[$Key] = $null
+        $UEFI_Report[$Key] = [pscustomobject]@{
+            Key     = $Key
+            Values  = $decoded
+            Bytes   = 0
+            Error   = $_.Exception.Message
+        }
     }
 }
 
+
+
 # Print computer info
 Import-Module $PSScriptRoot\Get-SystemOverview.psm1 -Force
 Show-DeviceOverview
 Spacer
 
-# Microsoft JSON baseline from GitHub https://raw.githubusercontent.com/microsoft/secureboot_objects/refs/heads/main/PreSignedObjects/DBX/dbx_info_msft_latest.json
+# Microsoft JSON baseline from https://raw.githubusercontent.com/microsoft/secureboot_objects/refs/heads/main/PreSignedObjects/DBX/dbx_info_msft_latest.json
 $baselineJson = Get-Content "$PSScriptRoot\..\dbx_info\dbx_info_msft_latest.json" -Raw | ConvertFrom-Json
 
 # Microsoft JSON baseline from local Windows Update rollout
@@ -391,25 +426,25 @@ $MicrosoftPK = @(
     @{ Name = "Windows OEM Devices PK"; Tag = "MS-PK"; ValidTo = "2038-09-18 22:28:26Z" }
 )
 $MicrosoftKEK = @(
-    @{ Name = "Microsoft Corporation KEK CA 2011"; Tag = "MS-KEK-2011"; ValidTo = "2026-06-24 22:51:29Z" } 
-    @{ Name = "Microsoft Corporation KEK 2K CA 2023"; Tag = "MS-KEK-2023"; ValidTo = "2038-03-02 21:31:35Z" } 
+    @{ Name = "Microsoft Corporation KEK CA 2011"; Tag = "MS-KEK-2011"; ValidTo = "2026-06-24 22:51:29Z" }
+    @{ Name = "Microsoft Corporation KEK 2K CA 2023"; Tag = "MS-KEK-2023"; ValidTo = "2038-03-02 21:31:35Z" }
 )
 $MicrosoftDB = @(
-    @{ Name = "Microsoft Windows Production PCA 2011"; Tag = "MS-Windows-2011"; ValidTo = "2026-10-19 20:51:42Z" } 
-    @{ Name = "Windows UEFI CA 2023"; Tag = "MS-Windows-2023"; ValidTo = "2035-06-13 21:08:29Z" } 
-    @{ Name = "Microsoft Option ROM UEFI CA 2023"; Tag = "MS-OptionROM-2023"; ValidTo = "2038-10-26 21:12:20Z" } 
-    @{ Name = "Microsoft Corporation UEFI CA 2011"; Tag = "MS-ThirdParty-2011"; ValidTo = "2026-06-27 23:32:45Z" } 
-    @{ Name = "Microsoft UEFI CA 2023"; Tag = "MS-ThirdParty-2023"; ValidTo = "2038-06-13 21:31:47Z" } 
+    @{ Name = "Microsoft Windows Production PCA 2011"; Tag = "MS-Windows-2011"; ValidTo = "2026-10-19 20:51:42Z" }
+    @{ Name = "Windows UEFI CA 2023"; Tag = "MS-Windows-2023"; ValidTo = "2035-06-13 21:08:29Z" }
+    @{ Name = "Microsoft Option ROM UEFI CA 2023"; Tag = "MS-OptionROM-2023"; ValidTo = "2038-10-26 21:12:20Z" }
+    @{ Name = "Microsoft Corporation UEFI CA 2011"; Tag = "MS-ThirdParty-2011"; ValidTo = "2026-06-27 23:32:45Z" }
+    @{ Name = "Microsoft UEFI CA 2023"; Tag = "MS-ThirdParty-2023"; ValidTo = "2038-06-13 21:31:47Z" }
 )
 
 # --- Secure Boot Summary ---
 # SB-SetupMode
 Write-Host "SB :" -NoNewLine
 try {
-    if ($UEFI_Values["SetupMode"].Value) { 
+    if ($UEFI_Report["SetupMode"].Values.Value) { 
         Write-Host "$yellow Setup Mode" 
     } else { 
-        Write-Host "$white User Mode" 
+        Write-Host "$reset User Mode" 
     }
 } catch {
     Write-Host "$red Unknown SetupMode status"
@@ -418,7 +453,7 @@ try {
 # SB-Enabled/Disabled
 Write-Host "SB :" -NoNewLine
 try {
-    if ($UEFI_Values["SecureBoot"].Value) { 
+    if ($UEFI_Report["SecureBoot"].Values.Value) { 
         Write-Host "$green Enabled"
     } else { 
         Write-Host "$red Disabled" 
@@ -456,26 +491,37 @@ $JSON_DBX_OPTIONAL_HASHSET = @{}; $json.images.$archJson |
     ForEach-Object { $JSON_DBX_OPTIONAL_HASHSET[$_.authenticodeHash] = $True }
 
 # Display PK, KEK, DB, DBX
-Show-UEFICerts -Title "Current PK"   -Baseline $MicrosoftPK   -Key "PK"
-Write-Host
-Show-UEFICerts -Title "Default PK"   -Baseline $MicrosoftPK   -Key "PKDefault"
-Write-Host
-Show-UEFICerts -Title "Current KEK"  -Baseline $MicrosoftKEK  -Key "KEK"
-Write-Host
-Show-UEFICerts -Title "Default KEK"  -Baseline $MicrosoftKEK  -Key "KEKDefault"
-Write-Host
-Show-UEFICerts -Title "Current DB"   -Baseline $MicrosoftDB   -Key "DB"
-
-# Certificate revocation disclaimer
-if ($script:vulnerableCertPresentDB) {
-    Write-Host ("{0}*CAUTION: Vulnerable certificate recommended to be ABSENT or REVOKED." -f $red, $gray)
-} else {
-    Write-Host ("{0}*Vulnerable certificate in recommended state." -f $gray)
+Show-UEFICerts -Title "Current PK"  -Key "PK"         -Baseline $MicrosoftPK
+Show-UEFICerts -Title "Default PK"  -Key "PKDefault"  -Baseline $MicrosoftPK
+Show-UEFICerts -Title "Current KEK" -Key "KEK"        -Baseline $MicrosoftKEK
+Show-UEFICerts -Title "Default KEK" -Key "KEKDefault" -Baseline $MicrosoftKEK
+Show-UEFICerts -Title "Current DB"  -Key "DB"         -Baseline $MicrosoftDB
+Show-UEFICerts -Title "Default DB"  -Key "DBDefault"  -Baseline $MicrosoftDB
+Show-UEFIDBX   -Title "Current DBX" -Key "dbx"
+Show-UEFIDBX   -Title "Default DBX" -Key "dbxDefault"
+
+# Total Bytes sizes
+Write-Host (
+    "UEFI Secure Boot variables: Total = {0} Bytes, DBX = {1} Bytes" -f `
+    ($UEFI_Report.Values | Measure-Object -Property Bytes -Sum).Sum,
+    $UEFI_Report["DBX"].Bytes
+)
+
+# Lookup 'Microsoft Corporation KEK 2K CA 2023' update package, if not yet PRESENT.
+$kek2023present = $UEFI_Report["KEK"].Values | Where-Object { (Get-SignatureCN $_.Subject) -eq "Microsoft Corporation KEK 2K CA 2023" -and $_.SignatureOwner -eq $SignatureOwnerMicrosoft }
+if (-not $kek2023present) {
+    # Microsoft KEK Update JSON from https://raw.githubusercontent.com/microsoft/secureboot_objects/refs/heads/main/PostSignedObjects/KEK/kek_update_map.json
+    $kekUpdateJson = Get-Content "$PSScriptRoot\..\dbx_info\kek_update_map.json" -Raw | ConvertFrom-Json
+    $match = $kekUpdateJson.PSObject.Properties.Value | Where-Object { $_.Certificate.serial_number -eq $UEFI_Report["PK"].Values.SerialNumber }
+    if ($match) {
+        $url = [uri]::EscapeUriString("https://github.com/microsoft/secureboot_objects/blob/main/PostSignedObjects/KEK/$($match.KEKUpdate)")
+        $label = "`nMicrosoft Corporation KEK 2K CA 2023 update file for your PK available at:"
+        Write-Host "$cyan$label`n$reset$url"
+    }
 }
 
-Write-Host
-Show-UEFICerts -Title "Default DB"   -Baseline $MicrosoftDB   -Key "DBDefault"
-Write-Host
-Show-UEFIDBX -Title "Current DBX"  -Key "dbx"
-Write-Host
-Show-UEFIDBX -Title "Default DBX"  -Key "dbxDefault"
+$sw.Stop()
+"$gray`nExecution time: {0} ms$reset" -f $sw.ElapsedMilliseconds
+
+#DEBUG Total Bytes sizes per Key. 
+#$UEFI_Report.Values | Where-Object Key -in $UEFI_Keys | Sort-Object Key | Format-Table Key, Error, Bytes -AutoSize

From 160a8879cb35078d76f619097430aae65c18222a Mon Sep 17 00:00:00 2001
From: jcoester <12155189+jcoester@users.noreply.github.com>
Date: Wed, 17 Jun 2026 23:49:37 +0200
Subject: [PATCH 11/11] Various small changes

- Reduce severity of cert disclaimer
- Add version to ComputerSystemProduct info, don't show BaseBoard info if prior available
- Implement arch fallback from main
---
 ...heck UEFI PK, KEK, DB and DBX-Remaster.ps1 |  31 ++++-
 ps/Get-SystemOverview.psm1                    | 128 ++++++++----------
 2 files changed, 85 insertions(+), 74 deletions(-)

diff --git a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1 b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1
index 55b6ee1..08bc308 100644
--- a/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
+++ b/ps/Check UEFI PK, KEK, DB and DBX-Remaster.ps1	
@@ -224,7 +224,7 @@ function Show-UEFICerts {
 
         # Only for current variables: Certificate revocation disclaimer 
         if ($Key -notlike "*Default" -and $vulnerable -and $script:vulnerableCertPresentDB) {
-            Write-Host "$red*CAUTION: Vulnerable certificate recommended state to be ABSENT or REVOKED."
+            Write-Host "$red*Vulnerable certificate recommended to be ABSENT or REVOKED."
         } elseif ($Key -notlike "*Default" -and $vulnerable) {
             Write-Host "$gray*Vulnerable certificate in recommended state."
         }
@@ -472,6 +472,35 @@ Spacer
 
 # Determine arch for the correct EFI revocation hashes
 $archWin = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes" -ErrorAction SilentlyContinue).OSArchitecture
+# Fallback from cjee21
+if (-not $archWin) {
+    $IsArm = $false
+    $Is64bit = $true
+    try {
+        $cpuArch = (Get-CimInstance -ClassName Win32_Processor -ErrorAction Stop).Architecture
+        # 0 = x86, 9 = x64, 5 = ARM, 12 = ARM64
+        if ($cpuArch -eq 5 -or $cpuArch -eq 12) {
+            $IsArm = $true
+        }
+        # Windows and UEFI bit-ness should always match on officially supported installs
+        # since UEFI doesn't support cross-platform boot as of https://learn.microsoft.com/en-us/windows/deployment/windows-deployment-scenarios-and-tools#windows-support-for-uefi
+        $Is64bit = [Environment]::Is64BitOperatingSystem
+    } catch {
+        Write-Warning "Unable to determine system architecture, proceeding with defaults (x64).`n"
+        $cpuArch = 9 # default x64
+    }
+    $archWin = if ($Is64bit -and $cpuArch -eq 9) { # CPU arch x64
+        "amd64"
+    } elseif ($Is64bit -and $cpuArch -eq 12) { # CPU arch ARM64
+        "arm64"
+    } elseif (-not $Is64bit -and ($cpuArch -eq 0 -or $cpuArch -eq 9)) {
+        "x86" # CPU arch can be x86 or x64, but Windows/EFI arch is x86, thus the one we need.
+    } elseif (-not $Is64bit -and $IsArm) { # cpu arch check with $IsArm above
+        "arm"
+    } else { # any other unsupported CPU architecture
+        "unsupported"
+    }
+}
 $archMap = @{
     "amd64" = "x64"
     "x86"   = "ia32"
diff --git a/ps/Get-SystemOverview.psm1 b/ps/Get-SystemOverview.psm1
index 06faa67..de3c6a3 100644
--- a/ps/Get-SystemOverview.psm1
+++ b/ps/Get-SystemOverview.psm1
@@ -25,12 +25,12 @@ function Get-WindowsVersionFromBuild([int]$Build) {
 function Resolve-ArchName {
     param([string]$Arch)
 
-    switch ($Arch.ToUpper()) {
+    switch ($Arch) {
         "AMD64" { "AMD64/X64" }
         "ARM"   { "ARM" }
         "ARM64" { "ARM64/AARCH64" }
         "X86"   { "X86/IA32" }
-        default { $Arch }
+        default { "N/A. Please report." }
     }
 }
 
@@ -45,41 +45,24 @@ function Show-PartitionStyleDisclaimer() {
     }
 }
 
-
-function Format-Set($Values) {
-
-    $Exclude = @(
-        'Default String'
-        'System Manufacturer'
-        'System Product Name'
-        'System Version'
-        'To Be Filled By O.E.M.'
-    )
-
-    # Filter out empty, exclude list, duplications. Return most specific (first of given set)
-    $clean = $Values | Where-Object { $_ -and $_ -notin $Exclude } | Select-Object -Unique
-
-    # Filter out substrings of others
-    foreach ($v in @($clean)) {
-        if ($clean | Where-Object { $_ -ne $v -and $_ -like "*$v*" }) {
-            $clean = $clean -ne $v
-        }
-    }
-
-    $clean | Select-Object -First 1 
-}
-
-function Format-DeviceModel([string[]]$Values) {
-
-    # Build tiers, most specific to most generic device info
-    $t1 = Format-Set $Values[0,1] # OEMModelNumber, OEMModelBaseBoard 
-    $t2 = Format-Set $Values[2,3] # OEMModelSystemFamily, OEMModelSystemVersion 
-    $t3 = Format-Set $Values[4] # OEMModelSKU
-    $t4 = Format-Set $Values[5] # OEMModelBaseBoardVersion
-
-    # T1 -> T2 -> T3 + T4 as combined fallback 
-    $result = if ($t1) { @($t1) } elseif ($t2) { @($t2) } else { @($t3) + @($t4) }
-    $result -join ' - '
+function Format-Set {
+    param([string[]]$Values)
+
+    $clean = @($Values) |
+        ForEach-Object { 
+            if ($_ ) { $_.ToString().Trim() } else { $null } 
+        } |
+        Where-Object {
+            $_ -and
+            $_ -ne 'Default String' -and
+            $_ -ne 'To Be Filled By O.E.M.' -and
+            $_ -ne 'System Manufacturer' -and
+            $_ -ne 'System Product Name' -and
+            $_ -ne 'System Version'
+        } |
+        Select-Object -Unique
+
+    if ($clean) { $clean -join " " } else { $null }
 }
 
 function Show-UEFISecureBootEnabled($prefix) {
@@ -87,7 +70,7 @@ function Show-UEFISecureBootEnabled($prefix) {
 
     $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State"
     $prop = "UEFISecureBootEnabled"
-    $value = (Get-ItemProperty $path).$prop
+    $value = (Get-ItemProperty $path -ErrorAction SilentlyContinue).$prop
 
     switch ($value) {
         1 { Write-Host "Enabled" -ForegroundColor Green }
@@ -102,7 +85,7 @@ function Show-WindowsUEFICA2023Capable($prefix) {
      
     $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing"
     $prop = "WindowsUEFICA2023Capable"
-    $value = (Get-ItemProperty $path).$prop
+    $value = (Get-ItemProperty $path -ErrorAction SilentlyContinue).$prop
     switch ($value) {
         2 { Write-Host "Windows UEFI CA 2023 cert in DB. Starting from 2023 signed boot manager" -ForegroundColor Green }
         1 { Write-Host "Windows UEFI CA 2023 cert in DB. But NOT starting from 2023 signed boot manager" -ForegroundColor Red }
@@ -117,7 +100,7 @@ function Show-UEFICA2023Status($prefix) {
     
     $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing"
     $prop = "UEFICA2023Status"
-    $value = (Get-ItemProperty $path).$prop
+    $value = (Get-ItemProperty $path -ErrorAction SilentlyContinue).$prop
 
     switch ($value) {
         "Updated" { Write-Host "$value" -ForegroundColor Green }
@@ -127,7 +110,7 @@ function Show-UEFICA2023Status($prefix) {
     }
     
     $prop = "UEFICA2023Error"
-    $value = (Get-ItemProperty $path).$prop
+    $value = (Get-ItemProperty $path -ErrorAction SilentlyContinue).$prop
     # Show if available
     if ($value -gt 0) {
         Write-Host $prefix -NoNewLine
@@ -135,7 +118,7 @@ function Show-UEFICA2023Status($prefix) {
     }
 
     $prop = "UEFICA2023ErrorEvent"
-    $value = (Get-ItemProperty $path).$prop
+    $value = (Get-ItemProperty $path -ErrorAction SilentlyContinue).$prop
     # Show if available
     if ($value -gt 0) {
         Write-Host $prefix -NoNewLine
@@ -149,7 +132,7 @@ function Show-ConfidenceLevel($prefix) {
     
     $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing"
     $prop = "ConfidenceLevel"
-    $value = (Get-ItemProperty $path).$prop
+    $value = (Get-ItemProperty $path -ErrorAction SilentlyContinue).$prop
 
     switch -Regex ($value) {
         "High Confidence" { Write-Host "$value" -ForegroundColor Green }
@@ -167,7 +150,7 @@ function Show-AvailableUpdates($prefix) {
     
     $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot"
     $prop = "AvailableUpdates"
-    $value = "0x" + ([Convert]::ToString([int64](Get-ItemProperty $path).$prop, 16)).ToUpper()
+    $value = "0x" + ([Convert]::ToString([int64](Get-ItemProperty $path -ErrorAction SilentlyContinue).$prop, 16)).ToUpper()
 
     switch ($value) {
         "0x0" { Write-Host "No Secure Boot key updates are performed" }
@@ -191,7 +174,7 @@ function Show-AvailableUpdates($prefix) {
 }
 
 function Show-WindowsVersion {
-    $windows = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
+    $windows = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -ErrorAction SilentlyContinue
     "OS : Windows {0} - {1} (Build {2}.{3})" -f `
         (Get-WindowsVersionFromBuild ([int]$windows.CurrentBuildNumber)),
         $windows.DisplayVersion,
@@ -206,36 +189,35 @@ function Show-DeviceOverview {
     Show-WindowsVersion
 }
 
-function Get-DeviceArch {
-    (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes").OSArchitecture
-}
-
 function Show-Device {
     # Show Secure Boot related device hardware and firmware info
-    $device  = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\DeviceAttributes"
-
-    # Hardware
-    "HW : {0} - {1} - {2}" -f `
-        ((Format-Set @(
-            $device.OEMName
-            $device.OEMManufacturerName
-            $device.BaseBoardManufacturer
-        )) -join " - "),
-        (Format-DeviceModel @(
-            $device.OEMModelNumber    
-            $device.OEMModelBaseBoard
-            $device.OEMModelSystemFamily
-            $device.OEMModelSystemVersion
-            $device.OEMModelSKU
-            $device.OEMModelBaseBoardVersion
-        )),
-        (Resolve-ArchName $device.OSArchitecture)
-        
-    # Firmware
-    "FW : {0} - {1} - {2}" -f `
-        $device.FirmwareManufacturer,
-        $device.FirmwareVersion,
-        ([datetime]$device.FirmwareReleaseDate).ToString('dd MMM yyyy')
+    $cim_cs = Get-CimInstance -ClassName Win32_ComputerSystemProduct -ErrorAction SilentlyContinue
+    $cim_bb = Get-CimInstance -ClassName Win32_BaseBoard -ErrorAction SilentlyContinue
+    $cim_fw = Get-CimInstance -ClassName Win32_BIOS -ErrorAction SilentlyContinue
+
+    $cs = if ($cim_cs) { Format-Set @($cim_cs.Vendor, $cim_cs.Name, $cim_cs.Version) } else { $null }
+    $bb = if ($cim_bb) { Format-Set @($cim_bb.Manufacturer, $cim_bb.Product, $cim_bb.Version) } else { $null }
+
+    $fwM = if ($cim_fw) { $cim_fw.Manufacturer } else { $null }
+    $fwV = if ($cim_fw) { $cim_fw.SMBIOSBIOSVersion } else { $null }
+    $fwD = $null
+    if ($cim_fw -and $cim_fw.ReleaseDate) {
+        try { $fwD = ([datetime]$cim_fw.ReleaseDate).ToString('dd MMM yyyy') }
+        catch { $fwD = $cim_fw.ReleaseDate }
+    }
+
+    # Print ComputerSystemProduct if available
+    if ($cs) { 
+        "HW : $cs" 
+    # Print BaseBoard if available
+    } elseif ($bb) {
+        "HW : $bb"
+    } else { 
+        "HW : N/A" 
+    }
+    
+    $fw = (@($fwM, $fwV, $fwD) | Where-Object { $_ }) -join " - "
+    if ($fw) { "FW : $fw" } else { "FW : N/A"}
 }
 
 Export-ModuleMember -Function `