Also hook PK variable to return a fake PK from file.

[BlinD-HuNTeR]

Hello! First of all, thank you for this project! Faking the existence of SecureBoot does have some cool usages. And the first thing that comes to my mind is CustomKernelSigners. It's basically a builtin Windows mechanism to enable the loading of drivers that are signed by one's own custom certificate, with no need for disabling DSE or enabling Test Mode.

The thing is, CustomKernelSigners only works with SecureBoot enabled, and it also requires you to install your custom certificate as the Platform Key, in order to allow the loading of drivers signed with that certificate.

If you could enable the faking of the PK variable, to return an arbitrary certificate generated by the user instead, then it would allow the use of CustomKernelSigners by anyone, without enabling SecureBoot, nor messing with the firmware. It would just be a matter of installing your driver and providing the fake PK.

I'm still not sure about the format of the PK that is returned from GetVariable, or how you would implement reading the fake PK from, let's say, a certificate file, and converting it to the expected format (or maybe embed it directly on the driver). But if you ever get some time to invest on it, it would be really awesome!

Thank you again for this awesome project!