The GUID im using is 301d199a-4dc1-4b26-b557-a012d83d7a52 and the
variable names are file_name and file_hash, im using the following
script to generate my key/cert.
genkeys.sh: https://pastebin.com/iYEFLQD7
The payloads im trying to write is generated using a small script
which receive a single parameter which is a file name, the script
just create two files, file_name.txt with the file name converted
to CHAR16 and file_hash.txt with the SHA512 of the contents of the
file. Then the script uses sbvarsign to sign both, creating
file_name.signed and file_hash.signed using the previous generated
keys.
create_auth_var_files.sh: https://pastebin.com/XhV9RbEB
No, we do not have access to the manufacturer's PK/KEK, so I created my own keys and certs. Theoretically, to debug this you can send me the GUID/Name and payload you are trying to write, I can check if I can write your variable with my tool and signing. Then I could look at your code and compare with mine and see why it does not work. If your code works on my devices, maybe the specific model you have has some issue? BTW, try the other vendors, like Lenovo and HP. I only cannot promise when I will be able to get to it with holidays approaching and many other things to do...