diff --git a/03-install.sh b/03-install.sh
index dab6937..c31d2f3 100644
--- a/03-install.sh
+++ b/03-install.sh
@@ -1,15 +1,14 @@
 #!/bin/sh
-# TODO:
-# - Check all variables to avoid root execution on unspecified places
 
 debian_install_certs() {
 # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
 
 echo_debug "Instalando dependencias" # DEBUG
-tsudo apt-get install -y unzip binutils p11-kit pcscd bubblewrap icedtea-netx > /dev/null
+tsudo apt-get install -y unzip binutils p11-kit pcscd bubblewrap icedtea-netx > /dev/null || return 1
 
 echo_debug "Extraer fichero" # DEBUG
-(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
+[ -z "$SAVE_DIR" ] || [ -z "$SAVE_FILE" ] && return 1
+(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null) || return 1
 
 echo_debug "Copiar certificados" # DEBUG
 for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do
@@ -21,6 +20,7 @@ echo_debug "Extraer módulo privativo" #DEBUG
 PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.deb")"
 PACKAGE_DIR="${PACKAGE%/*}"
 PACKAGE="${PACKAGE##*/}"
+[ -z "$PACKAGE_DIR" ] || [ -z "$PACKAGE" ] && return 1
 (cd "$PACKAGE_DIR" && ar p "$PACKAGE" data.tar.gz | tar zx ./usr/lib/x64-athena/libASEP11.so)
 tsudo cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
 
@@ -153,10 +153,11 @@ fedora_install_certs() {
 # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-fedora/
 
 echo_debug "Instalando dependencias" # DEBUG
-tsudo dnf -y install unzip pcsc-lite icedtea-web > /dev/null
+tsudo dnf -y install unzip pcsc-lite icedtea-web > /dev/null || return 1
 
 echo_debug "Extraer fichero" # DEBUG
-(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
+[ -z "$SAVE_DIR" ] || [ -z "$SAVE_FILE" ] && return 1
+(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null) || return 1
 
 echo_debug "Copiar certificados" # DEBUG
 tsudo cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/pki/ca-trust-source/anchors/
@@ -166,9 +167,10 @@ echo_debug "Extraer módulo privativo" # DEBUG
 PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.rpm")"
 PACKAGE_DIR="${PACKAGE%/*}"
 PACKAGE="${PACKAGE##*/}"
+[ -z "$PACKAGE_DIR" ] || [ -z "$PACKAGE" ] && return 1
 (cd "$PACKAGE_DIR" &&
 	rm -r ./usr/lib/x64-athena/libASEP11.so
-	rpm2cpio "$PACKAGE" | cpio -dim ./usr/lib/x64-athena/libASEP11.so)
+	rpm2cpio "$PACKAGE" | cpio -dim ./usr/lib/x64-athena/libASEP11.so) || return 1
 tsudo cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib64/
 
 echo_debug "Symlinks y componentes..." # DEBUG
@@ -218,9 +220,10 @@ echo 'remote: |bwrap --unshare-all --dir /tmp --proc /proc --dev /dev --ro-bind
 
 arch_install_certs() {
 echo_debug "Instalando dependencias" # DEBUG
-tsudo pacman -S --noconfirm --needed unzip cpio rpm-tools pcsclite ccid jre8-openjdk icedtea-web
+tsudo pacman -S --noconfirm --needed unzip cpio rpm-tools pcsclite ccid jre8-openjdk icedtea-web > /dev/null || return 1
 
 echo_debug "Extraer fichero" # DEBUG
+[ -z "$SAVE_DIR" ] || [ -z "$SAVE_FILE" ] && return 1
 (cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
 
 echo_debug "Copiar certificados" # DEBUG
@@ -228,6 +231,7 @@ tsudo cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/ca-certifica
 tsudo update-ca-trust
 
 echo_debug "Extraer módulo privativo" # DEBUG
+[ -z "$PACKAGE_DIR" ] || [ -z "$PACKAGE" ] && return 1
 (cd "$PACKAGE_DIR" && rpm2cpio "$PACKAGE" | cpio -dim ./usr/lib/x64-athena/libASEP11.so)
 tsudo cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/
 
@@ -240,7 +244,40 @@ ln -sf /usr/lib/libASEP11.so /usr/local/lib/
 ln -sf /usr/lib/libASEP11.so /Firma_Digital/LIBRERIAS/
 ln -sf /usr/share/ca-certificates/trust-source/anchors /Firma_Digital/CERTIFICADOS
 ln -sf /usr/lib/p11-kit-proxy.so /usr/lib/firefox/libosclientcerts.so
+systemctl enable --now pcscd.socket > /dev/null
 '
+
+echo_debug "Configurando IDPClientDB" # DEBUG
+tsudo sh -c "
+mkdir -p /etc/Athena
+echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
+<IDProtect>
+ <TokenLibs>
+  <IDProtect>
+   <Cards>
+    <IDProtectXF>
+     <ATR type='hexBinary'>3BDC00FF8091FE1FC38073C821106600000000000000</ATR>
+     <ATRMask type='hexBinary'>FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000</ATRMask>
+    </IDProtectXF>
+   </Cards>
+  </IDProtect>
+  <ChipDoc>
+   <Cards>
+    <ChipDocEMV>
+     <ATR type='hexBinary'>3BEA00008131FE450031C173C840000090007A</ATR>
+     <ATRMask type='hexBinary'>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</ATRMask>
+    </ChipDocEMV>
+   </Cards>
+  </ChipDoc>
+ </TokenLibs>
+</IDProtect>\" > /etc/Athena/IDPClientDB.xml
+"
+
+echo_debug "Configurando p11-kit/modules" # DEBUG
+tsudo sh -c "
+mkdir -p /usr/share/p11-kit/modules
+echo 'remote: |bwrap --unshare-all --dir /tmp --proc /proc --dev /dev --ro-bind /etc/Athena /etc/Athena --ro-bind /usr /usr --ro-bind /lib64 /lib64 --ro-bind /run/pcscd /run/pcscd p11-kit remote /usr/lib/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
+"
 }
 
 install_certs() {