VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkavsrf <kavsrf@gmail.com>2017-03-19 14:05:02 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2017-06-18 13:41:14 (GMT)
commit51088d231d73cbe14516d553e97237e7f5a4f147 (patch)
treed27fde3652d9a852d43a3859f5314bd4ae7f13d1
parentbd99a40d81e34e048dc8e6daefc7ff3d9f3aef56 (diff)
downloadVeraCrypt-DCS-51088d231d73cbe14516d553e97237e7f5a4f147.zip
VeraCrypt-DCS-51088d231d73cbe14516d553e97237e7f5a4f147.tar.gz
os hide prepare option
-rw-r--r--DcsCfg/DcsCfg.h3
-rw-r--r--DcsCfg/DcsCfg.man68
-rw-r--r--DcsCfg/DcsCfgCrypt.c326
-rw-r--r--DcsCfg/DcsCfgMain.c95
-rw-r--r--DcsCfg/DcsCfgSetup.c2
-rw-r--r--Include/Library/CommonLib.h3
-rw-r--r--Include/Library/DcsCfgLib.h1
-rw-r--r--Library/CommonLib/EfiConsole.c15
-rw-r--r--Library/DcsCfgLib/GptEdit.c23
9 files changed, 449 insertions, 87 deletions
diff --git a/DcsCfg/DcsCfg.h b/DcsCfg/DcsCfg.h
index 6fda422..412e4c4 100644
--- a/DcsCfg/DcsCfg.h
+++ b/DcsCfg/DcsCfg.h
@@ -80,6 +80,9 @@ GptEdit(
IN UINTN index
);
+EFI_STATUS
+OuterInit();
+
//////////////////////////////////////////////////////////////////////////
// Security regions
//////////////////////////////////////////////////////////////////////////
diff --git a/DcsCfg/DcsCfg.man b/DcsCfg/DcsCfg.man
index 72575dc..1edcbe4 100644
--- a/DcsCfg/DcsCfg.man
+++ b/DcsCfg/DcsCfg.man
@@ -3,29 +3,15 @@
Configure boot loader parameters and tests EFI environment for compatibility
.SH SYNOPSIS
-DcsCfg -dl
-DcsCfg -dc -ds <BN> -de <BN> -aa [-rnd rnddata]
-DcsCfg -db <BN>
+DcsCfg -dl <d|a>
+DcsCfg -dc -ds <BN> -de <BN> -aa
DcsCfg -aa
-DcsCfg -dec <BN> -aa [-rnd rnddata]
-DcsCfg -ddc <BN> -aa
-DcsCfg -dcp <BN>
-DcsCfg -ul
-DcsCfg -tl
-DcsCfg -tt <TN>
-DcsCfg -gl
-DcsCfg -gd <GN>
-DcsCfg -gm <mode>
-DcsCfg -bl
-DcsCfg -bt
-DcsCfg -setup
DcsCfg -ds <BN> -pl
DcsCfg -pf <gpt_file_name> -pl
DcsCfg -ds <BN> -pf <gpt_file_name> -ps
DcsCfg -ds <BN> -pf <gpt_file_name> -pa
-DcsCfg -pf <gpt_file_name> -pe -aa
-DcsCfg -pf <gpt_file_name> -pd -aa
-DcsCfg -pf <gpt_file_name> -pmirror <PNB> <PNM> -ps
+DcsCfg -pf <gpt_file_name> -pe -aa -rnd <rnd_data>
+DcsCfg -pf <gpt_file_name> -pd -aa -rnd <rnd_data>
DcsCfg -pf <gpt_file_name> -pnt <PNT> -phide <HS> <HE> -ps
DcsCfg -kp <key_file>
DcsCfg -ds <BN> -srm <total_security_regions>
@@ -35,29 +21,35 @@ DcsCfg -ds <BN> -wipe <start> <end>
.SH OPTIONS
- -dc - check devices (try to authorize)
- -dl - block device list (order numbers are used in -db and -se)
+** Devices
+ -dl - block device list (numbers are used in -ds, -de)
-ds <BN> select device
-de <BN> end device to check (starts from select)
- -db <BN> - boot partition selection
+ -dc - check devices (try to authorize)
+ -ul - USB devices list
+ -tl - Touch devices list
+ -tt <TN> - Test touch device
+ -gl - graphics device list
+ -gd <GN> - graphics device select
+ -gm <mode> - graphics mode select
+ -bl - Beep device list
+ -bt - Beep device test
+ -setup - interactive setup (TODO)
+
+** Crypt volume
-aa - ask authorization parameters
-ach - create header on block device
-vec <BN> - block device encrypt
-vdc <BN> - block device decrypt
-vcp <BN> - block device change password
+
+** Random
-rnd <type> <param>- select rnadom type (0 - none, 1 - file, 2- rdrand, 3 HMAC, 4 OPENSSL 5 TPM)
-rndgen <file> - generate random file
-rndload - load rnd generator state from file
-rndsave - save rnd generator state to file
- -ul - USB device list
- -tl - touch device
- -tt <TN> - Test touch device
- -gl - graphics device list
- -gd <GN> - graphics device select
- -gm <mode> - graphics mode select
- -bl - Beep device list
- -bt - Beep device test
- -setup - interactive setup
+
+** Disk entries table/partitions
-pl - GPT list
-pf <gpt_file_name> - file with GPT and params
-ps - save GPT to file
@@ -72,17 +64,33 @@ DcsCfg -ds <BN> -wipe <start> <end>
-prndsave - save random state to params
-prndload - load random state from params
-pwdcache - edit password cache in params
+
+** Security region data
-kp <key_file_name> - keys file of platform to save
-srm <SRT> - mark disk as security regions container(write CRC of platform to 61 sector); <SRT> - number of possible security regions
-srw <SRT> - wipe security regions data with random data (write random data [62, 62 + 256 * SRT]) it has to be free! check first partition start sector!
-sra <SRN> - add <gpt_file_name> to security region <SRN>
+ -srdump <SFX> - dump security regions from USB to files (list of files created - N<SFX>)
-wipe <SS SE> - write random data to sectors range [SS,SE]
+
+** Rescue
-osdecrypt - decrypt OS (rescue)
-osrestorekey - restore key (rescue)
+
+** TPM
-tpmpcrs <s> <e>- print PCRs
-tpmnvlist - List NV regions in TPM
-tpmcfg - Configure TPM
+** Table configuration
+ -tbf <tbl_file> - name of tables file
+ -tbz - zero tables
+ -tbl - list tables
+ -tbn <name> - name of table to delete or appened (DCSPROP_, PICTPWD_)
+ -tbd - delete table (<name>)
+ -tba <tbl_data_file> - append table (dcsprop or picture)
+ -tbdump - save tables
+
.SH DESCRIPTION
NOTES:
diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c
index ef6236e..08c2ee6 100644
--- a/DcsCfg/DcsCfgCrypt.c
+++ b/DcsCfg/DcsCfgCrypt.c
@@ -42,6 +42,7 @@ https://opensource.org/licenses/LGPL-3.0
PCRYPTO_INFO gAuthCryptInfo = NULL;
PCRYPTO_INFO gHeaderCryptInfo = NULL;
CHAR8 Header[512];
+CHAR8 BackupHeader[512];
EFI_HANDLE SecRegionHandle = NULL;
UINT64 SecRegionSector = 0;
@@ -283,6 +284,29 @@ CreateVolumeHeader(
ERR_PRINT(L"Header error %d\n", vcres);
return EFI_CRC_ERROR;
}
+ crypto_close(*rci);
+ vcres = CreateVolumeHeaderInMemory(
+ gAuthBoot, BackupHeader,
+ ea,
+ mode,
+ &gAuthPassword,
+ pkcs5,
+ gAuthPim,
+ master_keydata,
+ rci,
+ VolumeSize << 9,
+ hiddenVolumeSize << 9,
+ encSectorStart << 9,
+ (encSectorEnd - encSectorStart + 1) << 9,
+ VERSION_NUM,
+ HeaderFlags,
+ 512,
+ FALSE);
+
+ if (vcres != 0) {
+ ERR_PRINT(L"Header error %d\n", vcres);
+ return EFI_CRC_ERROR;
+ }
return EFI_SUCCESS;
}
@@ -1138,6 +1162,7 @@ CreateVolumeHeaderOnDisk(
UINT64 VolumeSize = 0;
PCRYPTO_INFO ci = 0;
EFI_LBA vhsector;
+ EFI_LBA vhsector2;
EFI_HANDLE hDisk = NULL;
HARDDRIVE_DEVICE_PATH hdp;
BOOLEAN isPart;
@@ -1181,10 +1206,18 @@ CreateVolumeHeaderOnDisk(
return EFI_NOT_FOUND;
}
- vhsector = AskUINT64("save to sector:", gAuthBoot ? 62 : 0);
+ vhsector = AskUINT64("primary sector to save:", gAuthBoot ? 62 : 0);
+ vhsector2 = vhsector;
+ if (!gAuthBoot) {
+ vhsector2 = AskUINT64("backup sector to save:", vhsector);
+ }
if (AskConfirm("Save [N]?", 1)) {
res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
- ERR_PRINT(L"Write: %r\n", res);
+ ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+ if (vhsector != vhsector2) {
+ res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector2, 512, BackupHeader);
+ ERR_PRINT(L"Write %lld: %r\n", vhsector2, res);
+ }
}
if (phDisk != NULL) *phDisk = hDisk;
@@ -1197,6 +1230,295 @@ CreateVolumeHeaderOnDisk(
return res;
}
+EFI_STATUS
+CreateVolumeHeadersInMemory(
+ int ea,
+ int mode,
+ int pkcs5,
+ UINT64 encSectorStart,
+ UINT64 encSectorEnd,
+ UINT64 VolumeSize,
+ UINT64 hiddenVolumeSize,
+ UINT32 HeaderFlags
+) {
+ int8 master_keydata[MASTER_KEYDATA_SIZE];
+ INT32 vcres;
+ PCRYPTO_INFO rci = 0;
+ if (!RandgetBytes(master_keydata, MASTER_KEYDATA_SIZE, FALSE)) {
+ ERR_PRINT(L"No randoms\n");
+ return EFI_CRC_ERROR;
+ }
+
+ vcres = CreateVolumeHeaderInMemory(
+ FALSE, Header,
+ ea,
+ mode,
+ &gAuthPassword,
+ pkcs5,
+ gAuthPim,
+ master_keydata,
+ &rci,
+ VolumeSize << 9,
+ hiddenVolumeSize << 9,
+ encSectorStart << 9,
+ (encSectorEnd - encSectorStart + 1) << 9,
+ VERSION_NUM,
+ HeaderFlags,
+ 512,
+ FALSE);
+
+ if (vcres != 0) {
+ ERR_PRINT(L"Header error %d\n", vcres);
+ return EFI_CRC_ERROR;
+ }
+ crypto_close(rci);
+
+ vcres = CreateVolumeHeaderInMemory(
+ FALSE, BackupHeader,
+ ea,
+ mode,
+ &gAuthPassword,
+ pkcs5,
+ gAuthPim,
+ master_keydata,
+ &rci,
+ VolumeSize << 9,
+ hiddenVolumeSize << 9,
+ encSectorStart << 9,
+ (encSectorEnd - encSectorStart + 1) << 9,
+ VERSION_NUM,
+ HeaderFlags,
+ 512,
+ FALSE);
+
+ if (vcres != 0) {
+ ERR_PRINT(L"Header error %d\n", vcres);
+ return EFI_CRC_ERROR;
+ }
+ crypto_close(rci);
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
+PartitionOuterInit(
+ UINTN diskIndex,
+ UINTN outerIndex,
+ UINTN endIndex)
+{
+ INT32 vcres;
+ int mode = 0;
+ int ea = 0;
+ int pkcs5 = 0;
+ UINT64 encSectorStart;
+ UINT64 encSectorEnd;
+ UINT64 hiddenVolumeSize;
+ UINT64 VolumeSize;
+ int8 master_keydata[MASTER_KEYDATA_SIZE];
+ EFI_BLOCK_IO_PROTOCOL* bio;
+ EFI_STATUS res;
+ EFI_LBA vhsector;
+ EFI_LBA vhsector2;
+
+ if (!RandgetBytes(master_keydata, MASTER_KEYDATA_SIZE, FALSE)) {
+ ERR_PRINT(L"No randoms\n");
+ return EFI_CRC_ERROR;
+ }
+
+ if (CompareGuid(&GptMainEntrys[outerIndex].PartitionTypeGUID, &gEfiPartTypeUnusedGuid) ||
+ CompareGuid(&GptMainEntrys[endIndex].PartitionTypeGUID, &gEfiPartTypeUnusedGuid)
+ ) {
+ ERR_PRINT(L"Bad partition indexes %d %d\n", outerIndex, endIndex);
+ return EFI_INVALID_PARAMETER;
+ }
+ if (EfiIsPartition(gBIOHandles[diskIndex])) {
+ ERR_PRINT(L"Select disk (not partition)\n");
+ return EFI_INVALID_PARAMETER;
+ }
+
+ bio = EfiGetBlockIO(gBIOHandles[diskIndex]);
+ if (bio == NULL) {
+ ERR_PRINT(L"No BIO protocol\n");
+ return EFI_NOT_FOUND;
+ }
+
+ // Wipe Outer start, Outer end
+ DeListPrint();
+ BlockRangeWipe(gBIOHandles[diskIndex], GptMainEntrys[outerIndex].StartingLBA, GptMainEntrys[outerIndex].EndingLBA);
+ BlockRangeWipe(gBIOHandles[diskIndex], GptMainEntrys[endIndex].StartingLBA, GptMainEntrys[endIndex].EndingLBA);
+
+ if (AskConfirm("Init outer headers?", 1)) {
+ // init header outer start
+ if (gAuthPasswordMsg == NULL) {
+ VCAuthAsk();
+ }
+
+ ea = AskEA();
+ mode = AskMode(ea);
+ pkcs5 = AskPkcs5();
+
+ encSectorStart = 256;
+ encSectorEnd = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[outerIndex].StartingLBA - 256;
+ VolumeSize = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[outerIndex].StartingLBA - 512 + 1;
+ hiddenVolumeSize = 0;
+ res = CreateVolumeHeadersInMemory(
+ ea, mode, pkcs5,
+ encSectorStart, encSectorEnd, VolumeSize, hiddenVolumeSize, 0);
+ vhsector = GptMainEntrys[outerIndex].StartingLBA;
+ vhsector2 = GptMainEntrys[endIndex].EndingLBA - 255;
+ if (EFI_ERROR(res)) {
+ ERR_PRINT(L"Create header: %r\n", res);
+ }
+ EfiPrintDevicePath(gBIOHandles[diskIndex]);
+ OUT_PRINT(L"[%lld, %lld] size %lld to %lld,%lld\n", encSectorStart, encSectorEnd, VolumeSize, vhsector, vhsector2);
+ if (!AskConfirm("Save outer[N]?", 1)) {
+ return EFI_NOT_READY;
+ }
+ res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
+ ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+ if (vhsector != vhsector2) {
+ res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector2, 512, BackupHeader);
+ ERR_PRINT(L"Write %lld: %r\n", vhsector2, res);
+ }
+
+ // init header outer end
+ VCAuthAsk();
+ encSectorStart = GptMainEntrys[endIndex].StartingLBA - GptMainEntrys[outerIndex].StartingLBA;
+ encSectorEnd = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[outerIndex].StartingLBA - 256;
+ VolumeSize = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[endIndex].StartingLBA - 256 + 1;
+ hiddenVolumeSize = VolumeSize;
+ res = CreateVolumeHeadersInMemory(
+ ea, mode, pkcs5,
+ encSectorStart, encSectorEnd, VolumeSize, hiddenVolumeSize, 0);
+ if (EFI_ERROR(res)) {
+ ERR_PRINT(L"Create header: %r\n", res);
+ }
+ vhsector = GptMainEntrys[outerIndex].StartingLBA + 128;
+ vhsector2 = GptMainEntrys[endIndex].EndingLBA - 127;
+
+ EfiPrintDevicePath(gBIOHandles[diskIndex]);
+ OUT_PRINT(L"[%lld, %lld] size %lld to %lld,%lld\n", encSectorStart, encSectorEnd, VolumeSize, vhsector, vhsector2);
+ if (!AskConfirm("Save outer[N]?", 1)) {
+ return EFI_NOT_READY;
+ }
+ res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
+ ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+ if (vhsector != vhsector2) {
+ res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector2, 512, BackupHeader);
+ ERR_PRINT(L"Write %lld: %r\n", vhsector2, res);
+ }
+ }
+
+ if (AskConfirm("Update main encryption header?", 1)) {
+ PCRYPTO_INFO cryptoInfo;
+ PCRYPTO_INFO ci;
+ CHAR8 fname8[256];
+ CHAR16 fname16[256];
+
+ VCAuthAsk();
+ res = TryHeaderDecrypt(DeCryptoHeader, &cryptoInfo, NULL);
+ if (EFI_ERROR(res)) {
+ ERR_PRINT(L"Decrypt: %r\n", res);
+ return res;
+ }
+
+ if (cryptoInfo->EncryptedAreaLength.Value != 0) {
+ ERR_PRINT(L"Encrypted already\n");
+ return EFI_INVALID_PARAMETER;
+ }
+
+ encSectorStart = GptMainEntrys[outerIndex].EndingLBA + 1;
+ encSectorEnd = GptMainEntrys[endIndex].StartingLBA - 1;
+ VolumeSize = encSectorEnd - encSectorStart + 1;
+
+ vcres = CreateVolumeHeaderInMemory(
+ TRUE, Header,
+ cryptoInfo->ea,
+ cryptoInfo->mode,
+ &gAuthPassword,
+ cryptoInfo->pkcs5,
+ gAuthPim,
+ cryptoInfo->master_keydata,
+ &ci,
+ VolumeSize << 9,
+ 0,
+ encSectorStart << 9,
+ 0,
+ cryptoInfo->RequiredProgramVersion,
+ cryptoInfo->HeaderFlags,
+ cryptoInfo->SectorSize,
+ FALSE);
+
+ if (vcres != 0) {
+ ERR_PRINT(L"header create error(%x)\n", vcres);
+ return EFI_INVALID_PARAMETER;
+ }
+ crypto_close(ci);
+ vhsector = 62;
+ res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
+ ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+
+ vcres = CreateVolumeHeaderInMemory(
+ TRUE, Header,
+ cryptoInfo->ea,
+ cryptoInfo->mode,
+ &gAuthPassword,
+ cryptoInfo->pkcs5,
+ gAuthPim,
+ cryptoInfo->master_keydata,
+ &ci,
+ VolumeSize << 9,
+ 0,
+ encSectorStart << 9,
+ VolumeSize << 9,
+ cryptoInfo->RequiredProgramVersion,
+ cryptoInfo->HeaderFlags,
+ cryptoInfo->SectorSize,
+ FALSE);
+
+ if (vcres != 0) {
+ ERR_PRINT(L"header create error(%x)\n", vcres);
+ return EFI_INVALID_PARAMETER;
+ }
+ crypto_close(ci);
+ MEM_FREE(DeCryptoHeader);
+ DeCryptoHeader = Header;
+ AskAsciiString("Encrypted GPT file name:", fname8, sizeof(fname8), 1, "gpt_enc");
+ AsciiStrToUnicodeStr(fname8, fname16);
+ DcsDiskEntrysFileName = fname16;
+ DeListSaveToFile();
+ }
+
+ if (AskConfirm("Create GPT with one hidden volume?", 1)) {
+ CHAR8 fname8[256];
+ CHAR16 fname16[256];
+ // Save hiding GPT
+ CopyMem(&DcsHidePart, &GptMainEntrys[outerIndex], sizeof(DcsHidePart));
+ DcsHidePart.EndingLBA = GptMainEntrys[endIndex].EndingLBA;
+ GptHideParts();
+ AskAsciiString("Hidden GPT file name:", fname8, sizeof(fname8), 1, "gpt_hidden");
+ AsciiStrToUnicodeStr(fname8, fname16);
+ DcsDiskEntrysFileName = fname16;
+ DeListSaveToFile();
+ }
+
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
+OuterInit()
+{
+ UINTN disk;
+ UINTN startOuter;
+ UINTN endOuter;
+ BioSkipPartitions = TRUE;
+ PrintBioList();
+ disk = AskUINTN("Disk:", 0);
+ GptLoadFromDisk(disk);
+ DeListPrint();
+ startOuter = AskUINTN("Start outer:", 0);
+ endOuter = AskUINTN("End outer:", startOuter + 3);
+ return PartitionOuterInit(disk, startOuter, endOuter);
+}
//////////////////////////////////////////////////////////////////////////
// USB
diff --git a/DcsCfg/DcsCfgMain.c b/DcsCfg/DcsCfgMain.c
index daf0fb0..c289bf8 100644
--- a/DcsCfg/DcsCfgMain.c
+++ b/DcsCfg/DcsCfgMain.c
@@ -39,15 +39,6 @@ https://opensource.org/licenses/LGPL-3.0
#define OPT_DISK_START L"-ds"
#define OPT_DISK_END L"-de"
#define OPT_DISK_BOOT L"-db"
-#define OPT_AUTH_ASK L"-aa"
-#define OPT_AUTH_CREATE_HEADER L"-ach"
-#define OPT_RND L"-rnd"
-#define OPT_RND_GEN L"-rndgen"
-#define OPT_RND_LOAD L"-rndload"
-#define OPT_RND_SAVE L"-rndsave"
-#define OPT_VOLUME_ENCRYPT L"-vec"
-#define OPT_VOLUME_DECRYPT L"-vdc"
-#define OPT_VOLUME_CHANGEPWD L"-vcp"
#define OPT_USB_LIST L"-ul"
#define OPT_TOUCH_LIST L"-tl"
#define OPT_TOUCH_TEST L"-tt"
@@ -57,6 +48,18 @@ https://opensource.org/licenses/LGPL-3.0
#define OPT_BEEP_LIST L"-bl"
#define OPT_BEEP_TEST L"-bt"
#define OPT_SETUP L"-setup"
+
+#define OPT_AUTH_ASK L"-aa"
+#define OPT_AUTH_CREATE_HEADER L"-ach"
+#define OPT_VOLUME_ENCRYPT L"-vec"
+#define OPT_VOLUME_DECRYPT L"-vdc"
+#define OPT_VOLUME_CHANGEPWD L"-vcp"
+
+#define OPT_RND L"-rnd"
+#define OPT_RND_GEN L"-rndgen"
+#define OPT_RND_LOAD L"-rndload"
+#define OPT_RND_SAVE L"-rndsave"
+
#define OPT_PARTITION_LIST L"-pl"
#define OPT_PARTITION_FILE L"-pf"
#define OPT_PARTITION_SAVE L"-ps"
@@ -72,13 +75,16 @@ https://opensource.org/licenses/LGPL-3.0
#define OPT_PARTITION_RND_SAVE L"-prndsave"
#define OPT_PARTITION_EDIT_PWD_CACHE L"-pwdcache"
#define OPT_KEYFILE_PLATFORM L"-kp"
+
#define OPT_SECREGION_MARK L"-srm"
#define OPT_SECREGION_WIPE L"-srw"
#define OPT_SECREGION_ADD L"-sra"
#define OPT_SECREGION_DUMP L"-srdump"
#define OPT_WIPE L"-wipe"
+
#define OPT_OS_DECRYPT L"-osdecrypt"
#define OPT_OS_RESTORE_KEY L"-osrestorekey"
+
#define OPT_TPM_PCRS L"-tpmpcrs"
#define OPT_TPM_NVLIST L"-tpmnvlist"
#define OPT_TPM_CFG L"-tpmcfg"
@@ -91,6 +97,9 @@ https://opensource.org/licenses/LGPL-3.0
#define OPT_TBL_APPEND L"-tba"
#define OPT_TBL_DUMP L"-tbdump"
+#define OPT_OS_HIDE_PREP L"-oshideprep"
+
+
STATIC CONST SHELL_PARAM_ITEM ParamList[] = {
{ OPT_TBL_DUMP, TypeValue },
{ OPT_TBL_FILE, TypeValue },
@@ -144,6 +153,7 @@ STATIC CONST SHELL_PARAM_ITEM ParamList[] = {
{ OPT_WIPE, TypeDoubleValue },
{ OPT_OS_DECRYPT, TypeFlag },
{ OPT_OS_RESTORE_KEY, TypeFlag },
+ { OPT_OS_HIDE_PREP, TypeFlag },
{ OPT_TPM_PCRS, TypeDoubleValue },
{ OPT_TPM_NVLIST, TypeFlag },
{ OPT_TPM_CFG, TypeFlag },
@@ -229,6 +239,41 @@ DcsCfgMain(
ParamCount = ShellCommandLineGetCount(Package);
+ // Create random
+ if (ShellCommandLineGetFlag(Package, OPT_RND)) {
+ CONST CHAR16* opt = NULL;
+ CHAR16* context = NULL;
+ UINTN rndType;
+ UINTN contextSize = 0;
+ opt = ShellCommandLineGetValue(Package, OPT_RND);
+ rndType = StrDecimalToUintn(opt);
+ context = (CHAR16*)StrStr(opt, L" ");
+ if (context != NULL) {
+ context++;
+ contextSize = StrLen(context) * 2;
+ if (!EFI_ERROR(FileExist(NULL, context))) {
+ FileLoad(NULL, context, &context, &contextSize);
+ }
+ }
+ res = RndInit(rndType, context, contextSize, &gRnd);
+ if (EFI_ERROR(res)) {
+ ERR_PRINT(L"Random: %r\n", res);
+ }
+ }
+
+ // Rescue
+ if (ShellCommandLineGetFlag(Package, OPT_OS_DECRYPT)) {
+ return OSDecrypt();
+ }
+
+ if (ShellCommandLineGetFlag(Package, OPT_OS_RESTORE_KEY)) {
+ return OSRestoreKey();
+ }
+
+ if (ShellCommandLineGetFlag(Package, OPT_OS_HIDE_PREP)) {
+ return OuterInit();
+ }
+
// Common parameters
if (ShellCommandLineGetFlag(Package, OPT_DISK_START)) {
CONST CHAR16* opt = NULL;
@@ -285,15 +330,6 @@ DcsCfgMain(
TestAuthAsk();
}
- // Rescue
- if (ShellCommandLineGetFlag(Package, OPT_OS_DECRYPT)) {
- return OSDecrypt();
- }
-
- if (ShellCommandLineGetFlag(Package, OPT_OS_RESTORE_KEY)) {
- return OSRestoreKey();
- }
-
// Beep
if (ShellCommandLineGetFlag(Package, OPT_BEEP_LIST)) {
PrintSpeakerList();
@@ -373,28 +409,7 @@ DcsCfgMain(
PrintUsbList();
}
- // Create random
- if (ShellCommandLineGetFlag(Package, OPT_RND)) {
- CONST CHAR16* opt = NULL;
- CHAR16* context = NULL;
- UINTN rndType;
- UINTN contextSize = 0;
- opt = ShellCommandLineGetValue(Package, OPT_RND);
- rndType = StrDecimalToUintn(opt);
- context = (CHAR16*)StrStr(opt, L" ");
- if (context != NULL) {
- context++;
- contextSize = StrLen(context) * 2;
- if (!EFI_ERROR(FileExist(NULL, context))) {
- FileLoad(NULL, context, &context, &contextSize);
- }
- }
- res = RndInit(rndType, context, contextSize, &gRnd);
- if (EFI_ERROR(res)) {
- ERR_PRINT(L"Random: %r\n", res);
- }
- }
-
+ // Randoms
if (ShellCommandLineGetFlag(Package, OPT_RND_LOAD)) {
CONST CHAR16* opt = NULL;
UINT8 temp[4];
diff --git a/DcsCfg/DcsCfgSetup.c b/DcsCfg/DcsCfgSetup.c
index d773fb7..54d2956 100644
--- a/DcsCfg/DcsCfgSetup.c
+++ b/DcsCfg/DcsCfgSetup.c
@@ -34,6 +34,6 @@ DcsInteractiveSetup() {
InitGraph();
gST->ConOut->EnableCursor(gST->ConOut, TRUE);
ERR_PRINT(L"\n\rInteractive setup is not implemented! Press enter to continue\n\r");
- AskAsciiString("\rDCS>", cmd, sizeof(cmd), 1);
+ AskAsciiString("\rDCS>", cmd, sizeof(cmd), 1, NULL);
return res;
}
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h
index efc7738..7966eee 100644
--- a/Include/Library/CommonLib.h
+++ b/Include/Library/CommonLib.h
@@ -336,7 +336,8 @@ AskAsciiString(
CHAR8* prompt,
CHAR8* str,
UINTN max_len,
- UINT8 visible);
+ UINT8 visible,
+ CHAR8* defStr);
int
AskInt(
diff --git a/Include/Library/DcsCfgLib.h b/Include/Library/DcsCfgLib.h
index ccbaa32..875e2e2 100644
--- a/Include/Library/DcsCfgLib.h
+++ b/Include/Library/DcsCfgLib.h
@@ -45,6 +45,7 @@ extern UINT64 gDcsDiskEntryListHeaderID;
extern DCS_DISK_ENTRY_LIST *DeList;
extern DCS_DEP_EXEC *DeExecParams;
+extern UINT8 *DeCryptoHeader;
// DcsCfg data
extern CONST CHAR16* DcsDiskEntrysFileName;
diff --git a/Library/CommonLib/EfiConsole.c b/Library/CommonLib/EfiConsole.c
index 63b32ae..3ab1515 100644
--- a/Library/CommonLib/EfiConsole.c
+++ b/Library/CommonLib/EfiConsole.c
@@ -204,11 +204,20 @@ AskAsciiString(
CHAR8* prompt,
CHAR8* str,
UINTN max_len,
- UINT8 visible)
+ UINT8 visible,
+ CHAR8* defStr)
{
UINTN len = 0;
- OUT_PRINT(L"%a", prompt);
- GetLine(&len, NULL, str, max_len, visible);
+ if (defStr == NULL) {
+ OUT_PRINT(L"%a", prompt);
+ } else {
+ OUT_PRINT(L"[%a] %a", defStr, prompt);
+ }
+ GetLine(&len, NULL, str, max_len, visible);
+ if (defStr != NULL && len == 0) {
+ AsciiStrCpyS(str, max_len, defStr);
+ len = AsciiStrLen(str);
+ }
return (UINT32)len;
}
diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c
index 28d2160..bae8f1e 100644
--- a/Library/DcsCfgLib/GptEdit.c
+++ b/Library/DcsCfgLib/GptEdit.c
@@ -33,7 +33,7 @@ UINT64 gDcsDiskEntryPwdCacheID = DCS_DEP_PWD_CACHE_SIGN;
DCS_DISK_ENTRY_LIST *DeList = NULL;
-UINT8 *CryptoHeader = NULL;
+UINT8 *DeCryptoHeader = NULL;
EFI_PARTITION_TABLE_HEADER *GptMainHdr = NULL;
EFI_PARTITION_ENTRY *GptMainEntrys = NULL;
@@ -131,15 +131,15 @@ GptLoadFromDisk(
goto error;
}
- CryptoHeader = MEM_ALLOC(512);
- if (CryptoHeader == NULL) {
+ DeCryptoHeader = MEM_ALLOC(512);
+ if (DeCryptoHeader == NULL) {
ERR_PRINT(L"Can't alloc CryptoHeader\n");
res = EFI_BUFFER_TOO_SMALL;
goto error;
}
// Load disk IDs
- res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 0, 512, CryptoHeader);
+ res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 0, 512, DeCryptoHeader);
if (EFI_ERROR(res)) {
ERR_PRINT(L"Can't MBR \n");
goto error;
@@ -147,11 +147,11 @@ GptLoadFromDisk(
SetMem(&DeDiskId, sizeof(DeDiskId), 0);
DeDiskId.Type = DE_DISKID;
- CopyMem(&DeDiskId.MbrID, &CryptoHeader[0x1b8], sizeof(DiskIdMbr));
+ CopyMem(&DeDiskId.MbrID, &DeCryptoHeader[0x1b8], sizeof(DiskIdMbr));
CopyMem(&DeDiskId.GptID, &GptMainHdr->DiskGUID, sizeof(DiskIdGpt));
// Load crypto header
- res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 62, 512, CryptoHeader);
+ res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 62, 512, DeCryptoHeader);
if (EFI_ERROR(res)) {
ERR_PRINT(L"Can't read CryptoHeader\n");
goto error;
@@ -176,7 +176,7 @@ error:
MEM_FREE(GptMainEntrys);
MEM_FREE(GptAltHdr);
MEM_FREE(GptAltEntrys);
- MEM_FREE(CryptoHeader);
+ MEM_FREE(DeCryptoHeader);
return res;
}
@@ -233,7 +233,7 @@ DeListSaveToFile() {
DeList->Count = DE_IDX_TOTAL;
Offset = 0;
- DeList_UPDATE_BEGIN(CryptoHeader, DE_Sectors, DE_IDX_CRYPTOHEADER, 512)
+ DeList_UPDATE_BEGIN(DeCryptoHeader, DE_Sectors, DE_IDX_CRYPTOHEADER, 512)
DeList->DE[DE_IDX_CRYPTOHEADER].Sectors.Start = 62 * 512;
DeList_UPDATE_END
@@ -339,7 +339,7 @@ DeListParseSaved(
)
{
EFI_STATUS res = EFI_SUCCESS;
- CryptoHeader = DeBuffer;
+ DeCryptoHeader = DeBuffer;
DeList = (DCS_DISK_ENTRY_LIST*)(DeBuffer + 512);
CopyMem(&DeDiskId, &DeList->DE[DE_IDX_DISKID], sizeof(DeDiskId));
@@ -483,7 +483,7 @@ DeListApplySectorsToDisk(
res = BlockIo->WriteBlocks(BlockIo, BlockIo->Media->MediaId,
DeList->DE[i].Sectors.Start >> 9,
(UINTN)DeList->DE[i].Sectors.Length,
- CryptoHeader + DeList->DE[i].Sectors.Offset);
+ DeCryptoHeader + DeList->DE[i].Sectors.Offset);
}
if (EFI_ERROR(res)) {
ERR_PRINT(L"Write: %r\n", res);
@@ -599,6 +599,9 @@ GptHideParts() {
GptSqueze();
GptSort();
GptSyncMainAlt();
+ if (DeCryptoHeader != NULL) {
+ SetMem(DeCryptoHeader, 512, 0);
+ }
}
BOOLEAN