diff options
27 files changed, 286 insertions, 126 deletions
diff --git a/DcsBoot/DcsBoot.c b/DcsBoot/DcsBoot.c index 18fb005..7029a10 100644 --- a/DcsBoot/DcsBoot.c +++ b/DcsBoot/DcsBoot.c @@ -29,6 +29,7 @@ CHAR16 *gEfiExecCmdDefault = L"\\EFI\\Microsoft\\Boot\\Bootmgfw_ms.vc CHAR16 *gEfiExecCmdMS = L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi";
CHAR16 *gEfiExecCmd = NULL;
CHAR8 gDoExecCmdMsg[256];
+CONST CHAR8* g_szMsBootString = "bootmgfw.pdb";
EFI_STATUS
DoExecCmd()
@@ -58,6 +59,39 @@ DoExecCmd() return res;
}
+EFI_STATUS
+ExecMSWindowsLoader() {
+
+ if (!EFI_ERROR(FileExist(NULL, gEfiExecCmdDefault)))
+ return EfiExec(NULL, gEfiExecCmdDefault);
+ else
+ {
+ if (!EFI_ERROR(FileExist(NULL, gEfiExecCmdMS)))
+ {
+ /* check if it is Microsoft one */
+ UINT8* fileData = NULL;
+ UINTN fileSize = 0;
+ BOOLEAN bFound = FALSE;
+ if (!EFI_ERROR(FileLoad(NULL, gEfiExecCmdMS, &fileData, &fileSize)))
+ {
+ if ((fileSize > 32768) && !EFI_ERROR(MemoryHasPattern(fileData, fileSize, g_szMsBootString, AsciiStrLen(g_szMsBootString))))
+ {
+ bFound = TRUE;
+ }
+ }
+
+ MEM_FREE(fileData);
+
+ if (bFound)
+ return EfiExec(NULL, gEfiExecCmdMS);
+ }
+
+ ERR_PRINT(L"Could not find the original Windows loader\r\n");
+
+ return EFI_NOT_READY;
+ }
+}
+
//////////////////////////////////////////////////////////////////////////
// BML
//////////////////////////////////////////////////////////////////////////
@@ -167,7 +201,11 @@ DcsBootMain( // Authorize
gBS->SetWatchdogTimer(0, 0, 0, NULL);
res = EfiExec(NULL, L"\\EFI\\VeraCrypt\\DcsInt.dcs");
- if (EFI_ERROR(res)) {
+ if (EFI_ERROR(res) && (res != EFI_DCS_POSTEXEC_REQUESTED)) {
+
+ // Clear DcsExecPartGuid before execute OS to avoid problem in VirtualBox with reboot.
+ EfiSetVar(L"DcsExecPartGuid", NULL, NULL, 0, EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ EfiSetVar(L"DcsExecCmd", NULL, NULL, 0, EFI_VARIABLE_BOOTSERVICE_ACCESS);
// ERR_PRINT(L"\nDcsInt.efi %r\n",res);
if (res == EFI_DCS_SHUTDOWN_REQUESTED)
{
@@ -186,7 +224,7 @@ DcsBootMain( else if (res == EFI_DCS_USER_CANCELED)
{
/* If user cancels password prompt, call original Windows loader */
- res = EfiExec(NULL, gEfiExecCmdDefault);
+ res = ExecMSWindowsLoader ();
}
return res;
}
diff --git a/DcsCfg/DcsCfg.h b/DcsCfg/DcsCfg.h index 4152fe9..379a8c0 100644 --- a/DcsCfg/DcsCfg.h +++ b/DcsCfg/DcsCfg.h @@ -89,18 +89,18 @@ OuterInit(); extern UINTN gSecRigonCount;
EFI_STATUS
-SecRigionMark();
+SecRegionMark();
EFI_STATUS
-SecRigionWipe();
+SecRegionWipe();
EFI_STATUS
-SecRigionAdd(
+SecRegionAdd(
IN UINTN regIdx
);
EFI_STATUS
-SecRigionDump(
+SecRegionDump(
IN EFI_HANDLE hBio,
IN CHAR16 *prefix
);
diff --git a/DcsCfg/DcsCfg.inf b/DcsCfg/DcsCfg.inf index c057b96..2557418 100644 --- a/DcsCfg/DcsCfg.inf +++ b/DcsCfg/DcsCfg.inf @@ -83,6 +83,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
DEBUG_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
RELEASE_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
@@ -91,6 +95,10 @@ DEBUG_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF RELEASE_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+DEBUG_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+RELEASE_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
+NOOPT_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+
[FeaturePcd]
[Pcd]
diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c index 53e03a1..986824d 100644 --- a/DcsCfg/DcsCfgCrypt.c +++ b/DcsCfg/DcsCfgCrypt.c @@ -60,7 +60,7 @@ AskEA() { CHAR16 name[128];
for (ea = EAGetFirst(); ea != 0; ea = EAGetNext(ea))
{
- EAGetName(name, ea, 1);
+ EAGetName(name, 128, ea, 1);
OUT_PRINT(L"(%d) %s\n", ea, name);
}
ea = (int)AskUINTN(":", EAGetFirst());
@@ -1664,7 +1664,7 @@ UpdateDcsBoot() { UINTN gSecRigonCount = 0;
EFI_STATUS
-SecRigionMark()
+SecRegionMark()
{
UINT32 crc;
EFI_STATUS res;
@@ -1707,7 +1707,7 @@ SecRigionMark() }
EFI_STATUS
-SecRigionWipe()
+SecRegionWipe()
{
EFI_STATUS res;
CHAR8* buf;
@@ -1761,7 +1761,7 @@ error: }
EFI_STATUS
-SecRigionDump(
+SecRegionDump(
IN EFI_HANDLE hBio,
IN CHAR16 *prefix
)
@@ -1770,9 +1770,9 @@ SecRigionDump( EFI_BLOCK_IO_PROTOCOL* bio;
DCS_AUTH_DATA_MARK* adm = NULL;
UINT32 crc;
- UINT8* SecRegionData = NULL;
- UINTN SecRegionSize = 0;
- UINTN SecRegionOffset = 0;
+ UINT8* SecRegionDumpData = NULL;
+ UINTN SecRegionDumpSize = 0;
+ UINTN SecRegionDumpOffset = 0;
UINTN saveSize = 0;
UINTN idx = 0;
CHAR16 name[128];
@@ -1797,42 +1797,42 @@ SecRigionDump( res = EFI_INVALID_PARAMETER;
}
- SecRegionSize = adm->AuthDataSize * 128 * 1024;
- SecRegionData = MEM_ALLOC(SecRegionSize);
- if (SecRegionData == NULL) {
+ SecRegionDumpSize = adm->AuthDataSize * 128 * 1024;
+ SecRegionDumpData = MEM_ALLOC(SecRegionDumpSize);
+ if (SecRegionDumpData == NULL) {
res = EFI_BUFFER_TOO_SMALL;
goto err;
}
- CE(bio->ReadBlocks(bio, bio->Media->MediaId, 62, SecRegionSize, SecRegionData));
+ CE(bio->ReadBlocks(bio, bio->Media->MediaId, 62, SecRegionDumpSize, SecRegionDumpData));
do {
// EFI tables?
- if (TablesVerify(SecRegionSize - SecRegionOffset, SecRegionData + SecRegionOffset)) {
- EFI_TABLE_HEADER *mhdr = (EFI_TABLE_HEADER *)(SecRegionData + SecRegionOffset);
+ if (TablesVerify(SecRegionDumpSize - SecRegionDumpOffset, SecRegionDumpData + SecRegionDumpOffset)) {
+ EFI_TABLE_HEADER *mhdr = (EFI_TABLE_HEADER *)(SecRegionDumpData + SecRegionDumpOffset);
UINTN tblZones = (mhdr->HeaderSize + 1024 * 128 - 1) / (1024 * 128);
saveSize = tblZones * 1024 * 128;
} else {
saveSize = 1024 * 128;
}
UnicodeSPrint(name, sizeof(name), L"%s%d", prefix, idx);
- CE(FileSave(NULL, name, SecRegionData + SecRegionOffset, saveSize));
+ CE(FileSave(NULL, name, SecRegionDumpData + SecRegionDumpOffset, saveSize));
OUT_PRINT(L"%s saved\n", name);
idx += saveSize / (1024 * 128);
- SecRegionOffset += saveSize;
- } while (SecRegionOffset < SecRegionSize);
+ SecRegionDumpOffset += saveSize;
+ } while (SecRegionDumpOffset < SecRegionDumpSize);
err:
if (EFI_ERROR(res)) {
ERR_PRINT(L"%r\n", res);
}
MEM_FREE(adm);
- MEM_FREE(SecRegionData);
+ MEM_FREE(SecRegionDumpData);
return res;
}
EFI_STATUS
-SecRigionAdd(
+SecRegionAdd(
IN UINTN regIdx
)
{
diff --git a/DcsCfg/DcsCfgMain.c b/DcsCfg/DcsCfgMain.c index 5e5d819..8e3ad81 100644 --- a/DcsCfg/DcsCfgMain.c +++ b/DcsCfg/DcsCfgMain.c @@ -707,7 +707,7 @@ DcsCfgMain( CONST CHAR16* opt = NULL;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_MARK);
gSecRigonCount = StrDecimalToUintn(opt);
- SecRigionMark();
+ SecRegionMark();
} else {
ERR_PRINT(L"Select disk and security region count");
return EFI_INVALID_PARAMETER;
@@ -719,7 +719,7 @@ DcsCfgMain( CONST CHAR16* opt = NULL;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_WIPE);
gSecRigonCount = StrDecimalToUintn(opt);
- SecRigionWipe();
+ SecRegionWipe();
}
else {
ERR_PRINT(L"Select disk and security region count");
@@ -734,7 +734,7 @@ DcsCfgMain( UINTN secRegionIdx;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_ADD);
secRegionIdx = StrDecimalToUintn(opt);
- SecRigionAdd(secRegionIdx);
+ SecRegionAdd(secRegionIdx);
}
else {
ERR_PRINT(L"Select disk and GPT file");
@@ -746,7 +746,7 @@ DcsCfgMain( if (ShellCommandLineGetFlag(Package, OPT_DISK_START)) {
CONST CHAR16* opt = NULL;
opt = ShellCommandLineGetValue(Package, OPT_SECREGION_DUMP);
- SecRigionDump(gBIOHandles[BioIndexStart], (CHAR16*)opt);
+ SecRegionDump(gBIOHandles[BioIndexStart], (CHAR16*)opt);
} else {
ERR_PRINT(L"Select disk");
return EFI_INVALID_PARAMETER;
diff --git a/DcsInfo/DcsInfo.inf b/DcsInfo/DcsInfo.inf index 64eadee..1a7789a 100644 --- a/DcsInfo/DcsInfo.inf +++ b/DcsInfo/DcsInfo.inf @@ -71,6 +71,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
[FeaturePcd]
[Pcd]
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c index 8133726..a8fe493 100644 --- a/DcsInt/DcsInt.c +++ b/DcsInt/DcsInt.c @@ -84,7 +84,7 @@ UINTN SecRegionOffset = 0; PCRYPTO_INFO SecRegionCryptInfo = NULL;
VOID
-CleanSensitiveData()
+CleanSensitiveData(BOOLEAN bClearBootParams)
{
if (SecRegionCryptInfo != NULL) {
MEM_BURN(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
@@ -97,6 +97,10 @@ CleanSensitiveData() if (SecRegionData != NULL) {
MEM_BURN(SecRegionData, SecRegionSize);
}
+
+ if (bootParams != NULL && bClearBootParams) {
+ MEM_BURN(bootParams, sizeof(*bootParams));
+ }
if (gAutoPassword != NULL) {
MEM_BURN(gAutoPassword, MAX_PASSWORD);
@@ -105,7 +109,7 @@ CleanSensitiveData() void HaltPrint(const CHAR16* Msg)
{
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
Print(L"%s - system Halted\n", Msg);
EfiCpuHalt();
}
@@ -160,29 +164,33 @@ PrepareBootParams( IN PCRYPTO_INFO cryptoInfo)
{
BootArguments *bootArgs;
- if (bootParams == NULL) return EFI_UNSUPPORTED;
- bootArgs = &bootParams->BootArgs;
- TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
- bootArgs->BootLoaderVersion = VERSION_NUM;
- bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
- bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
- bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
- CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
- bootArgs->HiddenSystemPartitionStart = 0;
- bootArgs->DecoySystemPartitionStart = 0;
- bootArgs->BootDriveSignature = bootDriveSignature;
- bootArgs->Flags = (uint32)(gAuthPim << 16);
- bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
- bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
- bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
- bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
- SetSecRegionParamsMemory();
+ EFI_STATUS status;
+ if (bootParams == NULL) status = EFI_UNSUPPORTED;
+ else {
+ bootArgs = &bootParams->BootArgs;
+ TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
+ bootArgs->BootLoaderVersion = VERSION_NUM;
+ bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
+ bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
+ bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
+ CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
+ bootArgs->HiddenSystemPartitionStart = 0;
+ bootArgs->DecoySystemPartitionStart = 0;
+ bootArgs->BootDriveSignature = bootDriveSignature;
+ bootArgs->Flags = (uint32)(gAuthPim << 16);
+ bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
+ bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
+ bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
+ bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
+ SetSecRegionParamsMemory();
+ status = EFI_SUCCESS;
+ }
// Clean auth data
MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
MEM_BURN(&gAuthPim, sizeof(gAuthPim));
- return EFI_SUCCESS;
+ return status;
}
void GetIntersection(uint64 start1, uint32 length1, uint64 start2, uint64 end2, uint64 *intersectStart, uint32 *intersectLength)
@@ -634,7 +642,7 @@ SecRegionChangePwd() { if (key.UnicodeChar == 'r') {
MEM_BURN(&newPassword, sizeof(newPassword));
MEM_BURN(&confirmPassword, sizeof(confirmPassword));
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
gST->RuntimeServices->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
}
}
@@ -708,6 +716,10 @@ SecRegionTryDecrypt() break;
} else {
ERR_PRINT(L"%a", gAuthErrorMsg);
+ // clear previous failed authentication information
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ if (gAuthPimRqt)
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
}
retry--;
} while (vcres != 0 && retry > 0);
@@ -804,6 +816,7 @@ enum OnExitTypes{ OnExitAuthFaild = 1,
OnExitAuthNotFound,
OnExitAuthTimeout,
+ OnExitAuthCancelled,
OnExitSuccess
};
@@ -880,7 +893,7 @@ OnExit( if (EFI_ERROR(retValue))
{
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
}
if (action == NULL) return retValue;
@@ -941,7 +954,7 @@ OnExit( res = EfiFindPartByGUID(guid, &h);
if (EFI_ERROR(res)) {
ERR_PRINT(L"\nCan't find start partition\n");
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
retValue = EFI_DCS_HALT_REQUESTED;
goto exit;
}
@@ -950,14 +963,14 @@ OnExit( res = EfiExec(h, fileStr);
if (EFI_ERROR(res)) {
ERR_PRINT(L"\nStart %s - %r\n", fileStr, res);
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
retValue = EFI_DCS_HALT_REQUESTED;
goto exit;
}
}
else {
ERR_PRINT(L"\nNo EFI execution path specified. Halting!\n");
- CleanSensitiveData();
+ CleanSensitiveData(TRUE);
retValue = EFI_DCS_HALT_REQUESTED;
goto exit;
}
@@ -976,6 +989,8 @@ OnExit( if (fileStr != NULL) {
EfiSetVar(L"DcsExecCmd", NULL, fileStr, (StrLen(fileStr) + 1) * 2, EFI_VARIABLE_BOOTSERVICE_ACCESS);
}
+
+ retValue = EFI_DCS_POSTEXEC_REQUESTED;
goto exit;
}
@@ -1005,7 +1020,7 @@ VirtualNotifyEvent( )
{
// Clean all sensible info and keys before transfer to OS
- CleanSensitiveData();
+ CleanSensitiveData(FALSE);
}
//////////////////////////////////////////////////////////////////////////
@@ -1183,8 +1198,14 @@ UefiMain( gST->ConIn->Reset(gST->ConIn, FALSE);
if (EFI_ERROR(res)) {
+ // clear buffers with potential authentication data
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
+
if (res == EFI_TIMEOUT)
return OnExit(gOnExitTimeout, OnExitAuthTimeout, res);
+ else if (res == EFI_DCS_USER_CANCELED)
+ return OnExit(gOnExitCancelled, OnExitAuthCancelled, res);
else
return OnExit(gOnExitFailed, OnExitAuthFaild, res);
}
diff --git a/DcsInt/DcsInt.inf b/DcsInt/DcsInt.inf index e79dcc6..1fa0a4c 100644 --- a/DcsInt/DcsInt.inf +++ b/DcsInt/DcsInt.inf @@ -78,6 +78,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
DEBUG_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
RELEASE_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2010x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
@@ -86,6 +90,9 @@ DEBUG_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF RELEASE_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
NOOPT_VS2015x86_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+DEBUG_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
+RELEASE_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
+NOOPT_VS2017_X64_DLINK_FLAGS == /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:64 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
[FeaturePcd]
diff --git a/DcsRe/DcsRe.c b/DcsRe/DcsRe.c index d2b43dd..aa6f2ed 100644 --- a/DcsRe/DcsRe.c +++ b/DcsRe/DcsRe.c @@ -154,6 +154,15 @@ ActionWindowsBoot(IN VOID* ctx) { if (bFound)
return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw.efi");
}
+
+ /* copy our backup copy and then boot from it*/
+ if (!EFI_ERROR(FileExist(NULL, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup")))
+ {
+ if (!EFI_ERROR(FileCopy(NULL, L"\\EFI\\Boot\\original_boot" ARCHdot L"vc_backup", EfiBootVolume, L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", 1024 * 1024)))
+ {
+ return EfiExec(gFSHandles[EfiBootVolumeIndex], L"EFI\\Microsoft\\Boot\\bootmgfw_ms.vc");
+ }
+ }
ERR_PRINT(L"Could not find the original Windows loader\r\n");
@@ -349,56 +358,67 @@ DcsReMain( ERR_PRINT(L"InitFS %r\n", res);
return res;
}
+
+ if (!EFI_ERROR(DirectoryExists(NULL, L"EFI\\VeraCrypt")))
+ {
+ item = DcsMenuAppend(NULL, L"Decrypt OS", 'd', ActionDecryptOS, NULL);
+ gMenu = item;
+ item = DcsMenuAppend(item, L"Restore VeraCrypt loader to boot menu", 'm', ActionRestoreDcsBootMenu, NULL);
+ item = DcsMenuAppend(item, L"Remove VeraCrypt loader from boot menu", 'z' , ActionRemoveDcsBootMenu, NULL);
- item = DcsMenuAppend(NULL, L"Decrypt OS", 'd', ActionDecryptOS, NULL);
- gMenu = item;
- item = DcsMenuAppend(item, L"Restore VeraCrypt loader to boot menu", 'm', ActionRestoreDcsBootMenu, NULL);
- item = DcsMenuAppend(item, L"Remove VeraCrypt loader from boot menu", 'z' , ActionRemoveDcsBootMenu, NULL);
-
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsProp"))) {
- item = DcsMenuAppend(item, L"Restore VeraCrypt loader configuration to system disk", 'c', ActionRestoreDcsProp, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsProp"))) {
+ item = DcsMenuAppend(item, L"Restore VeraCrypt loader configuration to system disk", 'c', ActionRestoreDcsProp, NULL);
+ }
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\svh_bak"))) {
- item = DcsMenuAppend(item, L"Restore OS header keys", 'k', ActionRestoreHeader, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\svh_bak"))) {
+ item = DcsMenuAppend(item, L"Restore OS header keys", 'k', ActionRestoreHeader, NULL);
+ }
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi"))) {
- item = DcsMenuAppend(item, L"Restore VeraCrypt loader binaries to system disk", 'r', ActionRestoreDcsLoader, NULL);
- item = DcsMenuAppend(item, L"Boot VeraCrypt loader from rescue disk", 'v', ActionDcsBoot, NULL);
- }
-
- item = DcsMenuAppend(item, L"Boot Original Windows Loader", 'o', ActionWindowsBoot, NULL);
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\VeraCrypt\\DcsBoot.efi"))) {
+ item = DcsMenuAppend(item, L"Restore VeraCrypt loader binaries to system disk", 'r', ActionRestoreDcsLoader, NULL);
+ item = DcsMenuAppend(item, L"Boot VeraCrypt loader from rescue disk", 'v', ActionDcsBoot, NULL);
+ }
+
+ item = DcsMenuAppend(item, L"Boot Original Windows Loader", 'o', ActionWindowsBoot, NULL);
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\Boot\\WinPE_boot" ARCHdotEFI))) {
- item = DcsMenuAppend(item, L"Boot Windows PE from rescue disk", 'w', ActionBootWinPE, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\Boot\\WinPE_boot" ARCHdotEFI))) {
+ item = DcsMenuAppend(item, L"Boot Windows PE from rescue disk", 'w', ActionBootWinPE, NULL);
+ }
- if (!EFI_ERROR(FileExist(NULL, L"EFI\\Shell\\Shell.efi"))) {
- item = DcsMenuAppend(item, L"Boot Shell.efi from rescue disk", 's', ActionShell, NULL);
- }
+ if (!EFI_ERROR(FileExist(NULL, L"EFI\\Shell\\Shell.efi"))) {
+ item = DcsMenuAppend(item, L"Boot Shell.efi from rescue disk", 's', ActionShell, NULL);
+ }
- item = DcsMenuAppend(item, L"Help", 'h', ActionHelp, NULL);
- item = DcsMenuAppend(item, L"Exit", 'e', ActionExit, NULL);
- OUT_PRINT(L"%V%a rescue disk %a%N\n", TC_APP_NAME, VERSION_STRING);
- gBS->SetWatchdogTimer(0, 0, 0, NULL);
- do {
- DcsMenuPrint(gMenu);
- item = NULL;
- key.UnicodeChar = 0;
- while (item == NULL) {
- item = gMenu;
- key = GetKey();
- while (item != NULL) {
- if (item->Select == key.UnicodeChar) break;
- item = item->Next;
+ item = DcsMenuAppend(item, L"Help", 'h', ActionHelp, NULL);
+ item = DcsMenuAppend(item, L"Exit", 'e', ActionExit, NULL);
+ OUT_PRINT(L"%V%a rescue disk %a%N\n", TC_APP_NAME, VERSION_STRING);
+ gBS->SetWatchdogTimer(0, 0, 0, NULL);
+ do {
+ DcsMenuPrint(gMenu);
+ item = NULL;
+ key.UnicodeChar = 0;
+ while (item == NULL) {
+ item = gMenu;
+ key = GetKey();
+ while (item != NULL) {
+ if (item->Select == key.UnicodeChar) break;
+ item = item->Next;
+ }
}
- }
- OUT_PRINT(L"%c\n",key.UnicodeChar);
- res = item->Action(item->Context);
+ OUT_PRINT(L"%c\n",key.UnicodeChar);
+ res = item->Action(item->Context);
+ if (EFI_ERROR(res)) {
+ ERR_PRINT(L"%r\n", res);
+ }
+ } while (gContiniue);
+ }
+ else
+ {
+ /* No VeraCrypt folder. Boot directly from the hard drive */
+ res = ActionDcsBoot (NULL);
if (EFI_ERROR(res)) {
ERR_PRINT(L"%r\n", res);
}
- } while (gContiniue);
+ }
return EFI_INVALID_PARAMETER;
}
diff --git a/DcsRe/DcsRe.inf b/DcsRe/DcsRe.inf index e103865..5aa63f5 100644 --- a/DcsRe/DcsRe.inf +++ b/DcsRe/DcsRe.inf @@ -68,6 +68,10 @@ RELEASE_VS2015x86_X64_CC_FLAGS = /D_UEFI DEBUG_VS2015x86_X64_CC_FLAGS = /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS = /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS = /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS = /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS = /D_UEFI
+
[FeaturePcd]
[Pcd]
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h index 4d207ca..2cf10d3 100644 --- a/Include/Library/CommonLib.h +++ b/Include/Library/CommonLib.h @@ -32,6 +32,7 @@ https://opensource.org/licenses/LGPL-3.0 #define EFI_DCS_REBOOT_REQUESTED ENCODE_ERROR(0xDC50002)
#define EFI_DCS_HALT_REQUESTED ENCODE_ERROR(0xDC50003)
#define EFI_DCS_USER_CANCELED ENCODE_ERROR(0xDC50004)
+#define EFI_DCS_POSTEXEC_REQUESTED ENCODE_ERROR(0xDC50005)
//////////////////////////////////////////////////////////////////////////
// Check error
@@ -663,6 +664,12 @@ DirectoryCreate( IN EFI_FILE* root,
IN CHAR16* name
);
+
+EFI_STATUS
+DirectoryExists(
+ IN EFI_FILE* root,
+ IN CHAR16* name
+ );
EFI_STATUS
FileOpenRoot(
diff --git a/Include/Library/PasswordLib.h b/Include/Library/PasswordLib.h index cc77957..6289763 100644 --- a/Include/Library/PasswordLib.h +++ b/Include/Library/PasswordLib.h @@ -25,6 +25,7 @@ extern UINTN gPasswordPictureCharsLen; extern UINT8 gPasswordVisible;
extern UINT8 gPasswordProgress;
extern int gPasswordTimeout;
+extern UINTN gKeyboardInputDelay;
extern int gPasswordShowMark;
extern VOID* gPictPwdBmp;
diff --git a/Library/CommonLib/EfiFile.c b/Library/CommonLib/EfiFile.c index 8a9d6d7..4ea164e 100644 --- a/Library/CommonLib/EfiFile.c +++ b/Library/CommonLib/EfiFile.c @@ -58,6 +58,22 @@ DirectoryCreate( }
EFI_STATUS
+DirectoryExists(
+ IN EFI_FILE* root,
+ IN CHAR16* name
+ )
+{
+ EFI_FILE* file;
+ EFI_STATUS res;
+ if (!name) { return EFI_INVALID_PARAMETER; }
+
+ res = FileOpen(root, name, &file, EFI_FILE_MODE_READ, EFI_FILE_DIRECTORY);
+ if (EFI_ERROR(res)) return res;
+ FileClose(file);
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
FileOpenRoot(
IN EFI_HANDLE rootHandle,
OUT EFI_FILE** rootFile)
diff --git a/Library/DcsCfgLib/DcsCfgLib.inf b/Library/DcsCfgLib/DcsCfgLib.inf index d199bb1..2dd0aab 100644 --- a/Library/DcsCfgLib/DcsCfgLib.inf +++ b/Library/DcsCfgLib/DcsCfgLib.inf @@ -74,6 +74,10 @@ DEBUG_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE RELEASE_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+
RELEASE_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
@@ -81,3 +85,7 @@ NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1 RELEASE_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+
+RELEASE_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+DEBUG_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+NOOPT_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
diff --git a/Library/DcsTpmLib/Tpm20.c b/Library/DcsTpmLib/Tpm20.c index 3ddc4df..182742e 100644 --- a/Library/DcsTpmLib/Tpm20.c +++ b/Library/DcsTpmLib/Tpm20.c @@ -539,7 +539,7 @@ DcsTpm2NvRead( {
EFI_STATUS res;
TPMI_SH_AUTH_SESSION SessionHandle = 0;
- UINT32 PcrMask,
+ UINT32 PcrMask;
CE(DcsTpm2NVReadPcrMask(&PcrMask));
diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c index 0b2d3c6..8270290 100644 --- a/Library/PasswordLib/ConsolePassword.c +++ b/Library/PasswordLib/ConsolePassword.c @@ -29,6 +29,8 @@ AskConsolePwdInt( EFI_INPUT_KEY key;
UINT32 count = 0;
UINTN i;
+
+ if ((asciiLine != NULL) && (line_max >= 1)) asciiLine[0] = '\0';
gST->ConOut->EnableCursor(gST->ConOut, TRUE);
if (gPasswordTimeout) {
@@ -48,8 +50,9 @@ AskConsolePwdInt( do {
key = GetKey();
- // Remove dirty chars 0.1s
- FlushInputDelay(100000);
+ // Remove dirty chars
+ if (gKeyboardInputDelay)
+ FlushInputDelay(gKeyboardInputDelay * 1000);
if (key.ScanCode == SCAN_ESC) {
*retCode = AskPwdRetCancel;
@@ -63,19 +66,21 @@ AskConsolePwdInt( if (key.ScanCode == SCAN_F5) {
show = show ? 0 : 1;
- if (show) {
- for (i = 0; i < count; i++) {
- OUT_PRINT(L"\b");
- }
- OUT_PRINT(L"%a", asciiLine);
- }
- else {
- for (i = 0; i < count; i++) {
- OUT_PRINT(L"\b");
+ if (count > 0) {
+ if (show) {
+ for (i = 0; i < count; i++) {
+ OUT_PRINT(L"\b");
+ }
+ OUT_PRINT(L"%a", asciiLine);
}
- if (gPasswordProgress) {
+ else {
for (i = 0; i < count; i++) {
- OUT_PRINT(L"*");
+ OUT_PRINT(L"\b");
+ }
+ if (gPasswordProgress) {
+ for (i = 0; i < count; i++) {
+ OUT_PRINT(L"*");
+ }
}
}
}
diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c index b2d8fad..7ce4014 100644 --- a/Library/PasswordLib/PicturePassword.c +++ b/Library/PasswordLib/PicturePassword.c @@ -32,6 +32,7 @@ UINT8 gPasswordVisible = 0; int gPasswordShowMark = 1;
UINT8 gPasswordProgress = 1;
int gPasswordTimeout = 0;
+UINTN gKeyboardInputDelay = 100;
int gPlatformLocked = 0;
int gTPMLocked = 0;
@@ -285,7 +286,6 @@ AskPictPwdInt( CHAR8 pwdNewChar = 0;
if (gPasswordTimeout) {
- UINTN EventIndex = 0;
InputEvents[0] = gST->ConIn->WaitForKey;
eventsCount = 2;
if (gTouchPointer != NULL) {
diff --git a/Library/VeraCryptLib/DcsProp b/Library/VeraCryptLib/DcsProp index e0b6691..c9ca1ff 100644 --- a/Library/VeraCryptLib/DcsProp +++ b/Library/VeraCryptLib/DcsProp @@ -6,7 +6,7 @@ 0 - text message is displayed
PasswordMsg to specify message
1 - touch picture password if touch is supported by EFI. check PlatformInfo
- PasswordPicture to specify bitmap
+ PasswordPicture to specify bitmap (only support BITMAPINFOHEADER format)
-->
<config key="PasswordType">0</config>
<config key="PasswordMsg">Password:</config>
@@ -179,4 +179,4 @@ Hash:</config--> <config key="BeepControl">1</config>
</configuration>
-</VeraCrypt>
\ No newline at end of file +</VeraCrypt>
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c index 10bb7d7..c165d9f 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.c +++ b/Library/VeraCryptLib/DcsVeraCrypt.c @@ -82,13 +82,14 @@ CHAR8* gOnExitFailed = NULL; CHAR8* gOnExitSuccess = NULL;
CHAR8* gOnExitNotFound = NULL;
CHAR8* gOnExitTimeout = NULL;
+CHAR8* gOnExitCancelled = NULL;
//////////////////////////////////////////////////////////////////////////
// Authorize
/////////////////////////////////////////////////////////////////////////
#define VCCONFIG_ALLOC(data, size) \
- if(data == NULL) MEM_FREE(data); \
+ if(data != NULL) MEM_FREE(data); \
data = MEM_ALLOC(size);
VOID
@@ -148,7 +149,8 @@ VCAuthLoadConfig() gPasswordProgress = (UINT8)ConfigReadInt("AuthorizeProgress", 1); // print "*"
gPasswordVisible = (UINT8)ConfigReadInt("AuthorizeVisible", 0); // show chars
gPasswordShowMark = ConfigReadInt("AuthorizeMarkTouch", 1); // show touch points
- gPasswordTimeout = (UINT8)ConfigReadInt("PasswordTimeout", 180); // If no password for <seconds> => <ESC>
+ gPasswordTimeout = (UINTN)ConfigReadInt("PasswordTimeout", 180); // If no password for <seconds> => <ESC>
+ gKeyboardInputDelay = (UINTN)ConfigReadInt("KeyboardInputDelay", 100); // minimum number of ms between two valid key strokes, anything between is discarded
gDcsBootForce = ConfigReadInt("DcsBootForce", 1); // Ask password even if no USB marked found.
@@ -184,6 +186,8 @@ VCAuthLoadConfig() ConfigReadString("ActionFailed", "Exit", gOnExitFailed, MAX_MSG);
VCCONFIG_ALLOC(gOnExitTimeout, MAX_MSG);
ConfigReadString("ActionTimeout", "Shutdown", gOnExitTimeout, MAX_MSG);
+ VCCONFIG_ALLOC(gOnExitCancelled, MAX_MSG);
+ ConfigReadString("ActionCancelled", "Exit", gOnExitCancelled, MAX_MSG);
strTemp = MEM_ALLOC(MAX_MSG);
ConfigReadString("PartitionGuidOS", "", strTemp, MAX_MSG);
@@ -334,7 +338,7 @@ VCAskPwd( gAutoLogin = 0;
gAuthPwdCode = AskPwdRetLogin;
vcPwd->Length = (unsigned int)strlen(gAutoPassword);
- strcpy(vcPwd->Text, gAutoPassword);
+ AsciiStrCpyS(vcPwd->Text, sizeof(vcPwd->Text), gAutoPassword);
}
else {
if (gAuthPasswordType == 1 &&
@@ -397,9 +401,11 @@ VCAskPwd( VOID
VCAuthAsk()
{
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
VCAskPwd(AskPwdLogin, &gAuthPassword);
if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
return;
}
@@ -417,7 +423,7 @@ VCAuthAsk() if (gAuthHashRqt) {
do {
gAuthHash = AskInt(gAuthHashMsg, gPasswordVisible);
- } while (gAuthHash < 0 || gAuthHash > 4);
+ } while (gAuthHash < 0 || gAuthHash > 5);
}
}
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.h b/Library/VeraCryptLib/DcsVeraCrypt.h index 152a335..1f25ae9 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.h +++ b/Library/VeraCryptLib/DcsVeraCrypt.h @@ -75,6 +75,7 @@ extern CHAR8* gOnExitFailed; extern CHAR8* gOnExitSuccess;
extern CHAR8* gOnExitNotFound;
extern CHAR8* gOnExitTimeout;
+extern CHAR8* gOnExitCancelled;
void
VCAuthAsk();
diff --git a/Library/VeraCryptLib/VeraCryptLib.inf b/Library/VeraCryptLib/VeraCryptLib.inf index 359782c..5006cfc 100644 --- a/Library/VeraCryptLib/VeraCryptLib.inf +++ b/Library/VeraCryptLib/VeraCryptLib.inf @@ -42,8 +42,11 @@ crypto\Aestab.h crypto\Aes_hw_cpu.nasm
crypto\Aes_hw_cpu.h
crypto\config.h
-crypto\Rmd160.c
-crypto\Rmd160.h
+crypto\blake2s.c
+crypto\blake2s_SSE2.c
+crypto\blake2s_SSE41.c
+crypto\blake2s_SSSE3.c
+crypto\blake2.h
crypto\Serpent.c
crypto\Serpent.h
crypto\Sha2.c
@@ -52,8 +55,6 @@ crypto\Twofish.c crypto\Twofish.h
crypto\Whirlpool.c
crypto\Whirlpool.h
-crypto\GostCipher.c
-crypto\GostCipher.h
crypto\Streebog.c
crypto\Streebog.h
crypto\kuznyechik.c
@@ -69,7 +70,6 @@ DcsVeraCrypt.h [Sources.X64]
crypto\Aes_x64.nasm
-crypto\Gost89_x64.nasm
[Sources.IA32]
llmath.c
@@ -120,6 +120,10 @@ DEBUG_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE RELEASE_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
NOOPT_VS2015x86_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+DEBUG_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /D_UEFI
+RELEASE_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /D_UEFI
+NOOPT_VS2017_X64_CC_FLAGS == /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od /D_UEFI
+
RELEASE_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
@@ -127,3 +131,7 @@ NOOPT_VS2010x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1 RELEASE_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
DEBUG_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
NOOPT_VS2015x86_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+
+RELEASE_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+DEBUG_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
+NOOPT_VS2017_X64_NASM_FLAGS = -Xvc -d_UEFI=1
diff --git a/Library/VeraCryptLib/mklinks_src.bat b/Library/VeraCryptLib/mklinks_src.bat index f87bc60..ca28f5b 100644 --- a/Library/VeraCryptLib/mklinks_src.bat +++ b/Library/VeraCryptLib/mklinks_src.bat @@ -41,9 +41,6 @@ call :create_link common\Xts.c call :create_link common\Xts.h
if NOT EXIST crypto mkdir crypto
-call :create_link crypto\GostCipher.c
-call :create_link crypto\GostCipher.h
-call :create_link crypto\Gost89_x64.asm Gost89_x64.nasm
call :create_link crypto\Streebog.c
call :create_link crypto\Streebog.h
call :create_link crypto\kuznyechik.c
@@ -61,8 +58,15 @@ call :create_link crypto\cpu.h call :create_link crypto\cpu.c
call :create_link crypto\config.h
call :create_link crypto\misc.h
-call :create_link crypto\Rmd160.c
-call :create_link crypto\Rmd160.h
+call :create_link crypto\blake2s.c
+call :create_link crypto\blake2.h
+call :create_link crypto\blake2-impl.h
+call :create_link crypto\blake2s_SSE2.c
+call :create_link crypto\blake2s_SSE41.c
+call :create_link crypto\blake2s_SSSE3.c
+call :create_link crypto\blake2s-load-sse2.h
+call :create_link crypto\blake2s-load-sse41.h
+call :create_link crypto\blake2s-round.h
call :create_link crypto\Serpent.c
call :create_link crypto\Serpent.h
call :create_link crypto\Sha2.c
diff --git a/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt b/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt Binary files differnew file mode 100644 index 0000000..0ea2204 --- /dev/null +++ b/SecureBoot/certs/Acer_LINPUS_2018-04-19.crt diff --git a/SecureBoot/sb_set_siglists.ps1 b/SecureBoot/sb_set_siglists.ps1 index cf735cb..ccb25ab 100644 --- a/SecureBoot/sb_set_siglists.ps1 +++ b/SecureBoot/sb_set_siglists.ps1 @@ -36,10 +36,12 @@ Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\sigli # Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Database_2013-07-10_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Database_2013-07-10_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_db_Manufacture_2015-06-17_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_db_Manufacture_2015-06-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2018-04-19_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Quanta_NB4_2012-07-18_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Quanta_NB4_2012-07-18_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_ABO_2010-12-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_ABO_2010-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_DisablePW_2012-12-31_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_DisablePW_2012-12-31_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_Wistron_Secure_Flash_2013-05-17_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_Wistron_Secure_Flash_2013-05-17_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
+# Set-SecureBootUEFI -Time 2018-07-05T00:00:00Z -ContentFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09-standalone_SigList.bin -SignedFilePath $scriptPath\siglists\Acer_LINPUS_2012-10-09-standalone_SigList_Serialization.bin.p7 -Name db -AppendWrite:$true
############### ASUS ###############
# Write-Host "Setting KEK-signed ASUS certs in db..."
diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin Binary files differnew file mode 100644 index 0000000..c69e029 --- /dev/null +++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList.bin diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin Binary files differnew file mode 100644 index 0000000..b8b6aa8 --- /dev/null +++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin diff --git a/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 Binary files differnew file mode 100644 index 0000000..60247bf --- /dev/null +++ b/SecureBoot/siglists/Acer_LINPUS_2018-04-19_SigList_Serialization.bin.p7 |