From 51088d231d73cbe14516d553e97237e7f5a4f147 Mon Sep 17 00:00:00 2001
From: kavsrf <kavsrf@gmail.com>
Date: Sun, 19 Mar 2017 17:05:02 +0300
Subject: os hide prepare option

---
 DcsCfg/DcsCfg.h                |   3 +
 DcsCfg/DcsCfg.man              |  68 +++++----
 DcsCfg/DcsCfgCrypt.c           | 326 ++++++++++++++++++++++++++++++++++++++++-
 DcsCfg/DcsCfgMain.c            |  95 +++++++-----
 DcsCfg/DcsCfgSetup.c           |   2 +-
 Include/Library/CommonLib.h    |   3 +-
 Include/Library/DcsCfgLib.h    |   1 +
 Library/CommonLib/EfiConsole.c |  15 +-
 Library/DcsCfgLib/GptEdit.c    |  23 +--
 9 files changed, 449 insertions(+), 87 deletions(-)

diff --git a/DcsCfg/DcsCfg.h b/DcsCfg/DcsCfg.h
index 6fda422..412e4c4 100644
--- a/DcsCfg/DcsCfg.h
+++ b/DcsCfg/DcsCfg.h
@@ -80,6 +80,9 @@ GptEdit(
 	IN UINTN index
 	);
 
+EFI_STATUS
+OuterInit();
+
 //////////////////////////////////////////////////////////////////////////
 // Security regions
 //////////////////////////////////////////////////////////////////////////
diff --git a/DcsCfg/DcsCfg.man b/DcsCfg/DcsCfg.man
index 72575dc..1edcbe4 100644
--- a/DcsCfg/DcsCfg.man
+++ b/DcsCfg/DcsCfg.man
@@ -3,29 +3,15 @@
 Configure boot loader parameters and tests EFI environment for compatibility
 .SH SYNOPSIS
 
-DcsCfg -dl
-DcsCfg -dc -ds <BN> -de <BN> -aa [-rnd rnddata]
-DcsCfg -db <BN>
+DcsCfg -dl <d|a>
+DcsCfg -dc -ds <BN> -de <BN> -aa
 DcsCfg -aa
-DcsCfg -dec <BN> -aa [-rnd rnddata]
-DcsCfg -ddc <BN> -aa
-DcsCfg -dcp <BN>
-DcsCfg -ul
-DcsCfg -tl
-DcsCfg -tt <TN>
-DcsCfg -gl 
-DcsCfg -gd <GN>
-DcsCfg -gm <mode>
-DcsCfg -bl
-DcsCfg -bt
-DcsCfg -setup
 DcsCfg -ds <BN> -pl
 DcsCfg -pf <gpt_file_name> -pl 
 DcsCfg -ds <BN> -pf <gpt_file_name> -ps
 DcsCfg -ds <BN> -pf <gpt_file_name> -pa
-DcsCfg -pf <gpt_file_name> -pe -aa
-DcsCfg -pf <gpt_file_name> -pd -aa
-DcsCfg -pf <gpt_file_name> -pmirror <PNB> <PNM> -ps
+DcsCfg -pf <gpt_file_name> -pe -aa -rnd <rnd_data>
+DcsCfg -pf <gpt_file_name> -pd -aa -rnd <rnd_data>
 DcsCfg -pf <gpt_file_name> -pnt <PNT> -phide <HS> <HE> -ps
 DcsCfg -kp <key_file>
 DcsCfg -ds <BN> -srm <total_security_regions>
@@ -35,29 +21,35 @@ DcsCfg -ds <BN> -wipe <start> <end>
 
 .SH OPTIONS
 
- -dc - check devices (try to authorize)
- -dl - block device list (order numbers are used in -db and -se)
+** Devices
+ -dl - block device list (numbers are used in -ds, -de)
  -ds <BN> – select device
  -de <BN> – end device to check (starts from select)
- -db <BN> - boot partition selection
+ -dc - check devices (try to authorize)
+ -ul - USB devices list
+ -tl - Touch devices list
+ -tt <TN> - Test touch device
+ -gl - graphics device list
+ -gd <GN> - graphics device select
+ -gm <mode> - graphics mode select
+ -bl - Beep device list
+ -bt - Beep device test
+ -setup - interactive setup (TODO)
+
+** Crypt volume 
  -aa - ask authorization parameters
  -ach - create header on block device
  -vec <BN> - block device encrypt
  -vdc <BN> - block device decrypt
  -vcp <BN> - block device change password
+
+** Random
  -rnd <type> <param>- select rnadom type (0 - none, 1 - file, 2- rdrand, 3 HMAC, 4 OPENSSL 5 TPM)
  -rndgen <file> - generate random file
  -rndload - load rnd generator state from file
  -rndsave - save rnd generator state to file
- -ul - USB device list
- -tl - touch device 
- -tt <TN> - Test touch device
- -gl - graphics device list
- -gd <GN> - graphics device select
- -gm <mode> - graphics mode select
- -bl - Beep device list
- -bt - Beep device test
- -setup - interactive setup
+
+** Disk entries table/partitions
  -pl - GPT list
  -pf <gpt_file_name> - file with GPT and params
  -ps - save GPT to file
@@ -72,17 +64,33 @@ DcsCfg -ds <BN> -wipe <start> <end>
  -prndsave - save random state to params
  -prndload - load random state from params
  -pwdcache - edit password cache in params
+
+** Security region data
  -kp <key_file_name> - keys file of platform to save
  -srm <SRT> - mark disk as security regions container(write CRC of platform to 61 sector); <SRT> - number of possible security regions
  -srw <SRT> - wipe security regions data with random data (write random data [62, 62 + 256 * SRT]) it has to be free! check first partition start sector!
  -sra <SRN> - add <gpt_file_name> to security region <SRN>
+ -srdump <SFX> - dump security regions from USB to files (list of files created - N<SFX>)
  -wipe <SS SE> - write random data to sectors range [SS,SE]
+
+** Rescue
  -osdecrypt - decrypt OS (rescue)
  -osrestorekey - restore key (rescue)
+
+** TPM
  -tpmpcrs <s> <e>- print PCRs
  -tpmnvlist - List NV regions in TPM
  -tpmcfg - Configure TPM
 
+** Table configuration
+ -tbf <tbl_file> - name of tables file
+ -tbz - zero tables 
+ -tbl - list tables
+ -tbn <name> - name of table to delete or appened (DCSPROP_, PICTPWD_)
+ -tbd - delete table (<name>)
+ -tba <tbl_data_file> - append table (dcsprop or picture)
+ -tbdump - save tables
+
  .SH DESCRIPTION
 
 NOTES:
diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c
index ef6236e..08c2ee6 100644
--- a/DcsCfg/DcsCfgCrypt.c
+++ b/DcsCfg/DcsCfgCrypt.c
@@ -42,6 +42,7 @@ https://opensource.org/licenses/LGPL-3.0
 PCRYPTO_INFO gAuthCryptInfo = NULL;
 PCRYPTO_INFO gHeaderCryptInfo = NULL;
 CHAR8 Header[512];
+CHAR8 BackupHeader[512];
 
 EFI_HANDLE              SecRegionHandle = NULL;
 UINT64                  SecRegionSector = 0;
@@ -279,6 +280,29 @@ CreateVolumeHeader(
 		512,
 		FALSE);
 
+	if (vcres != 0) {
+		ERR_PRINT(L"Header error %d\n", vcres);
+		return EFI_CRC_ERROR;
+	}
+	crypto_close(*rci);
+	vcres = CreateVolumeHeaderInMemory(
+		gAuthBoot, BackupHeader,
+		ea,
+		mode,
+		&gAuthPassword,
+		pkcs5,
+		gAuthPim,
+		master_keydata,
+		rci,
+		VolumeSize << 9,
+		hiddenVolumeSize << 9,
+		encSectorStart << 9,
+		(encSectorEnd - encSectorStart + 1) << 9,
+		VERSION_NUM,
+		HeaderFlags,
+		512,
+		FALSE);
+
 	if (vcres != 0) {
 		ERR_PRINT(L"Header error %d\n", vcres);
 		return EFI_CRC_ERROR;
@@ -1138,6 +1162,7 @@ CreateVolumeHeaderOnDisk(
 	UINT64                  VolumeSize = 0;
 	PCRYPTO_INFO            ci = 0;
 	EFI_LBA                 vhsector;
+	EFI_LBA                 vhsector2;
 	EFI_HANDLE              hDisk = NULL;
 	HARDDRIVE_DEVICE_PATH   hdp;
 	BOOLEAN                 isPart;
@@ -1181,10 +1206,18 @@ CreateVolumeHeaderOnDisk(
 		return EFI_NOT_FOUND;
 	}
 
-	vhsector = AskUINT64("save to sector:", gAuthBoot ? 62 : 0);
+	vhsector  = AskUINT64("primary sector to save:", gAuthBoot ? 62 : 0);
+	vhsector2 = vhsector;
+	if (!gAuthBoot) {
+		vhsector2 = AskUINT64("backup sector to save:", vhsector);
+	}
 	if (AskConfirm("Save [N]?", 1)) {
 		res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
-		ERR_PRINT(L"Write: %r\n", res);
+		ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+		if (vhsector != vhsector2) {
+			res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector2, 512, BackupHeader);
+			ERR_PRINT(L"Write %lld: %r\n", vhsector2, res);
+		}
 	}
 
 	if (phDisk != NULL) *phDisk = hDisk;
@@ -1197,6 +1230,295 @@ CreateVolumeHeaderOnDisk(
 	return res;
 }
 
+EFI_STATUS 
+CreateVolumeHeadersInMemory(
+	int ea,
+	int mode,
+	int pkcs5,
+	UINT64 encSectorStart,
+	UINT64 encSectorEnd,
+	UINT64 VolumeSize,
+	UINT64 hiddenVolumeSize,
+	UINT32 HeaderFlags
+) {
+	int8 master_keydata[MASTER_KEYDATA_SIZE];
+	INT32                   vcres;
+	PCRYPTO_INFO            rci = 0;
+	if (!RandgetBytes(master_keydata, MASTER_KEYDATA_SIZE, FALSE)) {
+		ERR_PRINT(L"No randoms\n");
+		return EFI_CRC_ERROR;
+	}
+
+	vcres = CreateVolumeHeaderInMemory(
+		FALSE, Header,
+		ea,
+		mode,
+		&gAuthPassword,
+		pkcs5,
+		gAuthPim,
+		master_keydata,
+		&rci,
+		VolumeSize << 9,
+		hiddenVolumeSize << 9,
+		encSectorStart << 9,
+		(encSectorEnd - encSectorStart + 1) << 9,
+		VERSION_NUM,
+		HeaderFlags,
+		512,
+		FALSE);
+
+	if (vcres != 0) {
+		ERR_PRINT(L"Header error %d\n", vcres);
+		return EFI_CRC_ERROR;
+	}
+	crypto_close(rci);
+
+	vcres = CreateVolumeHeaderInMemory(
+		FALSE, BackupHeader,
+		ea,
+		mode,
+		&gAuthPassword,
+		pkcs5,
+		gAuthPim,
+		master_keydata,
+		&rci,
+		VolumeSize << 9,
+		hiddenVolumeSize << 9,
+		encSectorStart << 9,
+		(encSectorEnd - encSectorStart + 1) << 9,
+		VERSION_NUM,
+		HeaderFlags,
+		512,
+		FALSE);
+
+	if (vcres != 0) {
+		ERR_PRINT(L"Header error %d\n", vcres);
+		return EFI_CRC_ERROR;
+	}
+	crypto_close(rci);
+	return EFI_SUCCESS;
+}
+
+EFI_STATUS 
+PartitionOuterInit(
+	UINTN diskIndex,
+	UINTN outerIndex,
+	UINTN endIndex)
+{
+	INT32                   vcres;
+	int mode = 0;
+	int ea = 0;
+	int pkcs5 = 0;
+	UINT64 encSectorStart;
+	UINT64 encSectorEnd;
+	UINT64 hiddenVolumeSize;
+	UINT64 VolumeSize;
+	int8 master_keydata[MASTER_KEYDATA_SIZE];
+	EFI_BLOCK_IO_PROTOCOL*  bio;
+	EFI_STATUS              res;
+	EFI_LBA                 vhsector;
+	EFI_LBA                 vhsector2;
+
+	if (!RandgetBytes(master_keydata, MASTER_KEYDATA_SIZE, FALSE)) {
+		ERR_PRINT(L"No randoms\n");
+		return EFI_CRC_ERROR;
+	}
+
+	if (CompareGuid(&GptMainEntrys[outerIndex].PartitionTypeGUID, &gEfiPartTypeUnusedGuid) ||
+		CompareGuid(&GptMainEntrys[endIndex].PartitionTypeGUID, &gEfiPartTypeUnusedGuid)
+		) {
+		ERR_PRINT(L"Bad partition indexes %d %d\n", outerIndex, endIndex);
+		return EFI_INVALID_PARAMETER;
+	}
+	if (EfiIsPartition(gBIOHandles[diskIndex])) {
+		ERR_PRINT(L"Select disk (not partition)\n");
+		return EFI_INVALID_PARAMETER;
+	}
+
+	bio = EfiGetBlockIO(gBIOHandles[diskIndex]);
+	if (bio == NULL) {
+		ERR_PRINT(L"No BIO protocol\n");
+		return EFI_NOT_FOUND;
+	}
+
+	// Wipe Outer start, Outer end
+	DeListPrint();
+	BlockRangeWipe(gBIOHandles[diskIndex], GptMainEntrys[outerIndex].StartingLBA, GptMainEntrys[outerIndex].EndingLBA);
+	BlockRangeWipe(gBIOHandles[diskIndex], GptMainEntrys[endIndex].StartingLBA, GptMainEntrys[endIndex].EndingLBA);
+
+	if (AskConfirm("Init outer headers?", 1)) {
+		// init header outer start
+		if (gAuthPasswordMsg == NULL) {
+			VCAuthAsk();
+		}
+
+		ea = AskEA();
+		mode = AskMode(ea);
+		pkcs5 = AskPkcs5();
+
+		encSectorStart = 256;
+		encSectorEnd = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[outerIndex].StartingLBA - 256;
+		VolumeSize = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[outerIndex].StartingLBA - 512 + 1;
+		hiddenVolumeSize = 0;
+		res = CreateVolumeHeadersInMemory(
+			ea, mode, pkcs5,
+			encSectorStart, encSectorEnd, VolumeSize, hiddenVolumeSize, 0);
+		vhsector = GptMainEntrys[outerIndex].StartingLBA;
+		vhsector2 = GptMainEntrys[endIndex].EndingLBA - 255;
+		if (EFI_ERROR(res)) {
+			ERR_PRINT(L"Create header: %r\n", res);
+		}
+		EfiPrintDevicePath(gBIOHandles[diskIndex]);
+		OUT_PRINT(L"[%lld, %lld] size %lld to %lld,%lld\n", encSectorStart, encSectorEnd, VolumeSize, vhsector, vhsector2);
+		if (!AskConfirm("Save outer[N]?", 1)) {
+			return EFI_NOT_READY;
+		}
+		res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
+		ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+		if (vhsector != vhsector2) {
+			res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector2, 512, BackupHeader);
+			ERR_PRINT(L"Write %lld: %r\n", vhsector2, res);
+		}
+
+		// init header outer end
+		VCAuthAsk();
+		encSectorStart = GptMainEntrys[endIndex].StartingLBA - GptMainEntrys[outerIndex].StartingLBA;
+		encSectorEnd = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[outerIndex].StartingLBA - 256;
+		VolumeSize = GptMainEntrys[endIndex].EndingLBA - GptMainEntrys[endIndex].StartingLBA - 256 + 1;
+		hiddenVolumeSize = VolumeSize;
+		res = CreateVolumeHeadersInMemory(
+			ea, mode, pkcs5,
+			encSectorStart, encSectorEnd, VolumeSize, hiddenVolumeSize, 0);
+		if (EFI_ERROR(res)) {
+			ERR_PRINT(L"Create header: %r\n", res);
+		}
+		vhsector = GptMainEntrys[outerIndex].StartingLBA + 128;
+		vhsector2 = GptMainEntrys[endIndex].EndingLBA - 127;
+
+		EfiPrintDevicePath(gBIOHandles[diskIndex]);
+		OUT_PRINT(L"[%lld, %lld] size %lld to %lld,%lld\n", encSectorStart, encSectorEnd, VolumeSize, vhsector, vhsector2);
+		if (!AskConfirm("Save outer[N]?", 1)) {
+			return EFI_NOT_READY;
+		}
+		res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
+		ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+		if (vhsector != vhsector2) {
+			res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector2, 512, BackupHeader);
+			ERR_PRINT(L"Write %lld: %r\n", vhsector2, res);
+		}
+	}
+
+	if (AskConfirm("Update main encryption header?", 1)) {
+		PCRYPTO_INFO cryptoInfo;
+		PCRYPTO_INFO ci;
+		CHAR8 fname8[256];
+		CHAR16 fname16[256];
+
+		VCAuthAsk();
+		res = TryHeaderDecrypt(DeCryptoHeader, &cryptoInfo, NULL);
+		if (EFI_ERROR(res)) {
+			ERR_PRINT(L"Decrypt: %r\n", res);
+			return res;
+		}
+
+		if (cryptoInfo->EncryptedAreaLength.Value != 0) {
+			ERR_PRINT(L"Encrypted already\n");
+			return EFI_INVALID_PARAMETER;
+		}
+
+		encSectorStart = GptMainEntrys[outerIndex].EndingLBA + 1;
+		encSectorEnd = GptMainEntrys[endIndex].StartingLBA - 1;
+		VolumeSize = encSectorEnd - encSectorStart + 1;
+
+		vcres = CreateVolumeHeaderInMemory(
+			TRUE, Header,
+			cryptoInfo->ea,
+			cryptoInfo->mode,
+			&gAuthPassword,
+			cryptoInfo->pkcs5,
+			gAuthPim,
+			cryptoInfo->master_keydata,
+			&ci,
+			VolumeSize << 9,
+			0,
+			encSectorStart << 9,
+			0,
+			cryptoInfo->RequiredProgramVersion,
+			cryptoInfo->HeaderFlags,
+			cryptoInfo->SectorSize,
+			FALSE);
+
+		if (vcres != 0) {
+			ERR_PRINT(L"header create error(%x)\n", vcres);
+			return EFI_INVALID_PARAMETER;
+		}
+		crypto_close(ci);
+		vhsector = 62;
+		res = bio->WriteBlocks(bio, bio->Media->MediaId, vhsector, 512, Header);
+		ERR_PRINT(L"Write %lld: %r\n", vhsector, res);
+
+		vcres = CreateVolumeHeaderInMemory(
+			TRUE, Header,
+			cryptoInfo->ea,
+			cryptoInfo->mode,
+			&gAuthPassword,
+			cryptoInfo->pkcs5,
+			gAuthPim,
+			cryptoInfo->master_keydata,
+			&ci,
+			VolumeSize << 9,
+			0,
+			encSectorStart << 9,
+			VolumeSize << 9,
+			cryptoInfo->RequiredProgramVersion,
+			cryptoInfo->HeaderFlags,
+			cryptoInfo->SectorSize,
+			FALSE);
+
+		if (vcres != 0) {
+			ERR_PRINT(L"header create error(%x)\n", vcres);
+			return EFI_INVALID_PARAMETER;
+		}
+		crypto_close(ci);
+		MEM_FREE(DeCryptoHeader);
+		DeCryptoHeader = Header;
+		AskAsciiString("Encrypted GPT file name:", fname8, sizeof(fname8), 1, "gpt_enc");
+		AsciiStrToUnicodeStr(fname8, fname16);
+		DcsDiskEntrysFileName = fname16;
+		DeListSaveToFile();
+	}
+
+	if (AskConfirm("Create GPT with one hidden volume?", 1)) {
+		CHAR8 fname8[256];
+		CHAR16 fname16[256];
+		// Save hiding GPT
+		CopyMem(&DcsHidePart, &GptMainEntrys[outerIndex], sizeof(DcsHidePart));
+		DcsHidePart.EndingLBA = GptMainEntrys[endIndex].EndingLBA;
+		GptHideParts();
+		AskAsciiString("Hidden GPT file name:", fname8, sizeof(fname8), 1, "gpt_hidden");
+		AsciiStrToUnicodeStr(fname8, fname16);
+		DcsDiskEntrysFileName = fname16;
+		DeListSaveToFile();
+	}
+
+	return EFI_SUCCESS;
+}
+
+EFI_STATUS
+OuterInit() 
+{
+	UINTN disk;
+	UINTN startOuter;
+	UINTN endOuter;
+	BioSkipPartitions = TRUE;
+	PrintBioList();
+	disk = AskUINTN("Disk:", 0);
+	GptLoadFromDisk(disk);
+	DeListPrint();
+	startOuter = AskUINTN("Start outer:", 0);
+	endOuter = AskUINTN("End outer:", startOuter + 3);
+	return PartitionOuterInit(disk, startOuter, endOuter);
+}
 
 //////////////////////////////////////////////////////////////////////////
 // USB
diff --git a/DcsCfg/DcsCfgMain.c b/DcsCfg/DcsCfgMain.c
index daf0fb0..c289bf8 100644
--- a/DcsCfg/DcsCfgMain.c
+++ b/DcsCfg/DcsCfgMain.c
@@ -39,15 +39,6 @@ https://opensource.org/licenses/LGPL-3.0
 #define OPT_DISK_START					L"-ds"
 #define OPT_DISK_END						L"-de"
 #define OPT_DISK_BOOT					L"-db"
-#define OPT_AUTH_ASK						L"-aa"
-#define OPT_AUTH_CREATE_HEADER		L"-ach"
-#define OPT_RND							L"-rnd"
-#define OPT_RND_GEN						L"-rndgen"
-#define OPT_RND_LOAD						L"-rndload"
-#define OPT_RND_SAVE						L"-rndsave"
-#define OPT_VOLUME_ENCRYPT				L"-vec"
-#define OPT_VOLUME_DECRYPT				L"-vdc"
-#define OPT_VOLUME_CHANGEPWD			L"-vcp"
 #define OPT_USB_LIST						L"-ul"
 #define OPT_TOUCH_LIST					L"-tl"
 #define OPT_TOUCH_TEST					L"-tt"
@@ -57,6 +48,18 @@ https://opensource.org/licenses/LGPL-3.0
 #define OPT_BEEP_LIST					L"-bl"
 #define OPT_BEEP_TEST					L"-bt"
 #define OPT_SETUP							L"-setup"
+
+#define OPT_AUTH_ASK						L"-aa"
+#define OPT_AUTH_CREATE_HEADER		L"-ach"
+#define OPT_VOLUME_ENCRYPT				L"-vec"
+#define OPT_VOLUME_DECRYPT				L"-vdc"
+#define OPT_VOLUME_CHANGEPWD			L"-vcp"
+
+#define OPT_RND							L"-rnd"
+#define OPT_RND_GEN						L"-rndgen"
+#define OPT_RND_LOAD						L"-rndload"
+#define OPT_RND_SAVE						L"-rndsave"
+
 #define OPT_PARTITION_LIST				L"-pl"
 #define OPT_PARTITION_FILE				L"-pf"
 #define OPT_PARTITION_SAVE				L"-ps"
@@ -72,13 +75,16 @@ https://opensource.org/licenses/LGPL-3.0
 #define OPT_PARTITION_RND_SAVE		L"-prndsave"
 #define OPT_PARTITION_EDIT_PWD_CACHE L"-pwdcache"
 #define OPT_KEYFILE_PLATFORM			L"-kp"
+
 #define OPT_SECREGION_MARK				L"-srm"
 #define OPT_SECREGION_WIPE				L"-srw"
 #define OPT_SECREGION_ADD				L"-sra"
 #define OPT_SECREGION_DUMP				L"-srdump"
 #define OPT_WIPE							L"-wipe"
+
 #define OPT_OS_DECRYPT					L"-osdecrypt"
 #define OPT_OS_RESTORE_KEY				L"-osrestorekey"
+
 #define OPT_TPM_PCRS						L"-tpmpcrs"
 #define OPT_TPM_NVLIST					L"-tpmnvlist"
 #define OPT_TPM_CFG						L"-tpmcfg"
@@ -91,6 +97,9 @@ https://opensource.org/licenses/LGPL-3.0
 #define OPT_TBL_APPEND					L"-tba"
 #define OPT_TBL_DUMP						L"-tbdump"
 
+#define OPT_OS_HIDE_PREP					L"-oshideprep"
+
+
 STATIC CONST SHELL_PARAM_ITEM ParamList[] = {
 	{ OPT_TBL_DUMP,      TypeValue },
 	{ OPT_TBL_FILE,      TypeValue },
@@ -144,6 +153,7 @@ STATIC CONST SHELL_PARAM_ITEM ParamList[] = {
 	{ OPT_WIPE,                 TypeDoubleValue },
 	{ OPT_OS_DECRYPT,     TypeFlag },
 	{ OPT_OS_RESTORE_KEY, TypeFlag },
+	{ OPT_OS_HIDE_PREP,   TypeFlag },
 	{ OPT_TPM_PCRS,       TypeDoubleValue },
 	{ OPT_TPM_NVLIST,     TypeFlag },
 	{ OPT_TPM_CFG,        TypeFlag },
@@ -229,6 +239,41 @@ DcsCfgMain(
 
    ParamCount = ShellCommandLineGetCount(Package);
 
+	// Create random
+	if (ShellCommandLineGetFlag(Package, OPT_RND)) {
+		CONST CHAR16* opt = NULL;
+		CHAR16* context = NULL;
+		UINTN rndType;
+		UINTN contextSize = 0;
+		opt = ShellCommandLineGetValue(Package, OPT_RND);
+		rndType = StrDecimalToUintn(opt);
+		context = (CHAR16*)StrStr(opt, L" ");
+		if (context != NULL) {
+			context++;
+			contextSize = StrLen(context) * 2;
+			if (!EFI_ERROR(FileExist(NULL, context))) {
+				FileLoad(NULL, context, &context, &contextSize);
+			}
+		}
+		res = RndInit(rndType, context, contextSize, &gRnd);
+		if (EFI_ERROR(res)) {
+			ERR_PRINT(L"Random: %r\n", res);
+		}
+	}
+
+	// Rescue
+	if (ShellCommandLineGetFlag(Package, OPT_OS_DECRYPT)) {
+		return OSDecrypt();
+	}
+
+	if (ShellCommandLineGetFlag(Package, OPT_OS_RESTORE_KEY)) {
+		return OSRestoreKey();
+	}
+
+	if (ShellCommandLineGetFlag(Package, OPT_OS_HIDE_PREP)) {
+		return OuterInit();
+	}
+
 	// Common parameters
 	if (ShellCommandLineGetFlag(Package, OPT_DISK_START)) {
 		CONST CHAR16* opt = NULL;
@@ -285,15 +330,6 @@ DcsCfgMain(
 		TestAuthAsk();
 	}
 
-	// Rescue
-	if (ShellCommandLineGetFlag(Package, OPT_OS_DECRYPT)) {
-		return OSDecrypt();
-	}
-
-	if (ShellCommandLineGetFlag(Package, OPT_OS_RESTORE_KEY)) {
-		return OSRestoreKey();
-	}
-
 	// Beep
 	if (ShellCommandLineGetFlag(Package, OPT_BEEP_LIST)) {
 		PrintSpeakerList();
@@ -373,28 +409,7 @@ DcsCfgMain(
 		PrintUsbList();
 	}
 
-	// Create random
-	if (ShellCommandLineGetFlag(Package, OPT_RND)) {
-		CONST CHAR16* opt = NULL;
-		CHAR16* context = NULL;
-		UINTN rndType;
-		UINTN contextSize = 0;
-		opt = ShellCommandLineGetValue(Package, OPT_RND);
-		rndType = StrDecimalToUintn(opt);
-		context = (CHAR16*)StrStr(opt, L" ");
-		if (context != NULL) {
-			context++;
-			contextSize = StrLen(context) * 2;
-			if (!EFI_ERROR(FileExist(NULL, context))) {
-				FileLoad(NULL, context, &context, &contextSize);
-			}
-		}
-		res = RndInit(rndType, context, contextSize, &gRnd);
-		if (EFI_ERROR(res)) {
-			ERR_PRINT(L"Random: %r\n", res);
-		}
-	}
-
+	// Randoms
 	if (ShellCommandLineGetFlag(Package, OPT_RND_LOAD)) {
 		CONST CHAR16* opt = NULL;
 		UINT8 temp[4];
diff --git a/DcsCfg/DcsCfgSetup.c b/DcsCfg/DcsCfgSetup.c
index d773fb7..54d2956 100644
--- a/DcsCfg/DcsCfgSetup.c
+++ b/DcsCfg/DcsCfgSetup.c
@@ -34,6 +34,6 @@ DcsInteractiveSetup() {
 	InitGraph();
 	gST->ConOut->EnableCursor(gST->ConOut, TRUE);
 	ERR_PRINT(L"\n\rInteractive setup is not implemented! Press enter to continue\n\r");
-	AskAsciiString("\rDCS>", cmd, sizeof(cmd), 1);
+	AskAsciiString("\rDCS>", cmd, sizeof(cmd), 1, NULL);
 	return res;
 }
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h
index efc7738..7966eee 100644
--- a/Include/Library/CommonLib.h
+++ b/Include/Library/CommonLib.h
@@ -336,7 +336,8 @@ AskAsciiString(
    CHAR8* prompt,
    CHAR8* str,
    UINTN max_len,
-   UINT8 visible);
+   UINT8 visible,
+	CHAR8* defStr);
 
 int
 AskInt(
diff --git a/Include/Library/DcsCfgLib.h b/Include/Library/DcsCfgLib.h
index ccbaa32..875e2e2 100644
--- a/Include/Library/DcsCfgLib.h
+++ b/Include/Library/DcsCfgLib.h
@@ -45,6 +45,7 @@ extern UINT64              gDcsDiskEntryListHeaderID;
 
 extern DCS_DISK_ENTRY_LIST *DeList;
 extern DCS_DEP_EXEC  *DeExecParams;
+extern UINT8 *DeCryptoHeader;
 
 // DcsCfg data
 extern CONST CHAR16*       DcsDiskEntrysFileName;
diff --git a/Library/CommonLib/EfiConsole.c b/Library/CommonLib/EfiConsole.c
index 63b32ae..3ab1515 100644
--- a/Library/CommonLib/EfiConsole.c
+++ b/Library/CommonLib/EfiConsole.c
@@ -204,11 +204,20 @@ AskAsciiString(
    CHAR8* prompt,
    CHAR8* str,
    UINTN max_len,
-   UINT8 visible)
+   UINT8 visible,
+	CHAR8* defStr)
 {
    UINTN       len = 0;
-   OUT_PRINT(L"%a", prompt);
-   GetLine(&len, NULL, str, max_len, visible);
+	if (defStr == NULL) {
+		OUT_PRINT(L"%a", prompt);
+	} else {
+		OUT_PRINT(L"[%a] %a", defStr, prompt);
+	}
+	GetLine(&len, NULL, str, max_len, visible);
+	if (defStr != NULL && len == 0) {
+		AsciiStrCpyS(str, max_len, defStr);
+		len = AsciiStrLen(str);
+	}
    return (UINT32)len;
 }
 
diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c
index 28d2160..bae8f1e 100644
--- a/Library/DcsCfgLib/GptEdit.c
+++ b/Library/DcsCfgLib/GptEdit.c
@@ -33,7 +33,7 @@ UINT64  gDcsDiskEntryPwdCacheID = DCS_DEP_PWD_CACHE_SIGN;
 
 DCS_DISK_ENTRY_LIST         *DeList = NULL;
 
-UINT8                       *CryptoHeader = NULL;
+UINT8                       *DeCryptoHeader = NULL;
 
 EFI_PARTITION_TABLE_HEADER  *GptMainHdr = NULL;
 EFI_PARTITION_ENTRY         *GptMainEntrys = NULL;
@@ -131,15 +131,15 @@ GptLoadFromDisk(
 		goto error;
 	}
 
-	CryptoHeader = MEM_ALLOC(512);
-	if (CryptoHeader == NULL) {
+	DeCryptoHeader = MEM_ALLOC(512);
+	if (DeCryptoHeader == NULL) {
 		ERR_PRINT(L"Can't alloc CryptoHeader\n");
 		res = EFI_BUFFER_TOO_SMALL;
 		goto error;
 	}
 
 	// Load disk IDs
-	res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 0, 512, CryptoHeader);
+	res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 0, 512, DeCryptoHeader);
 	if (EFI_ERROR(res)) {
 		ERR_PRINT(L"Can't MBR \n");
 		goto error;
@@ -147,11 +147,11 @@ GptLoadFromDisk(
 
 	SetMem(&DeDiskId, sizeof(DeDiskId), 0);
 	DeDiskId.Type = DE_DISKID;
-	CopyMem(&DeDiskId.MbrID, &CryptoHeader[0x1b8], sizeof(DiskIdMbr));
+	CopyMem(&DeDiskId.MbrID, &DeCryptoHeader[0x1b8], sizeof(DiskIdMbr));
 	CopyMem(&DeDiskId.GptID, &GptMainHdr->DiskGUID, sizeof(DiskIdGpt));
 
 	// Load crypto header
-	res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 62, 512, CryptoHeader);
+	res = BlockIo->ReadBlocks(BlockIo, BlockIo->Media->MediaId, 62, 512, DeCryptoHeader);
 	if (EFI_ERROR(res)) {
 		ERR_PRINT(L"Can't read CryptoHeader\n");
 		goto error;
@@ -176,7 +176,7 @@ error:
 	MEM_FREE(GptMainEntrys);
 	MEM_FREE(GptAltHdr);
 	MEM_FREE(GptAltEntrys);
-	MEM_FREE(CryptoHeader);
+	MEM_FREE(DeCryptoHeader);
 	return res;
 }
 
@@ -233,7 +233,7 @@ DeListSaveToFile() {
 	DeList->Count = DE_IDX_TOTAL;
 	Offset = 0;
 
-	DeList_UPDATE_BEGIN(CryptoHeader, DE_Sectors, DE_IDX_CRYPTOHEADER, 512)
+	DeList_UPDATE_BEGIN(DeCryptoHeader, DE_Sectors, DE_IDX_CRYPTOHEADER, 512)
 		DeList->DE[DE_IDX_CRYPTOHEADER].Sectors.Start = 62 * 512;
 	DeList_UPDATE_END
 
@@ -339,7 +339,7 @@ DeListParseSaved(
 	)
 {
 	EFI_STATUS                  res = EFI_SUCCESS;
-	CryptoHeader = DeBuffer;
+	DeCryptoHeader = DeBuffer;
 	DeList = (DCS_DISK_ENTRY_LIST*)(DeBuffer + 512);
 	CopyMem(&DeDiskId, &DeList->DE[DE_IDX_DISKID], sizeof(DeDiskId));
 
@@ -483,7 +483,7 @@ DeListApplySectorsToDisk(
 			res = BlockIo->WriteBlocks(BlockIo, BlockIo->Media->MediaId,
 				DeList->DE[i].Sectors.Start >> 9,
 				(UINTN)DeList->DE[i].Sectors.Length,
-				CryptoHeader + DeList->DE[i].Sectors.Offset);
+				DeCryptoHeader + DeList->DE[i].Sectors.Offset);
 		}
 		if (EFI_ERROR(res)) {
 			ERR_PRINT(L"Write: %r\n", res);
@@ -599,6 +599,9 @@ GptHideParts() {
 	GptSqueze();
 	GptSort();
 	GptSyncMainAlt();
+	if (DeCryptoHeader != NULL) {
+		SetMem(DeCryptoHeader, 512, 0);
+	}
 }
 
 BOOLEAN
-- 
cgit v1.2.3