VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2017-06-18 16:08:27 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2017-06-21 01:39:54 +0200
commitee5c1784ea0ed1328f7607bf3ea619ef3bd96d03 (patch)
tree97df22b245b927ab66497ad455ce24305c2e798b /src/Common
parentd71658efd292da22c55701d7155b1a318e400f56 (diff)
downloadVeraCrypt-ee5c1784ea0ed1328f7607bf3ea619ef3bd96d03.tar.gz
VeraCrypt-ee5c1784ea0ed1328f7607bf3ea619ef3bd96d03.zip
Windows EFI Bootloader: Add new attributes "DcsBmlDriver" and "DcsBmlLockFlags" to EFI configuration DcsProp. Set their values to 0 to disable DcsBml functionality.
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/BootEncryption.cpp9
-rw-r--r--src/Common/BootEncryption.h2
2 files changed, 10 insertions, 1 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 4e505eca..aaf30a06 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1854,7 +1854,9 @@ namespace VeraCrypt
pim (0),
requestPim (1),
authorizeVisible (0),
- authorizeRetry (10)
+ authorizeRetry (10),
+ bmlLockFlags (0),
+ bmlDriverEnabled (0)
{
}
@@ -1970,6 +1972,8 @@ namespace VeraCrypt
requestPim = ReadConfigInteger (configContent, "PimRqt", 1);
authorizeVisible = ReadConfigInteger (configContent, "AuthorizeVisible", 0);
authorizeRetry = ReadConfigInteger (configContent, "AuthorizeRetry", 0);
+ bmlLockFlags = ReadConfigInteger (configContent, "DcsBmlLockFlags", 0);
+ bmlDriverEnabled = ReadConfigInteger (configContent, "DcsBmlDriver", 0);
burn (buffer, sizeof (buffer));
}
@@ -2003,6 +2007,8 @@ namespace VeraCrypt
WriteConfigInteger (configFile, configContent, "PimRqt", requestPim);
WriteConfigInteger (configFile, configContent, "AuthorizeVisible", authorizeVisible);
WriteConfigInteger (configFile, configContent, "AuthorizeRetry", authorizeRetry);
+ WriteConfigInteger (configFile, configContent, "DcsBmlLockFlags", bmlLockFlags);
+ WriteConfigInteger (configFile, configContent, "DcsBmlDriver", bmlDriverEnabled);
// Write unmodified values
char* xml = configContent;
@@ -3585,6 +3591,7 @@ namespace VeraCrypt
EfiBootInst.MountBootPartition(0);
EfiBootInst.DeleteStartExec();
+ EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed
if (Is64BitOs())
EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE);
else
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index 06329717..38568d46 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -173,6 +173,8 @@ namespace VeraCrypt
int requestPim;
int authorizeVisible;
int authorizeRetry;
+ int bmlLockFlags;
+ int bmlDriverEnabled;
EfiBootConf();