From 7f63d57f6728362f3de44c63c12a8e561faf616d Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 17 Oct 2016 16:31:25 +0200 Subject: Windows: Support EFI system encryption for 32-bit Windows. --- doc/VeraCrypt User Guide.odt | Bin 2267049 -> 2267078 bytes src/Boot/EFI/DcsBml32.efi | Bin 0 -> 6912 bytes src/Boot/EFI/DcsBoot32.efi | Bin 0 -> 10080 bytes src/Boot/EFI/DcsCfg32.efi | Bin 0 -> 484928 bytes src/Boot/EFI/DcsInt32.efi | Bin 0 -> 471584 bytes src/Boot/EFI/DcsRe32.efi | Bin 0 -> 14688 bytes src/Boot/EFI/LegacySpeaker32.efi | Bin 0 -> 2528 bytes src/Common/BootEncryption.cpp | 97 ++++++++++++++++------- src/Common/Common.rc | 6 ++ src/Common/Resource.h | 8 +- src/Release/Setup Files/VeraCrypt User Guide.pdf | Bin 2896833 -> 2897008 bytes 11 files changed, 80 insertions(+), 31 deletions(-) create mode 100644 src/Boot/EFI/DcsBml32.efi create mode 100644 src/Boot/EFI/DcsBoot32.efi create mode 100644 src/Boot/EFI/DcsCfg32.efi create mode 100644 src/Boot/EFI/DcsInt32.efi create mode 100644 src/Boot/EFI/DcsRe32.efi create mode 100644 src/Boot/EFI/LegacySpeaker32.efi diff --git a/doc/VeraCrypt User Guide.odt b/doc/VeraCrypt User Guide.odt index e913bf61..9fd07e36 100644 Binary files a/doc/VeraCrypt User Guide.odt and b/doc/VeraCrypt User Guide.odt differ diff --git a/src/Boot/EFI/DcsBml32.efi b/src/Boot/EFI/DcsBml32.efi new file mode 100644 index 00000000..8b3df11d Binary files /dev/null and b/src/Boot/EFI/DcsBml32.efi differ diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi new file mode 100644 index 00000000..93806f24 Binary files /dev/null and b/src/Boot/EFI/DcsBoot32.efi differ diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi new file mode 100644 index 00000000..e5517719 Binary files /dev/null and b/src/Boot/EFI/DcsCfg32.efi differ diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi new file mode 100644 index 00000000..05caedbd Binary files /dev/null and b/src/Boot/EFI/DcsInt32.efi differ diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi new file mode 100644 index 00000000..08ec4844 Binary files /dev/null and b/src/Boot/EFI/DcsRe32.efi differ diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi new file mode 100644 index 00000000..e92ec411 Binary files /dev/null and b/src/Boot/EFI/LegacySpeaker32.efi differ diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index b1d55e01..cd7ea79a 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -2543,23 +2543,23 @@ namespace VeraCrypt } } DWORD sizeDcsBoot; - byte *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot); + byte *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT : IDR_EFI_DCSBOOT32, &sizeDcsBoot); if (!dcsBootImg) throw ErrorException(L"Out of resource DcsBoot", SRC_POS); DWORD sizeDcsInt; - byte *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt); + byte *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt); if (!dcsIntImg) throw ErrorException(L"Out of resource DcsInt", SRC_POS); DWORD sizeDcsCfg; - byte *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg); + byte *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg); if (!dcsCfgImg) throw ErrorException(L"Out of resource DcsCfg", SRC_POS); DWORD sizeLegacySpeaker; - byte *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker); + byte *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker); if (!LegacySpeakerImg) throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS); DWORD sizeBootMenuLocker; - byte *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker); + byte *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker); if (!BootMenuLockerImg) throw ErrorException(L"Out of resource DcsBml", SRC_POS); @@ -2573,7 +2573,7 @@ namespace VeraCrypt EfiBootInst.MkDir(L"\\EFI\\VeraCrypt", bAlreadyExist); EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsBoot.efi", dcsBootImg, sizeDcsBoot); - EfiBootInst.SaveFile(L"\\EFI\\Boot\\bootx64.efi", dcsBootImg, sizeDcsBoot); + EfiBootInst.SaveFile(Is64BitOs()? L"\\EFI\\Boot\\bootx64.efi": L"\\EFI\\Boot\\bootia32.efi", dcsBootImg, sizeDcsBoot); EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsInt.dcs", dcsIntImg, sizeDcsInt); EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsCfg.dcs", dcsCfgImg, sizeDcsCfg); EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs", LegacySpeakerImg, sizeLegacySpeaker); @@ -2587,7 +2587,10 @@ namespace VeraCrypt // move the original bootloader backup from old location (if it exists) to new location // we don't force the move operation if the new location already exists - EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE); + if (Is64BitOs()) + EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE); + else + EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootia32_vc_backup.efi", L"\\EFI\\Boot\\original_bootia32.vc_backup", FALSE); // Clean beta9 EfiBootInst.DelFile(L"\\DcsBoot.efi"); @@ -2736,27 +2739,27 @@ namespace VeraCrypt { // create EFI disk structure DWORD sizeDcsBoot; - byte *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot); + byte *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT: IDR_EFI_DCSBOOT32, &sizeDcsBoot); if (!dcsBootImg) throw ParameterIncorrect (SRC_POS); DWORD sizeDcsInt; - byte *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt); + byte *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt); if (!dcsIntImg) throw ParameterIncorrect (SRC_POS); DWORD sizeDcsCfg; - byte *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg); + byte *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg); if (!dcsCfgImg) throw ParameterIncorrect (SRC_POS); DWORD sizeLegacySpeaker; - byte *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker); + byte *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker); if (!LegacySpeakerImg) throw ParameterIncorrect (SRC_POS); DWORD sizeBootMenuLocker; - byte *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker); + byte *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker); if (!BootMenuLockerImg) throw ParameterIncorrect (SRC_POS); DWORD sizeDcsRescue; - byte *DcsRescueImg = MapResource(L"BIN", IDR_EFI_DCSRE, &sizeDcsRescue); + byte *DcsRescueImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSRE: IDR_EFI_DCSRE32, &sizeDcsRescue); if (!DcsRescueImg) throw ParameterIncorrect (SRC_POS); @@ -2775,7 +2778,7 @@ namespace VeraCrypt finally_do_arg (zip_t**, &z, { if (*finally_arg) zip_discard (*finally_arg);}); - if (!ZipAdd (z, "EFI/Boot/bootx64.efi", DcsRescueImg, sizeDcsRescue)) + if (!ZipAdd (z, Is64BitOs()? "EFI/Boot/bootx64.efi": "EFI/Boot/bootia32.efi", DcsRescueImg, sizeDcsRescue)) throw ParameterIncorrect (SRC_POS); if (!ZipAdd (z, "EFI/VeraCrypt/DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker)) throw ParameterIncorrect (SRC_POS); @@ -2820,7 +2823,7 @@ namespace VeraCrypt sysBakFile.GetFileSize(fileSize); fileBuf.Resize ((DWORD) fileSize); DWORD sizeLoader = sysBakFile.Read (fileBuf.Ptr (), fileSize); - bLoadAdded = ZipAdd (z, "EFI/Boot/original_bootx64.vc_backup", fileBuf.Ptr (), sizeLoader); + bLoadAdded = ZipAdd (z, Is64BitOs()? "EFI/Boot/original_bootx64.vc_backup": "EFI/Boot/original_bootia32.vc_backup", fileBuf.Ptr (), sizeLoader); } catch (Exception &e) { @@ -3035,7 +3038,7 @@ namespace VeraCrypt if (bIsGPT) { - const wchar_t* efiFiles[] = { + const wchar_t* efi64Files[] = { L"EFI/Boot/bootx64.efi", L"EFI/VeraCrypt/DcsBml.dcs", L"EFI/VeraCrypt/DcsBoot.efi", @@ -3045,6 +3048,17 @@ namespace VeraCrypt L"EFI/VeraCrypt/svh_bak", L"EFI/Boot/original_bootx64.vc_backup" }; + + const wchar_t* efi32Files[] = { + L"EFI/Boot/bootia32.efi", + L"EFI/VeraCrypt/DcsBml.dcs", + L"EFI/VeraCrypt/DcsBoot.efi", + L"EFI/VeraCrypt/DcsCfg.dcs", + L"EFI/VeraCrypt/DcsInt.dcs", + L"EFI/VeraCrypt/LegacySpeaker.dcs", + L"EFI/VeraCrypt/svh_bak", + L"EFI/Boot/original_bootia32.vc_backup" + }; zip_error_t zerr; zip_source_t* zsrc = zip_source_buffer_create (RescueZipData, RescueZipSize, 0, &zerr); @@ -3072,8 +3086,10 @@ namespace VeraCrypt if (GetVolumeInformationW (rootPath, NULL, 0, NULL, NULL, NULL, szNameBuffer, ARRAYSIZE(szNameBuffer)) && !wcsncmp (szNameBuffer, L"FAT", 3)) { - int i; - for (i = 0; i < ARRAYSIZE(efiFiles); i++) + int i; + const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files; + int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files); + for (i = 0; i < efiFilesSize; i++) { bool bMatch = false; zip_int64_t index = zip_name_locate (z, WideToUtf8String (efiFiles[i]).c_str(), ZIP_FL_NOCASE); @@ -3125,7 +3141,7 @@ namespace VeraCrypt break; } - if (i == ARRAYSIZE(efiFiles)) + if (i == efiFilesSize) { // All entries processed return true; @@ -3213,7 +3229,7 @@ namespace VeraCrypt finally_do_arg (zip_t*, zMem, { zip_close (finally_arg); }); - const wchar_t* efiFiles[] = { + const wchar_t* efi64Files[] = { L"EFI/Boot/bootx64.efi", L"EFI/VeraCrypt/DcsBml.dcs", L"EFI/VeraCrypt/DcsBoot.efi", @@ -3223,11 +3239,24 @@ namespace VeraCrypt L"EFI/VeraCrypt/svh_bak", L"EFI/Boot/original_bootx64.vc_backup" }; + + const wchar_t* efi32Files[] = { + L"EFI/Boot/bootia32.efi", + L"EFI/VeraCrypt/DcsBml.dcs", + L"EFI/VeraCrypt/DcsBoot.efi", + L"EFI/VeraCrypt/DcsCfg.dcs", + L"EFI/VeraCrypt/DcsInt.dcs", + L"EFI/VeraCrypt/LegacySpeaker.dcs", + L"EFI/VeraCrypt/svh_bak", + L"EFI/Boot/original_bootia32.vc_backup" + }; int i; zip_stat_t statMem, statFile; zip_int64_t indexMem, indexFile; - for (i = 0; i < ARRAYSIZE(efiFiles); i++) + const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files; + int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files); + for (i = 0; i < efiFilesSize; i++) { bool bMatch = false; indexMem = zip_name_locate (zMem, WideToUtf8String (efiFiles[i]).c_str(), ZIP_FL_NOCASE); @@ -3277,7 +3306,7 @@ namespace VeraCrypt break; } - if (i == ARRAYSIZE(efiFiles)) + if (i == efiFilesSize) { // All entries processed return true; @@ -3407,11 +3436,11 @@ namespace VeraCrypt EfiBootInst.MountBootPartition(0); - EfiBootInst.GetFileSize(L"\\EFI\\Boot\\bootx64.efi", loaderSize); + EfiBootInst.GetFileSize(Is64BitOs()? L"\\EFI\\Boot\\bootx64.efi" : L"\\EFI\\Boot\\bootia32.efi", loaderSize); std::vector bootLoaderBuf ((size_t) loaderSize); - EfiBootInst.ReadFile(L"\\EFI\\Boot\\bootx64.efi", &bootLoaderBuf[0], (DWORD) loaderSize); + EfiBootInst.ReadFile(Is64BitOs()? L"\\EFI\\Boot\\bootx64.efi": L"\\EFI\\Boot\\bootia32.efi", &bootLoaderBuf[0], (DWORD) loaderSize); // Prevent VeraCrypt EFI loader from being backed up for (size_t i = 0; i < (size_t) loaderSize - (wcslen (VC_EFI_BOOTLOADER_NAME) * 2); ++i) @@ -3424,8 +3453,16 @@ namespace VeraCrypt } } - EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", GetSystemLoaderBackupPath().c_str()); - EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup"); + if (Is64BitOs()) + { + EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", GetSystemLoaderBackupPath().c_str()); + EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup"); + } + else + { + EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootia32.efi", GetSystemLoaderBackupPath().c_str()); + EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootia32.efi", L"\\EFI\\Boot\\original_bootia32.vc_backup"); + } } else { @@ -3474,7 +3511,10 @@ namespace VeraCrypt EfiBootInst.MountBootPartition(0); EfiBootInst.DeleteStartExec(); - EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE); + if (Is64BitOs()) + EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE); + else + EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootia32.vc_backup", L"\\EFI\\Boot\\bootia32.efi", TRUE); EfiBootInst.DelFile(L"\\DcsBoot.efi"); EfiBootInst.DelFile(L"\\DcsInt.efi"); @@ -3953,9 +3993,6 @@ namespace VeraCrypt SystemDriveConfiguration config = GetSystemDriveConfiguration (); - if (config.SystemPartition.IsGPT && !Is64BitOs()) - throw ErrorException ("GPT_BOOT_DRIVE_UNSUPPORTED", SRC_POS); - if (SystemDriveIsDynamic()) throw ErrorException ("SYSENC_UNSUPPORTED_FOR_DYNAMIC_DISK", SRC_POS); diff --git a/src/Common/Common.rc b/src/Common/Common.rc index c29c036e..8e050cea 100644 --- a/src/Common/Common.rc +++ b/src/Common/Common.rc @@ -538,6 +538,12 @@ IDR_EFI_DCSCFG BIN "..\\Boot\\EFI\\DcsCfg.efi" IDR_EFI_LEGACYSPEAKER BIN "..\\Boot\\EFI\\LegacySpeaker.efi" IDR_EFI_DCSBML BIN "..\\Boot\\EFI\\DcsBml.efi" IDR_EFI_DCSRE BIN "..\\Boot\\EFI\\DcsRe.efi" +IDR_EFI_DCSBOOT32 BIN "..\\Boot\\EFI\\DcsBoot32.efi" +IDR_EFI_DCSINT32 BIN "..\\Boot\\EFI\\DcsInt32.efi" +IDR_EFI_DCSCFG32 BIN "..\\Boot\\EFI\\DcsCfg32.efi" +IDR_EFI_LEGACYSPEAKER32 BIN "..\\Boot\\EFI\\LegacySpeaker32.efi" +IDR_EFI_DCSBML32 BIN "..\\Boot\\EFI\\DcsBml32.efi" +IDR_EFI_DCSRE32 BIN "..\\Boot\\EFI\\DcsRe32.efi" ///////////////////////////////////////////////////////////////////////////// // diff --git a/src/Common/Resource.h b/src/Common/Resource.h index 12907c12..b8cd3d76 100644 --- a/src/Common/Resource.h +++ b/src/Common/Resource.h @@ -73,6 +73,12 @@ #define IDR_EFI_LEGACYSPEAKER 569 #define IDR_EFI_DCSBML 570 #define IDR_EFI_DCSRE 571 +#define IDR_EFI_DCSBOOT32 572 +#define IDR_EFI_DCSINT32 573 +#define IDR_EFI_DCSCFG32 574 +#define IDR_EFI_LEGACYSPEAKER32 575 +#define IDR_EFI_DCSBML32 576 +#define IDR_EFI_DCSRE32 577 #define IDC_HW_AES_LABEL_LINK 5000 #define IDC_HW_AES 5001 #define IDC_PARALLELIZATION_LABEL_LINK 5002 @@ -220,7 +226,7 @@ #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS #define _APS_NO_MFC 1 -#define _APS_NEXT_RESOURCE_VALUE 572 +#define _APS_NEXT_RESOURCE_VALUE 578 #define _APS_NEXT_COMMAND_VALUE 40001 #define _APS_NEXT_CONTROL_VALUE 5141 #define _APS_NEXT_SYMED_VALUE 101 diff --git a/src/Release/Setup Files/VeraCrypt User Guide.pdf b/src/Release/Setup Files/VeraCrypt User Guide.pdf index b2e1f190..0b9f628e 100644 Binary files a/src/Release/Setup Files/VeraCrypt User Guide.pdf and b/src/Release/Setup Files/VeraCrypt User Guide.pdf differ -- cgit v1.2.3