From ee5c1784ea0ed1328f7607bf3ea619ef3bd96d03 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 18 Jun 2017 16:08:27 +0200 Subject: Windows EFI Bootloader: Add new attributes "DcsBmlDriver" and "DcsBmlLockFlags" to EFI configuration DcsProp. Set their values to 0 to disable DcsBml functionality. --- src/Common/BootEncryption.cpp | 9 ++++++++- src/Common/BootEncryption.h | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 4e505eca..aaf30a06 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1854,7 +1854,9 @@ namespace VeraCrypt pim (0), requestPim (1), authorizeVisible (0), - authorizeRetry (10) + authorizeRetry (10), + bmlLockFlags (0), + bmlDriverEnabled (0) { } @@ -1970,6 +1972,8 @@ namespace VeraCrypt requestPim = ReadConfigInteger (configContent, "PimRqt", 1); authorizeVisible = ReadConfigInteger (configContent, "AuthorizeVisible", 0); authorizeRetry = ReadConfigInteger (configContent, "AuthorizeRetry", 0); + bmlLockFlags = ReadConfigInteger (configContent, "DcsBmlLockFlags", 0); + bmlDriverEnabled = ReadConfigInteger (configContent, "DcsBmlDriver", 0); burn (buffer, sizeof (buffer)); } @@ -2003,6 +2007,8 @@ namespace VeraCrypt WriteConfigInteger (configFile, configContent, "PimRqt", requestPim); WriteConfigInteger (configFile, configContent, "AuthorizeVisible", authorizeVisible); WriteConfigInteger (configFile, configContent, "AuthorizeRetry", authorizeRetry); + WriteConfigInteger (configFile, configContent, "DcsBmlLockFlags", bmlLockFlags); + WriteConfigInteger (configFile, configContent, "DcsBmlDriver", bmlDriverEnabled); // Write unmodified values char* xml = configContent; @@ -3585,6 +3591,7 @@ namespace VeraCrypt EfiBootInst.MountBootPartition(0); EfiBootInst.DeleteStartExec(); + EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed if (Is64BitOs()) EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE); else diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index 06329717..38568d46 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -173,6 +173,8 @@ namespace VeraCrypt int requestPim; int authorizeVisible; int authorizeRetry; + int bmlLockFlags; + int bmlDriverEnabled; EfiBootConf(); -- cgit v1.2.3