From 1396269d573256248bece97e1e291ef0c08e513f Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 20 Apr 2016 00:30:28 +0200 Subject: Windows: Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR. --- src/Boot/Windows/BootCommon.h | 2 +- src/Boot/Windows/BootConfig.cpp | 10 ++- src/Boot/Windows/BootConfig.h | 2 +- src/Boot/Windows/BootDefs.h | 7 ++ src/Boot/Windows/BootEncryptedIo.cpp | 4 +- src/Boot/Windows/BootMain.cpp | 120 +++++++++++++++++++---------------- 6 files changed, 86 insertions(+), 59 deletions(-) (limited to 'src/Boot') diff --git a/src/Boot/Windows/BootCommon.h b/src/Boot/Windows/BootCommon.h index 4d820493..4d91981b 100644 --- a/src/Boot/Windows/BootCommon.h +++ b/src/Boot/Windows/BootCommon.h @@ -17,7 +17,7 @@ #include "BootDefs.h" // The user will be advised to upgrade the rescue disk if upgrading from the following or any previous version -#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0116 +#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0117 #define TC_BOOT_LOADER_AREA_SIZE (TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS) diff --git a/src/Boot/Windows/BootConfig.cpp b/src/Boot/Windows/BootConfig.cpp index 222fcfc4..63ebaf5e 100644 --- a/src/Boot/Windows/BootConfig.cpp +++ b/src/Boot/Windows/BootConfig.cpp @@ -32,7 +32,7 @@ Partition EncryptedVirtualPartition; Partition ActivePartition; Partition PartitionFollowingActive; bool ExtraBootPartitionPresent = false; -uint64 HiddenVolumeStartUnitNo; +uint64 PimValueOrHiddenVolumeStartUnitNo; // reuse this variable for stored PIM value to reduce memory usage uint64 HiddenVolumeStartSector; #ifndef TC_WINDOWS_BOOT_RESCUE_DISK_MODE @@ -68,6 +68,14 @@ void ReadBootSectorUserConfiguration () DisableScreenOutput(); } + if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) + { + PimValueOrHiddenVolumeStartUnitNo.LowPart = 0; + memcpy (&PimValueOrHiddenVolumeStartUnitNo.LowPart, SectorBuffer + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + } + else + PimValueOrHiddenVolumeStartUnitNo.LowPart = -1; + OuterVolumeBackupHeaderCrc = *(uint32 *) (SectorBuffer + TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET); ret: diff --git a/src/Boot/Windows/BootConfig.h b/src/Boot/Windows/BootConfig.h index d972a49f..0c5eee74 100644 --- a/src/Boot/Windows/BootConfig.h +++ b/src/Boot/Windows/BootConfig.h @@ -36,7 +36,7 @@ extern Partition EncryptedVirtualPartition; extern Partition ActivePartition; extern Partition PartitionFollowingActive; extern bool ExtraBootPartitionPresent; -extern uint64 HiddenVolumeStartUnitNo; +extern uint64 PimValueOrHiddenVolumeStartUnitNo; // reuse this variable for stored PIM value to reduce memory usage extern uint64 HiddenVolumeStartSector; diff --git a/src/Boot/Windows/BootDefs.h b/src/Boot/Windows/BootDefs.h index 6e425847..fc5cad62 100644 --- a/src/Boot/Windows/BootDefs.h +++ b/src/Boot/Windows/BootDefs.h @@ -74,6 +74,9 @@ #define TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE 4 #define TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET (TC__BOOT_SECTOR_USER_MESSAGE_OFFSET - TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE) +#define TC__BOOT_SECTOR_PIM_VALUE_SIZE 2 +#define TC__BOOT_SECTOR_PIM_VALUE_OFFSET (TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET - TC__BOOT_SECTOR_PIM_VALUE_SIZE) + #define TC__BOOT_LOADER_DECOMPRESSOR_START_SECTOR 2 #define TC__BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT 4 #define TC__BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE 32768 @@ -100,6 +103,7 @@ #define TC__BOOT_USER_CFG_FLAG_SILENT_MODE TC_HEX (01) #define TC__BOOT_USER_CFG_FLAG_DISABLE_ESC TC_HEX (02) #define TC__BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION TC_HEX (04) +#define TC__BOOT_USER_CFG_FLAG_DISABLE_PIM TC_HEX (08) // The following items are treated as a 2-bit value (apply TC_BOOT_CFG_MASK_HIDDEN_OS_CREATION_PHASE to obtain the value) #define TC__HIDDEN_OS_CREATION_PHASE_NONE 0 @@ -163,6 +167,8 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED #define TC_BOOT_SECTOR_USER_MESSAGE_OFFSET TC__BOOT_SECTOR_USER_MESSAGE_OFFSET #define TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE #define TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET +#define TC_BOOT_SECTOR_PIM_VALUE_SIZE TC__BOOT_SECTOR_PIM_VALUE_SIZE +#define TC_BOOT_SECTOR_PIM_VALUE_OFFSET TC__BOOT_SECTOR_PIM_VALUE_OFFSET #define TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH TC__BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH #define TC_BOOT_SECTOR_VERSION_OFFSET TC__BOOT_SECTOR_VERSION_OFFSET #define TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET TC__BOOT_SECTOR_LOADER_LENGTH_OFFSET @@ -186,6 +192,7 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED #define TC_BOOT_USER_CFG_FLAG_SILENT_MODE TC__BOOT_USER_CFG_FLAG_SILENT_MODE #define TC_BOOT_USER_CFG_FLAG_DISABLE_ESC TC__BOOT_USER_CFG_FLAG_DISABLE_ESC #define TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION TC__BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION +#define TC_BOOT_USER_CFG_FLAG_DISABLE_PIM TC__BOOT_USER_CFG_FLAG_DISABLE_PIM #define TC_HIDDEN_OS_CREATION_PHASE_NONE TC__HIDDEN_OS_CREATION_PHASE_NONE #define TC_HIDDEN_OS_CREATION_PHASE_CLONING TC__HIDDEN_OS_CREATION_PHASE_CLONING #define TC_HIDDEN_OS_CREATION_PHASE_WIPING TC__HIDDEN_OS_CREATION_PHASE_WIPING diff --git a/src/Boot/Windows/BootEncryptedIo.cpp b/src/Boot/Windows/BootEncryptedIo.cpp index cc44416d..d130534f 100644 --- a/src/Boot/Windows/BootEncryptedIo.cpp +++ b/src/Boot/Windows/BootEncryptedIo.cpp @@ -48,7 +48,7 @@ BiosResult ReadEncryptedSectors (uint16 destSegment, uint16 destOffset, byte dri { // Convert sector number to data unit number of the hidden volume sector -= HiddenVolumeStartSector; - sector += HiddenVolumeStartUnitNo; + sector += PimValueOrHiddenVolumeStartUnitNo; } if (drive == EncryptedVirtualPartition.Drive) @@ -96,7 +96,7 @@ BiosResult WriteEncryptedSectors (uint16 sourceSegment, uint16 sourceOffset, byt writeOffset = HiddenVolumeStartSector; writeOffset -= EncryptedVirtualPartition.StartSector; dataUnitNo -= EncryptedVirtualPartition.StartSector; - dataUnitNo += HiddenVolumeStartUnitNo; + dataUnitNo += PimValueOrHiddenVolumeStartUnitNo; } while (sectorCount-- > 0) diff --git a/src/Boot/Windows/BootMain.cpp b/src/Boot/Windows/BootMain.cpp index abab2038..275c5762 100644 --- a/src/Boot/Windows/BootMain.cpp +++ b/src/Boot/Windows/BootMain.cpp @@ -231,71 +231,83 @@ static byte AskPassword (Password &password, int& pim) PrintCharAtCursor (asciiCode); } - pos = 0; - Print ("PIM: "); - - while (true) +#ifndef TC_WINDOWS_BOOT_RESCUE_DISK_MODE + if (PimValueOrHiddenVolumeStartUnitNo.LowPart != -1) { - asciiCode = GetKeyboardChar (&scanCode); + pim = (int) PimValueOrHiddenVolumeStartUnitNo.LowPart; + // reset stored PIM value to allow requesting PIM next time in case the stored value is wrong + PimValueOrHiddenVolumeStartUnitNo.LowPart = -1; + return TC_BIOS_KEY_ENTER; + } + else +#endif + { + pos = 0; + Print ("PIM: "); - switch (scanCode) + while (true) { - case TC_BIOS_KEY_ENTER: - Print ("\rPIM: "); - pos =0; - while (pos < MAX_PIM) + asciiCode = GetKeyboardChar (&scanCode); + + switch (scanCode) { - PrintChar ('*'); - pos++; - } + case TC_BIOS_KEY_ENTER: + Print ("\rPIM: "); + pos =0; + while (pos < MAX_PIM) + { + PrintChar ('*'); + pos++; + } - ClearBiosKeystrokeBuffer(); - PrintEndl(); - - return TC_BIOS_KEY_ENTER; + ClearBiosKeystrokeBuffer(); + PrintEndl(); + + return TC_BIOS_KEY_ENTER; - case TC_BIOS_KEY_BACKSPACE: - if (pos > 0) - { - if (pos < MAX_PIM) - PrintBackspace(); - else - PrintCharAtCursor (' '); + case TC_BIOS_KEY_BACKSPACE: + if (pos > 0) + { + if (pos < MAX_PIM) + PrintBackspace(); + else + PrintCharAtCursor (' '); - --pos; - pim /= 10; - } - continue; + --pos; + pim /= 10; + } + continue; - case TC_BIOS_KEY_F5: - hidePassword ^= 0x01; - continue; + case TC_BIOS_KEY_F5: + hidePassword ^= 0x01; + continue; - default: - if (scanCode == TC_BIOS_KEY_ESC || IsMenuKey (scanCode)) - { - burn (password.Text, sizeof (password.Text)); - ClearBiosKeystrokeBuffer(); + default: + if (scanCode == TC_BIOS_KEY_ESC || IsMenuKey (scanCode)) + { + burn (password.Text, sizeof (password.Text)); + ClearBiosKeystrokeBuffer(); - PrintEndl(); - return scanCode; + PrintEndl(); + return scanCode; + } } - } - if (!IsDigit (asciiCode) || pos == MAX_PIM) - { - Beep(); - continue; - } + if (!IsDigit (asciiCode) || pos == MAX_PIM) + { + Beep(); + continue; + } - pim = 10*pim + (asciiCode - '0'); - pos++; - - if (hidePassword) asciiCode = '*'; - if (pos < MAX_PIM) - PrintChar (asciiCode); - else - PrintCharAtCursor (asciiCode); + pim = 10*pim + (asciiCode - '0'); + pos++; + + if (hidePassword) asciiCode = '*'; + if (pos < MAX_PIM) + PrintChar (asciiCode); + else + PrintCharAtCursor (asciiCode); + } } } @@ -468,7 +480,7 @@ static bool MountVolume (byte drive, byte &exitKey, bool skipNormal, bool skipHi EncryptedVirtualPartition.StartSector = BootCryptoInfo->EncryptedAreaStart >> TC_LB_SIZE_BIT_SHIFT_DIVISOR; - HiddenVolumeStartUnitNo = EncryptedVirtualPartition.StartSector; + PimValueOrHiddenVolumeStartUnitNo = EncryptedVirtualPartition.StartSector; HiddenVolumeStartSector = PartitionFollowingActive.StartSector; HiddenVolumeStartSector += EncryptedVirtualPartition.StartSector; @@ -749,7 +761,7 @@ static bool CopySystemPartitionToHiddenVolume (byte drive, byte &exitKey) { CopyMemory (TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, SectorBuffer, TC_LB_SIZE); - uint64 s = HiddenVolumeStartUnitNo + sectorOffset + i; + uint64 s = PimValueOrHiddenVolumeStartUnitNo + sectorOffset + i; EncryptDataUnits (SectorBuffer, &s, 1, BootCryptoInfo); CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, TC_LB_SIZE); -- cgit v1.2.3