From 4f0d1c02bdf4adf56caf48de967c41d2d4d9ff2d Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Mon, 23 Apr 2018 12:56:02 +0200
Subject: Windows: Don't start EFI system encryption process if SecureBoot is
 enabled and VeraCrypt-DCS custom keys were not loaded in the machine
 firmware.

---
 src/Common/BaseCom.cpp | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'src/Common/BaseCom.cpp')

diff --git a/src/Common/BaseCom.cpp b/src/Common/BaseCom.cpp
index 738e44cf..7a74e293 100644
--- a/src/Common/BaseCom.cpp
+++ b/src/Common/BaseCom.cpp
@@ -336,6 +336,10 @@ DWORD BaseCom::BackupEfiSystemLoader ()
 	{
 		return GetLastError();
 	}
+	catch (UserAbort&)
+	{
+		return ERROR_CANCELLED;
+	}
 	catch (Exception &e)
 	{
 		e.Show (NULL);
@@ -400,6 +404,33 @@ DWORD BaseCom::GetEfiBootDeviceNumber (BSTR* pSdn)
 	return ERROR_SUCCESS;
 }
 
+DWORD BaseCom::GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded)
+{
+	if (!pSecureBootEnabled || !pVeraCryptKeysLoaded)
+		return ERROR_INVALID_PARAMETER;
+
+	try
+	{
+		BootEncryption bootEnc (NULL);
+		bootEnc.GetSecureBootConfig (pSecureBootEnabled, pVeraCryptKeysLoaded);
+	}
+	catch (SystemException &)
+	{
+		return GetLastError();
+	}
+	catch (Exception &e)
+	{
+		e.Show (NULL);
+		return ERROR_EXCEPTION_IN_SERVICE;
+	}
+	catch (...)
+	{
+		return ERROR_EXCEPTION_IN_SERVICE;
+	}
+
+	return ERROR_SUCCESS;
+}
+
 DWORD BaseCom::WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
 {
 	if (!customUserMessage)
-- 
cgit v1.2.3