Windows EFI Bootloader: modifications to prepare EFI system encryption support (common files with DcsBoot)

src/Boot/Windows/BootCommon.h

@@ -78,5 +78,104 @@ typedef struct
 #define TC_SET_BOOT_ARGUMENTS_SIGNATURE(SG) do { SG[0]  = 'T';   SG[1]  = 'R';   SG[2]  = 'U';   SG[3]  = 'E';   SG[4]  = 0x11;   SG[5]  = 0x23;   SG[6]  = 0x45;   SG[7]  = 0x66; } while (FALSE)
 #define TC_IS_BOOT_ARGUMENTS_SIGNATURE(SG)      (SG[0] == 'T' && SG[1] == 'R' && SG[2] == 'U' && SG[3] == 'E' && SG[4] == 0x11 && SG[5] == 0x23 && SG[6] == 0x45 && SG[7] == 0x66)
 
+#if !defined(TC_WINDOWS_BOOT) 
+
+#define DCS_DISK_ENTRY_LIST_HEADER_ID      SIGNATURE_64 ('D','C','S','D','E','L','S','T')
+
+#define DE_IDX_CRYPTOHEADER  0
+#define DE_IDX_LIST          1
+#define DE_IDX_DISKID        2
+#define DE_IDX_MAINGPTHDR    3
+#define DE_IDX_MAINGPTENTRYS 4
+#define DE_IDX_ALTGPTHDR     5
+#define DE_IDX_ALTGPTENTRYS  6
+#define DE_IDX_EXECPARAMS    7
+#define DE_IDX_PWDCACHE      8
+#define DE_IDX_TOTAL         9
+
+enum DcsDiskEntryTypes {
+	DE_Unused = 0,
+	DE_Sectors,
+	DE_List,
+	DE_DISKID,
+	DE_ExecParams,
+	DE_PwdCache
+};
+
+#pragma pack(1)
+typedef struct _SECREGION_BOOT_PARAMS {
+	uint64               Ptr;
+	uint32               Size;
+	uint32               Crc;
+} SECREGION_BOOT_PARAMS;
+
+typedef struct _DCS_DISK_ENTRY_SECTORS {
+	uint32      Type;
+	uint32      Offset;
+	uint64      Reserved;
+	uint64      Start;
+	uint64      Length;
+} DCS_DISK_ENTRY_SECTORS;
+
+typedef struct {
+	uint32  Data1;
+	uint16  Data2;
+	uint16  Data3;
+	byte    Data4[8];
+} DCS_GUID;
+
+typedef struct _DCS_DISK_ENTRY_DISKID {
+	uint32      Type;
+	uint32      MbrID;
+	uint64      ReservedDiskId;
+	DCS_GUID    GptID;
+} DCS_DISK_ENTRY_DISKID;
+
+typedef struct _DCS_DISK_ENTRY_EXEC_PARAMS {
+	DCS_GUID     ExecPartGuid;
+	uint16       ExecCmd[248];
+} DCS_DISK_ENTRY_EXEC_PARAMS;
+static_assert(sizeof(DCS_DISK_ENTRY_EXEC_PARAMS) == 512, "Wrong size DCS_DISK_ENTRY_EXEC_PARAMS");
+
+#define DCS_DISK_ENTRY_PWD_CACHE_ID      SIGNATURE_64 ('P','W','D','C','A','C','H','E')
+typedef struct _DCS_DISK_ENTRY_PWD_CACHE {
+	uint64       Sign;
+	uint32       CRC;
+	uint32       Count;
+	Password     Pwd[4];
+	int32        Pim[4];
+	byte         pad[512 -8 - 4 - 4 - (sizeof(Password) + 4) * 4];
+} DCS_DISK_ENTRY_PWD_CACHE;
+static_assert(sizeof(DCS_DISK_ENTRY_PWD_CACHE) == 512, "Wrong size DCS_DISK_ENTRY_PWD_CACHE");
+
+#pragma warning(disable:4201)
+typedef struct _DCS_DISK_ENTRY {
+	union {
+		struct {
+			uint32      Type;
+			byte        Data[28];
+		};
+		DCS_DISK_ENTRY_SECTORS Sectors;
+		DCS_DISK_ENTRY_DISKID  DiskId;
+	};
+} DCS_DISK_ENTRY;
+#pragma warning(default:4201)
+
+typedef struct _DCS_DISK_ENTRY_LIST {
+	//	EFI_TABLE_HEADER
+	uint64  Signature;
+	uint32  Revision;
+	uint32  HeaderSize;	//< The size, in bytes, of the entire table including the EFI_TABLE_HEADER.
+	uint32  CRC32;       //< The 32-bit CRC for the entire table. This value is computed by setting this field to 0, and computing the 32-bit CRC for HeaderSize bytes.
+	uint32  Reserved; 	//< Reserved field that must be set to 0.
+								//
+	uint32  Count;
+	uint32  DataSize;
+	//
+	DCS_DISK_ENTRY  DE[31];
+} DCS_DISK_ENTRY_LIST;
+#pragma pack()
+
+#endif
 
 #endif // TC_HEADER_Boot_BootCommon

src/Boot/Windows/BootDefs.h

@@ -102,6 +102,7 @@
 #define TC__BOOT_USER_CFG_FLAG_DISABLE_ESC				TC_HEX (02)
 #define TC__BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION	TC_HEX (04)
 #define TC__BOOT_USER_CFG_FLAG_DISABLE_PIM				TC_HEX (08)
+#define TC__BOOT_USER_CFG_FLAG_STORE_HASH				TC_HEX (10)
 
 // The following items are treated as a 2-bit value (apply TC_BOOT_CFG_MASK_HIDDEN_OS_CREATION_PHASE to obtain the value)
 #define TC__HIDDEN_OS_CREATION_PHASE_NONE		0
@@ -191,6 +192,7 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED
 #define TC_BOOT_USER_CFG_FLAG_DISABLE_ESC TC__BOOT_USER_CFG_FLAG_DISABLE_ESC
 #define TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION TC__BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION
 #define TC_BOOT_USER_CFG_FLAG_DISABLE_PIM TC__BOOT_USER_CFG_FLAG_DISABLE_PIM
+#define TC_BOOT_USER_CFG_FLAG_STORE_HASH TC__BOOT_USER_CFG_FLAG_STORE_HASH
 #define TC_HIDDEN_OS_CREATION_PHASE_NONE TC__HIDDEN_OS_CREATION_PHASE_NONE
 #define TC_HIDDEN_OS_CREATION_PHASE_CLONING TC__HIDDEN_OS_CREATION_PHASE_CLONING
 #define TC_HIDDEN_OS_CREATION_PHASE_WIPING TC__HIDDEN_OS_CREATION_PHASE_WIPING
@@ -198,4 +200,11 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED
 
 #endif // TC_ASM_PREPROCESS
 
+#define EFI_BOOTARGS_REGIONS_LOW 0x90000, 0x88000, 0x80000
+#define EFI_BOOTARGS_REGIONS_HIGH \
+0x100000, 0x200000, 0x300000, 0x400000, 0x500000, 0x600000, 0x700000, 0x800000, \
+0x900000, 0xA00000, 0xB00000, 0xC00000, 0xD00000, 0xE00000, 0xF00000, 0x1000000
+
+#define EFI_BOOTARGS_REGIONS EFI_BOOTARGS_REGIONS_LOW, EFI_BOOTARGS_REGIONS_HIGH
+
 #endif // TC_HEADER_Boot_BootDefs

src/Common/Common.rc

@@ -532,6 +532,10 @@ IDR_RESCUE_LOADER_AES_SHA2 BIN                     "..\\Boot\\Windows\\Rescue_AE
 IDR_RESCUE_LOADER_SERPENT_SHA2 BIN                     "..\\Boot\\Windows\\Rescue_Serpent_SHA2\\BootLoader.com.gz"
 IDR_RESCUE_LOADER_TWOFISH_SHA2 BIN                     "..\\Boot\\Windows\\Rescue_Twofish_SHA2\\BootLoader.com.gz"
 IDR_RESCUE_LOADER_CAMELLIA_SHA2 BIN                     "..\\Boot\\Windows\\Rescue_Camellia_SHA2\\BootLoader.com.gz"
+IDR_EFI_DCSBOOT         BIN                     "..\\Boot\\EFI\\DcsBoot.efi"
+IDR_EFI_DCSINT          BIN                     "..\\Boot\\EFI\\DcsInt.efi"
+IDR_EFI_DCSCFG          BIN                     "..\\Boot\\EFI\\DcsCfg.efi"
+IDR_EFI_LEGACYSPEAKER   BIN                     "..\\Boot\\EFI\\LegacySpeaker.efi"
 
 /////////////////////////////////////////////////////////////////////////////
 //

src/Common/Crypto.c

@@ -16,10 +16,12 @@
 #include "Xts.h"
 #include "Crc.h"
 #include "Common/Endian.h"
+#if !defined(_UEFI)
 #include <string.h>
 #ifndef TC_WINDOWS_BOOT
 #include "EncryptionThreadPool.h"
 #endif
+#endif
 #include "Volumes.h"
 #include "cpu.h"
 
@@ -71,21 +73,21 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 
 #ifndef TC_WINDOWS_BOOT
 
-	{ { 0,						0 }, { 0, 0},				0 },	// Must be all-zero
-	{ { AES,					0 }, { XTS, 0 },			1 },
-	{ { SERPENT,				0 }, { XTS, 0 },			1 },
-	{ { TWOFISH,				0 }, { XTS, 0 },			1 },
-	{ { CAMELLIA,				0 }, { XTS, 0 },			1 },
+	{ { 0,							0 }, { 0, 0},		0 },	// Must be all-zero
+	{ { AES,							0 }, { XTS, 0 },	1 },
+	{ { SERPENT,					0 }, { XTS, 0 },	1 },
+	{ { TWOFISH,					0 }, { XTS, 0 },	1 },
+	{ { CAMELLIA,					0 }, { XTS, 0 },	1 },
 #if defined(CIPHER_GOST89)
-	{ { GOST89,					0 }, { XTS, 0 },	1 },
+	{ { GOST89,						0 }, { XTS, 0 },	1 },
 #endif  // defined(CIPHER_GOST89)
 	{ { KUZNYECHIK,				0 }, { XTS, 0 },	1 },
-	{ { TWOFISH, AES,			0 }, { XTS, 0 },	1 },
+	{ { TWOFISH, AES,				0 }, { XTS, 0 },	1 },
 	{ { SERPENT, TWOFISH, AES,	0 }, { XTS, 0 },	1 },
-	{ { AES, SERPENT,			0 }, { XTS, 0 },	1 },
+	{ { AES, SERPENT,				0 }, { XTS, 0 },	1 },
 	{ { AES, TWOFISH, SERPENT,	0 }, { XTS, 0 },	1 },
 	{ { SERPENT, TWOFISH,		0 }, { XTS, 0 },	1 },
-	{ { 0,						0 }, { 0, 0},				0 }		// Must be all-zero
+	{ { 0,							0 }, { 0,    0},	0 }		// Must be all-zero
 
 #else // TC_WINDOWS_BOOT
 
@@ -109,11 +111,11 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 #ifndef TC_WINDOWS_BOOT
 // Hash algorithms
 static Hash Hashes[] =
-{	// ID			Name			Deprecated		System Encryption
-	{ SHA512,		L"SHA-512",		FALSE,			FALSE },
-	{ WHIRLPOOL,	L"Whirlpool",	FALSE,			FALSE },
-	{ SHA256,		L"SHA-256",		FALSE,			TRUE },
-	{ RIPEMD160,	L"RIPEMD-160",	TRUE,			TRUE },
+{	// ID				Name					Deprecated	System Encryption
+	{ SHA512,		L"SHA-512",				FALSE,	FALSE },
+	{ WHIRLPOOL,	L"Whirlpool",			FALSE,	FALSE },
+	{ SHA256,		L"SHA-256",				FALSE,	TRUE },
+	{ RIPEMD160,	L"RIPEMD-160",			TRUE,		TRUE },
 	{ STREEBOG,		L"Streebog",	FALSE,	FALSE },
 	{ 0, 0, 0 }
 };
@@ -507,8 +509,12 @@ int EAGetByName (wchar_t *name)
 
 	do
 	{
-		EAGetName (n, ea, 1);
-		if (_wcsicmp (n, name) == 0)
+		EAGetName(n, ea, 1);
+#if defined(_UEFI)
+		if (wcscmp(n, name) == 0)
+#else
+		if (_wcsicmp(n, name) == 0)
+#endif
 			return ea;
 	}
 	while (ea = EAGetNext (ea));
@@ -777,7 +783,7 @@ PCRYPTO_INFO crypto_open ()
 
 	memset (cryptoInfo, 0, sizeof (CRYPTO_INFO));
 
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
 	VirtualLock (cryptoInfo, sizeof (CRYPTO_INFO));
 #endif
 
@@ -812,7 +818,7 @@ void crypto_close (PCRYPTO_INFO cryptoInfo)
 	if (cryptoInfo != NULL)
 	{
 		burn (cryptoInfo, sizeof (CRYPTO_INFO));
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
 		VirtualUnlock (cryptoInfo, sizeof (CRYPTO_INFO));
 #endif
 		TCfree (cryptoInfo);
@@ -876,7 +882,7 @@ void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
 // unitNo:		sequential number of the data unit with which the buffer starts
 // nbrUnits:	number of data units in the buffer
 void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci)
-#ifndef TC_WINDOWS_BOOT
+#if !defined(TC_WINDOWS_BOOT) && !defined(_UEFI)
 {
 	EncryptionThreadPoolDoWork (EncryptDataUnitsWork, buf, structUnitNo, nbrUnits, ci);
 }
@@ -957,7 +963,7 @@ void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
 // unitNo:		sequential number of the data unit with which the buffer starts
 // nbrUnits:	number of data units in the buffer
 void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci)
-#ifndef TC_WINDOWS_BOOT
+#if !defined(TC_WINDOWS_BOOT) && !defined(_UEFI)
 {
 	EncryptionThreadPoolDoWork (DecryptDataUnitsWork, buf, structUnitNo, nbrUnits, ci);
 }

src/Common/Crypto.h

@@ -279,7 +279,7 @@ typedef struct CRYPTO_INFO_t
 
 } CRYPTO_INFO, *PCRYPTO_INFO;
 
-#ifdef _WIN32
+#if defined(_WIN32) || defined(_UEFI)
 
 #pragma pack (push)
 #pragma pack(1)

src/Common/Endian.h

@@ -21,7 +21,7 @@ extern "C"
 {
 #endif
 
-#ifdef _WIN32
+#if defined(_WIN32) || defined(_UEFI)
 
 #	ifndef LITTLE_ENDIAN
 #		define LITTLE_ENDIAN 1234

src/Common/Password.h

@@ -36,14 +36,14 @@ typedef struct
 	char Pad[3]; // keep 64-bit alignment
 } Password;
 
-#if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
+#if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI)
 
 void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
 BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning);		
 BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);			
 int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg);
 
-#endif	// defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
+#endif	// defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI)
 
 #ifdef __cplusplus
 }

src/Common/Pkcs5.c

@@ -12,9 +12,10 @@
  code distribution packages. */
 
 #include "Tcdefs.h"
-
+#if !defined(_UEFI)
 #include <memory.h>
 #include <stdlib.h>
+#endif
 #include "Rmd160.h"
 #ifndef TC_WINDOWS_BOOT
 #include "Sha2.h"

src/Common/Resource.h

@@ -67,6 +67,10 @@
 #define IDR_BOOT_LOADER_CAMELLIA_SHA2    563
 #define IDR_RESCUE_BOOT_SECTOR_CAMELLIA_SHA2 564
 #define IDR_RESCUE_LOADER_CAMELLIA_SHA2  565
+#define IDR_EFI_DCSBOOT                 566
+#define IDR_EFI_DCSINT                  567
+#define IDR_EFI_DCSCFG                  568
+#define IDR_EFI_LEGACYSPEAKER           569
 #define IDC_HW_AES_LABEL_LINK           5000
 #define IDC_HW_AES                      5001
 #define IDC_PARALLELIZATION_LABEL_LINK  5002
@@ -214,7 +218,7 @@
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NO_MFC                     1
-#define _APS_NEXT_RESOURCE_VALUE        566
+#define _APS_NEXT_RESOURCE_VALUE        570
 #define _APS_NEXT_COMMAND_VALUE         40001
 #define _APS_NEXT_CONTROL_VALUE         5141
 #define _APS_NEXT_SYMED_VALUE           101

src/Common/Tcdefs.h

@@ -14,6 +14,44 @@
 #ifndef TCDEFS_H
 #define TCDEFS_H
 
+#if defined(_UEFI)
+#undef  _WIN32
+#undef  _WIN64
+#undef  _DEBUG
+
+#include <Uefi.h> 
+#include <Library/BaseLib.h> 
+#include <Library/BaseMemoryLib.h>
+
+void* VeraCryptMemAlloc(IN UINTN size);
+void VeraCryptMemFree(IN VOID* ptr);
+
+#define BOOL int
+#ifndef FALSE
+#define FALSE 0
+#define TRUE 1
+#endif
+
+#define max(a,b)	((a)>(b))?(a):(b)
+#define min(a,b)	((a)<(b))?(a):(b)
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+extern unsigned __int64 __cdecl _rotl64(unsigned __int64,int);
+extern unsigned __int64 __cdecl _rotr64(unsigned __int64,int);
+extern unsigned int __cdecl _rotl(unsigned int,int);
+extern unsigned int __cdecl _rotr(unsigned int,int);
+extern unsigned char _rotr8(unsigned char value, unsigned char shift);
+extern unsigned short _rotr16(unsigned short value, unsigned char shift);
+extern unsigned char _rotl8(unsigned char value, unsigned char shift);
+extern unsigned short _rotl16(unsigned short value, unsigned char shift);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif // defined(_UEFI)
+
 #define TC_APP_NAME						"VeraCrypt"
 
 // Version displayed to user 
@@ -55,6 +93,9 @@ typedef unsigned __int64 uint64;
 #define LL(x) x##ui64
 #endif
 
+#pragma warning( disable : 4201 )  // disable: 4201 nonstandard extension used : nameless struct/union
+#pragma warning( disable : 4324 )  // disable: 4324 structure was padded due to __declspec(align())
+
 #else // !_MSC_VER
 
 #include <inttypes.h>
@@ -123,6 +164,41 @@ typedef union
 #define __has_builtin(x) 0  // Compatibility with non-clang compilers
 #endif
 
+#if defined(_UEFI)
+typedef UINTN size_t;
+typedef uint64 uint_64t;
+typedef CHAR16 wchar_t;
+typedef int LONG;
+
+#define wcscpy StrCpy
+#define wcslen StrLen
+#define wcscmp StrCmp
+#define wcscat StrCat
+
+#define memcpy(dest,source,count)         CopyMem(dest,source,(UINTN)(count))
+#define memset(dest,ch,count)             SetMem(dest,(UINTN)(count),(UINT8)(ch))
+#define memchr(buf,ch,count)              ScanMem8(buf,(UINTN)(count),(UINT8)ch)
+#define memcmp(buf1,buf2,count)           (int)(CompareMem(buf1,buf2,(UINTN)(count)))
+
+#define MAX_STRING_SIZE  0x1000
+#define strcat(strDest,strSource)         AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
+#define strchr(str,ch)                    ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
+#define strcmp                            AsciiStrCmp
+#define strncmp(string1,string2,count)    (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
+#define strcpy(strDest,strSource)         AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
+#define strncpy(strDest,strSource,count)  AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
+#define strlen(str)                       (size_t)(AsciiStrnLenS(str,MAX_STRING_SIZE))
+#define strstr                            AsciiStrStr
+
+// #define rotr32(x,n)	(((x) >> n) | ((x) << (32 - n)))
+// #define rotl32(x,n)	(((x) << n) | ((x) >> (32 - n)))
+// #define rotr64(x,n)	(((x) >> n) | ((x) << (64 - n)))
+// #define rotl64(x,n)	(((x) << n) | ((x) >> (64 - n)))
+// #define bswap_32(x)	(rotl32((((x) & 0xFF00FF00) >> 8) | (((x) & 0x00FF00FF) << 8), 16U))
+// #define bswap_64(x)	rotl64(((((((x & LL(0xFF00FF00FF00FF00)) >> 8) | ((x & LL(0x00FF00FF00FF00FF)) << 8)) & LL(0xFFFF0000FFFF0000)) >> 16) | (((((x & LL(0xFF00FF00FF00FF00)) >> 8) | ((x & LL(0x00FF00FF00FF00FF)) << 8)) & LL(0x0000FFFF0000FFFF)) << 16)), 32U)
+
+#endif
+
 #ifdef TC_WINDOWS_BOOT
 
 #	ifdef  __cplusplus
@@ -133,6 +209,9 @@ void ThrowFatalException (int line);
 #	define TC_THROW_FATAL_EXCEPTION	ThrowFatalException (__LINE__)
 #elif defined (TC_WINDOWS_DRIVER)
 #	define TC_THROW_FATAL_EXCEPTION KeBugCheckEx (SECURITY_SYSTEM, __LINE__, 0, 0, 'VC')
+#elif defined(_UEFI)
+void ThrowFatalException(int line);
+#	define TC_THROW_FATAL_EXCEPTION	ThrowFatalException (__LINE__)
 #elif (defined(__clang__) && __has_builtin(__builtin_trap)) \
     || (defined(__GNUC__ ) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 3))) \
     || (__has_builtin(__builtin_trap))
@@ -170,9 +249,13 @@ typedef int BOOL;
 #endif
 
 #else				/* !TC_WINDOWS_DRIVER */
-
+#if !defined(_UEFI)
 #define TCalloc malloc
 #define TCfree free
+#else
+#define TCalloc VeraCryptMemAlloc
+#define TCfree VeraCryptMemFree
+#endif //!defined(_UEFI)
 
 #ifdef _WIN32
 
@@ -217,6 +300,8 @@ typedef int BOOL;
 #			define trace_msg Dump
 #		elif defined (_WIN32)
 #			define trace_msg(...) do { char msg[2048]; StringCbPrintfA (msg, sizeof (msg), __VA_ARGS__); OutputDebugString (msg); } while (0)
+#		else
+#			define trace_msg(...)
 #		endif
 #		define trace_point trace_msg (__FUNCTION__ ":" TC_TO_STRING(__LINE__) "\n")
 #	else
@@ -233,7 +318,7 @@ typedef int BOOL;
 #	define TC_WAIT_EVENT(EVENT) WaitForSingleObject (EVENT, INFINITE)
 #endif
 
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
 #define burn(mem,size) do { volatile char *burnm = (volatile char *)(mem); size_t burnc = size; RtlSecureZeroMemory (mem, size); while (burnc--) *burnm++ = 0; } while (0)
 #else
 #define burn(mem,size) do { volatile char *burnm = (volatile char *)(mem); int burnc = size; while (burnc--) *burnm++ = 0; } while (0)
@@ -251,7 +336,7 @@ typedef int BOOL;
 #		define max(a,b) (((a) > (b)) ? (a) : (b))
 #	endif
 
-#	ifdef  __cplusplus
+#	if defined(__cplusplus) && !defined(_UEFI)
 extern "C"
 #	endif
 void EraseMemory (void *memory, int size);

src/Common/Volumes.c

@@ -12,8 +12,8 @@
  code distribution packages. */
 
 #include "Tcdefs.h"
-
-#ifndef TC_WINDOWS_BOOT
+#if !defined(_UEFI)
+#if !defined(TC_WINDOWS_BOOT) 
 #include <fcntl.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -28,6 +28,7 @@
 #ifndef DEVICE_DRIVER
 #include "Random.h"
 #endif
+#endif // !defined(_UEFI)
 
 #include "Crc.h"
 #include "Crypto.h"
@@ -35,7 +36,7 @@
 #include "Volumes.h"
 #include "Pkcs5.h"
 
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
 #include <Strsafe.h>
 #include "../Boot/Windows/BootCommon.h"
 #endif
@@ -176,16 +177,17 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
 	uint16 headerVersion;
 	int status = ERR_PARAMETER_INCORRECT;
 	int primaryKeyOffset;
-
+	int pkcs5PrfCount = LAST_PRF_ID - FIRST_PRF_ID + 1;
+#if !defined(_UEFI)
 	TC_EVENT keyDerivationCompletedEvent;
 	TC_EVENT noOutstandingWorkItemEvent;
 	KeyDerivationWorkItem *keyDerivationWorkItems;
 	KeyDerivationWorkItem *item;
-	int pkcs5PrfCount = LAST_PRF_ID - FIRST_PRF_ID + 1;
 	size_t encryptionThreadCount = GetEncryptionThreadCount();
-	size_t queuedWorkItems = 0;
 	LONG outstandingWorkItemCount = 0;
 	int i;
+#endif
+	size_t queuedWorkItems = 0;
 
 	// if no PIM specified, use default value
 	if (pim < 0)
@@ -212,7 +214,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
 		if (cryptoInfo == NULL)
 			return ERR_OUTOFMEMORY;
 	}
-
+#if !defined(_UEFI)
 	/* use thread pool only if no PRF was specified */
 	if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
 	{
@@ -244,10 +246,11 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
 #endif
 	}
 
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) 
 	VirtualLock (&keyInfo, sizeof (keyInfo));
 	VirtualLock (&dk, sizeof (dk));
 #endif
+#endif //  !defined(_UEFI)
 
 	crypto_loadkey (&keyInfo, password->Text, (int) password->Length);
 
@@ -264,7 +267,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
 		// skip SHA-256 in case of TrueCrypt mode
 		if (truecryptMode && (enqPkcs5Prf == SHA256))
 			continue;
-
+#if !defined(_UEFI)
 		if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
 		{
 			// Enqueue key derivation on thread pool
@@ -319,6 +322,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
 KeyReady:	;
 		}
 		else
+#endif // !defined(_UEFI)
 		{
 			pkcs5_prf = enqPkcs5Prf;
 			keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot);
@@ -568,11 +572,12 @@ KeyReady:	;
 	burn (&keyInfo, sizeof (keyInfo));
 	burn (dk, sizeof(dk));
 
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
 	VirtualUnlock (&keyInfo, sizeof (keyInfo));
 	VirtualUnlock (&dk, sizeof (dk));
 #endif
 
+#if !defined(_UEFI)
 	if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
 	{
 		TC_WAIT_EVENT (noOutstandingWorkItemEvent);
@@ -580,16 +585,16 @@ KeyReady:	;
 		burn (keyDerivationWorkItems, sizeof (KeyDerivationWorkItem) * pkcs5PrfCount);
 		TCfree (keyDerivationWorkItems);
 
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) 
 		CloseHandle (keyDerivationCompletedEvent);
 		CloseHandle (noOutstandingWorkItemEvent);
 #endif
 	}
-
+#endif
 	return status;
 }
 
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
 void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderSize, byte* fingerprint)
 {
 	// compute Whirlpool+SHA512 fingerprint of bootloader including MBR
@@ -805,10 +810,17 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 #endif
 
 // Creates a volume header in memory
+#if defined(_UEFI)
+int CreateVolumeHeaderInMemory(BOOL bBoot, char *header, int ea, int mode, Password *password,
+	int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,
+	unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,
+	unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)
+#else
 int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, int mode, Password *password,
 		   int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,
 		   unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,
 		   unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)
+#endif // !defined(_UEFI)
 {
 	unsigned char *p = (unsigned char *) header;
 	static CRYPTOPP_ALIGN_DATA(16) KEY_INFO keyInfo;
@@ -828,9 +840,10 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 		pim = 0;
 
 	memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
-
+#if !defined(_UEFI)
 	VirtualLock (&keyInfo, sizeof (keyInfo));
 	VirtualLock (&dk, sizeof (dk));
+#endif // !defined(_UEFI)
 
 	/* Encryption setup */
 
@@ -847,7 +860,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 			bytesNeeded = EAGetKeySize (ea) * 2;	// Size of primary + secondary key(s)
 		}
 
+#if !defined(_UEFI)
 		if (!RandgetBytes (hwndDlg, keyInfo.master_keydata, bytesNeeded, TRUE))
+#else
+		if (!RandgetBytes(keyInfo.master_keydata, bytesNeeded, TRUE))
+#endif
 		{
 			crypto_close (cryptoInfo);
 			return ERR_CIPHER_INIT_WEAK_KEY;
@@ -885,7 +902,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 	cryptoInfo->mode = mode;
 
 	// Salt for header key derivation
-	if (!RandgetBytes (hwndDlg, keyInfo.salt, PKCS5_SALT_SIZE, !bWipeMode))
+#if !defined(_UEFI)
+	if (!RandgetBytes(hwndDlg, keyInfo.salt, PKCS5_SALT_SIZE, !bWipeMode))
+#else
+	if (!RandgetBytes(keyInfo.salt, PKCS5_SALT_SIZE, !bWipeMode))
+#endif
 	{
 		crypto_close (cryptoInfo);
 		return ERR_CIPHER_INIT_WEAK_KEY; 
@@ -930,7 +951,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 	else
 	{
 		// generate a random key
+#if !defined(_UEFI)
 		if (!RandgetBytes(hwndDlg, dk, GetMaxPkcs5OutSize(), !bWipeMode))
+#else
+		if (!RandgetBytes(dk, GetMaxPkcs5OutSize(), !bWipeMode))
+#endif
 		{
 			crypto_close (cryptoInfo);
 			return ERR_CIPHER_INIT_WEAK_KEY; 
@@ -1111,7 +1136,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 	return 0;
 }
 
-
+#if !defined(_UEFI)
 BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead)
 {
 #if TC_VOLUME_HEADER_EFFECTIVE_SIZE > TC_MAX_VOLUME_SECTOR_SIZE
@@ -1324,4 +1349,5 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO
 	return nStatus;
 }
 
+#endif // !defined(_UEFI)
 #endif // !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT)

src/Common/Volumes.h

@@ -130,16 +130,20 @@ extern BOOL ReadVolumeHeaderRecoveryMode;
 uint16 GetHeaderField16 (byte *header, int offset);
 uint32 GetHeaderField32 (byte *header, int offset);
 UINT64_STRUCT GetHeaderField64 (byte *header, int offset);
-#ifdef TC_WINDOWS_BOOT
+#if defined(TC_WINDOWS_BOOT)
 int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+#elif defined(_UEFI)
+int ReadVolumeHeader(BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+int CreateVolumeHeaderInMemory(BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
+BOOL RandgetBytes(unsigned char *buf, int len, BOOL forceSlowPoll);
 #else
 int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
 void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderSize, byte* fingerprint);
 #endif
 #endif
 
-#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT)
+#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) && !defined(_UEFI)
 int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
 BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead);
 BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header);

src/Common/Xml.c

@@ -9,9 +9,13 @@
  contained in the file License.txt included in VeraCrypt binary and source
  code distribution packages.
 */
-
+#if !defined(_UEFI)
 #include <windows.h>
 #include <stdio.h>
+#else
+#include "Tcdefs.h"
+#pragma warning( disable : 4706 )  //  assignment within conditional expression
+#endif
 #include "Xml.h"
 
 
@@ -59,7 +63,7 @@ char *XmlFindElement (char *xmlNode, char *nodeName)
 }
 
 
-char *XmlFindElementByAttributeValue (char *xml, char *nodeName, char *attrName, char *attrValue)
+char *XmlFindElementByAttributeValue (char *xml, char *nodeName, const char *attrName, const char *attrValue)
 {
 	char attr[2048];
 
@@ -76,7 +80,7 @@ char *XmlFindElementByAttributeValue (char *xml, char *nodeName, char *attrName,
 }
 
 
-char *XmlGetAttributeText (char *xmlNode, char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize)
+char *XmlGetAttributeText (char *xmlNode, const char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize)
 {
 	char *t = xmlNode;
 	char *e = xmlNode;
@@ -105,7 +109,7 @@ char *XmlGetAttributeText (char *xmlNode, char *xmlAttrName, char *xmlAttrValue,
 
 	if (t == NULL || t > e) return NULL;
 
-	t = strchr (t, '"') + 1;
+	t = ((char*)strchr (t, '"')) + 1;
 	e = strchr (t, '"');
 	l = (int)(e - t);
 	if (e == NULL || l > xmlAttrValueSize) return NULL;
@@ -128,7 +132,7 @@ char *XmlGetNodeText (char *xmlNode, char *xmlText, int xmlTextSize)
 	if (t[0] != '<')
 		return NULL;
 
-	t = strchr (t, '>');
+	t = (char*) strchr (t, '>');
 	if (t == NULL) return NULL;
 
 	t++;
@@ -256,7 +260,8 @@ wchar_t *XmlQuoteTextW (const wchar_t *textSrc, wchar_t *textDst, int textDstMax
 	return textDst;
 }
 
-
+#if !defined(_UEFI)
+#pragma warning( default : 4706 )
 int XmlWriteHeader (FILE *file)
 {
 	return fputws (L"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<VeraCrypt>", file);
@@ -267,3 +272,4 @@ int XmlWriteFooter (FILE *file)
 {
 	return fputws (L"\n</VeraCrypt>", file);
 }
+#endif !defined(_UEFI)

src/Common/Xml.h

@@ -16,14 +16,17 @@ extern "C" {
 
 char *XmlNextNode (char *xmlNode);
 char *XmlFindElement (char *xmlNode, char *nodeName);
-char *XmlGetAttributeText (char *xmlNode, char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize);
+char *XmlGetAttributeText (char *xmlNode, const char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize);
 char *XmlGetNodeText (char *xmlNode, char *xmlText, int xmlTextSize);
-int XmlWriteHeader (FILE *file);
-int XmlWriteFooter (FILE *file);
-char *XmlFindElementByAttributeValue (char *xml, char *nodeName, char *attrName, char *attrValue);
+char *XmlFindElementByAttributeValue (char *xml, char *nodeName, const char *attrName, const char *attrValue);
 char *XmlQuoteText (const char *textSrc, char *textDst, int textDstMaxSize);
 wchar_t *XmlQuoteTextW (const wchar_t *textSrc, wchar_t *textDst, int textDstMaxSize);
 
+#if !defined(_UEFI)
+int XmlWriteHeader (FILE *file);
+int XmlWriteFooter (FILE *file);
+#endif !defined(_UEFI)
+
 #ifdef __cplusplus
 }
 #endif

src/Crypto/Rmd160.c

@@ -9,8 +9,10 @@
 
 /* Adapted for TrueCrypt */
 /* Adapted for VeraCrypt */
-
+#if !defined(_UEFI)
 #include <memory.h>
+#endif !defined(_UEFI)
+
 #include "Common/Tcdefs.h"
 #include "Common/Endian.h"
 #include "Rmd160.h"

src/Crypto/Serpent.c

@@ -19,7 +19,9 @@
 #include "Crypto/misc.h"
 #endif
 
+#if !defined(_UEFI)
 #include <memory.h>
+#endif !defined(_UEFI)
 
 // linear transformation
 #define LT(i,a,b,c,d,e)	{\

src/Crypto/Sha2.c

@@ -69,7 +69,9 @@
 */
 
 #include "Common/Endian.h"
+#include "Common/Tcdefs.h"
 #include "Crypto/misc.h"
+
 #define PLATFORM_BYTE_ORDER BYTE_ORDER
 #define IS_LITTLE_ENDIAN LITTLE_ENDIAN
 
@@ -77,7 +79,9 @@
 #define UNROLL_SHA2     /* for SHA2 loop unroll     */
 #endif
 
+#if !defined(_UEFI)
 #include <string.h>     /* for memcpy() etc.        */
+#endif !defined(_UEFI)
 
 #include "Sha2.h"
 
@@ -86,7 +90,7 @@ extern "C"
 {
 #endif
 
-#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
+#if defined( _MSC_VER ) && ( _MSC_VER > 800 ) && !defined(_UEFI)
 #pragma intrinsic(memcpy)
 #endif
 

src/Crypto/Whirlpool.c

@@ -68,14 +68,16 @@
  *
  */
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
+#include "Common/Tcdefs.h"
 #include "Common/Endian.h"
-#include "cpu.h"
-#include "misc.h"
+#if !defined(_UEFI)
+#include <memory.h>
+#include <stdlib.h>
+#endif
 
+#include "cpu.h"
+
+#include "misc.h"
 #include "Whirlpool.h"
 
 /*

src/Crypto/cpu.c

@@ -60,8 +60,10 @@ static void SigIllHandlerSSE2(int p)
 int CpuId(uint32 input, uint32 output[4])
 {
 #ifdef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
+#ifndef _UEFI
     __try
 	{
+#endif
 		__asm
 		{
 			mov eax, input
@@ -73,11 +75,13 @@ int CpuId(uint32 input, uint32 output[4])
 			mov [edi+8], ecx
 			mov [edi+12], edx
 		}
-	}
-    __except (EXCEPTION_EXECUTE_HANDLER)
+#ifndef _UEFI
+	 }
+	 __except (EXCEPTION_EXECUTE_HANDLER)
 	{
 		return 0;
     }
+#endif
 
 	// function 0 returns the highest basic function understood in EAX
 	if(input == 0)
@@ -123,7 +127,7 @@ static int TrySSE2()
 {
 #if CRYPTOPP_BOOL_X64
 	return 1;
-#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
+#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) && !defined(_UEFI)
 	volatile int result = 1;
 #if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
 	KFLOATING_SAVE floatingPointState;
@@ -150,7 +154,7 @@ static int TrySSE2()
 		return 0;
 #endif
 	return result;
-#else
+#elif !defined(_UEFI)
 	// longjmp and clobber warnings. Volatile is required.
 	// http://github.com/weidai11/cryptopp/issues/24
 	// http://stackoverflow.com/q/7721854
@@ -174,6 +178,8 @@ static int TrySSE2()
 
 	signal(SIGILL, oldHandler);
 	return result;
+#else
+	return 1;
 #endif
 }
 
@@ -198,7 +204,7 @@ VC_INLINE int IsAMD(const uint32 output[4])
     (output[3] /*EDX*/ == 0x444D4163);
 }
 
-#if (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
+#if !defined (_UEFI) && ((defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE)
 
 static int TryAESNI ()
 {
@@ -289,7 +295,7 @@ void DetectX86Features()
 	g_hasAESNI = g_hasSSE2 && (cpuid1[2] & (1<<25));
 	g_hasCLMUL = g_hasSSE2 && (cpuid1[2] & (1<<1));
 
-#if (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
+#if !defined (_UEFI) && ((defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE)
 	// Hypervisor = bit 31 of ECX of CPUID leaf 0x1
 	// reference: http://artemonsecurity.com/vmde.pdf
 	if (!g_hasAESNI && (cpuid1[2] & (1<<31)))
@@ -337,7 +343,7 @@ int is_aes_hw_cpu_supported ()
 	{
 		if (cpuid[2] & (1<<25))
 			bHasAESNI = 1;
-#if (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
+#if !defined (_UEFI) && ((defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE)
 		// Hypervisor = bit 31 of ECX of CPUID leaf 0x1
 		// reference: http://artemonsecurity.com/vmde.pdf
 		if (!bHasAESNI && (cpuid[2] & (1<<31)))

src/Crypto/cpu.h

@@ -13,7 +13,7 @@
 #else
 
 #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
-#if defined(TC_WINDOWS_DRIVER)
+#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
 #if defined(__cplusplus)
 extern "C" {
 #endif
@@ -82,7 +82,7 @@ extern __m128i _mm_setr_epi32(int _I0, int _I1, int _I2, int _I3);
 
 #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
 #if defined(__SSSE3__) || defined(__INTEL_COMPILER)
-#if defined(TC_WINDOWS_DRIVER)
+#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
 #if defined(__cplusplus)
 extern "C" {
 #endif
@@ -96,7 +96,7 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
 #endif
 
 #if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)
-#if defined(TC_WINDOWS_DRIVER)
+#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
 #if defined(__cplusplus)
 extern "C" {
 #endif
@@ -114,7 +114,7 @@ extern __m128i _mm_insert_epi64(__m128i dst, __int64 s, const int ndx);
 #endif
 
 #if (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
-#if defined(TC_WINDOWS_DRIVER)
+#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
 #if defined(__cplusplus)
 extern "C" {
 #endif

src/Crypto/misc.h

@@ -2,15 +2,19 @@
 #define CRYPTOPP_MISC_H
 
 #include "config.h"
+#if !defined(_UEFI)
 #include <string.h>		// for memcpy and memmove
 #ifndef _WIN32
 #include <strings.h> // for strcasecmp
 #define _stricmp strcasecmp
 #endif
+#else
+#include "Tcdefs.h"
+#endif // !defined(_UEFI)
 
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && !defined(_UEFI)
 	#if _MSC_VER >= 1400
-		#ifndef TC_WINDOWS_DRIVER
+		#if !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI)
 			// VC2005 workaround: disable declarations that conflict with winnt.h
 			#define _interlockedbittestandset CRYPTOPP_DISABLED_INTRINSIC_1
 			#define _interlockedbittestandreset CRYPTOPP_DISABLED_INTRINSIC_2
@@ -23,7 +27,7 @@
 			#undef _interlockedbittestandreset64
 		#endif
 		#define CRYPTOPP_FAST_ROTATE(x) 1
-	#elif _MSC_VER >= 1300
+	#elif !defined(_UEFI) &&  _MSC_VER >= 1300
 		#define CRYPTOPP_FAST_ROTATE(x) ((x) == 32 | (x) == 64)
 	#else
 		#define CRYPTOPP_FAST_ROTATE(x) ((x) == 32)
@@ -37,7 +41,7 @@
 	#define CRYPTOPP_FAST_ROTATE(x) 0
 #endif
 
-#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
+#if defined( _MSC_VER ) && ( _MSC_VER > 800 ) && !defined(_UEFI)
 #pragma intrinsic(memcpy,memset)
 #endif
 
@@ -80,7 +84,7 @@
 #if defined(__GNUC__) && defined(__linux__)
 #define CRYPTOPP_BYTESWAP_AVAILABLE
 #include <byteswap.h>
-#elif defined(_MSC_VER) && _MSC_VER >= 1300
+#elif defined(_MSC_VER) && _MSC_VER >= 1300 && !defined(_UEFI)
 #define CRYPTOPP_BYTESWAP_AVAILABLE
 #define bswap_32(x)	_byteswap_ulong(x)
 #define bswap_64(x)	_byteswap_uint64(x)

src/Driver/DriveFilter.c

@@ -33,7 +33,7 @@ static BOOL DeviceFilterActive = FALSE;
 
 BOOL BootArgsValid = FALSE;
 BootArguments BootArgs;
-static uint16 BootLoaderSegment;
+static uint64 BootLoaderArgsPtr;
 static BOOL BootDriveSignatureValid = FALSE;
 
 static KMUTEX MountMutex;
@@ -69,21 +69,22 @@ static int64 DecoySystemWipedAreaEnd;
 PKTHREAD DecoySystemWipeThread = NULL;
 static NTSTATUS DecoySystemWipeResult;
 
+uint64 BootArgsRegions[] = { EFI_BOOTARGS_REGIONS };
 
 NTSTATUS LoadBootArguments ()
 {
 	NTSTATUS status = STATUS_UNSUCCESSFUL;
 	PHYSICAL_ADDRESS bootArgsAddr;
 	byte *mappedBootArgs;
-	uint16 bootLoaderSegment;
+	uint16 bootLoaderArgsIndex;
 
 	KeInitializeMutex (&MountMutex, 0);
 
-	for (bootLoaderSegment = TC_BOOT_LOADER_SEGMENT;
-		bootLoaderSegment >= TC_BOOT_LOADER_SEGMENT - 64 * 1024 / 16 && status != STATUS_SUCCESS;
-		bootLoaderSegment -= 32 * 1024 / 16)
+	for (bootLoaderArgsIndex = 0;
+		bootLoaderArgsIndex < sizeof(BootArgsRegions)/ sizeof(BootArgsRegions[1]) && status != STATUS_SUCCESS;
+		++bootLoaderArgsIndex)
 	{
-		bootArgsAddr.QuadPart = (bootLoaderSegment << 4) + TC_BOOT_LOADER_ARGS_OFFSET;
+		bootArgsAddr.QuadPart = BootArgsRegions[bootLoaderArgsIndex] + TC_BOOT_LOADER_ARGS_OFFSET;
 		Dump ("Checking BootArguments at 0x%x\n", bootArgsAddr.LowPart);
 
 		mappedBootArgs = MmMapIoSpace (bootArgsAddr, sizeof (BootArguments), MmCached);
@@ -107,7 +108,7 @@ NTSTATUS LoadBootArguments ()
 			// Sanity check: for valid boot argument, the password is less than 64 bytes long
 			if (bootArguments->BootPassword.Length <= MAX_PASSWORD)
 			{
-				BootLoaderSegment = bootLoaderSegment;
+				BootLoaderArgsPtr = BootArgsRegions[bootLoaderArgsIndex];
 
 				BootArgs = *bootArguments;
 				BootArgsValid = TRUE;
@@ -322,6 +323,8 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
 	char *header;
 	int pkcs5_prf = 0, pim = 0;
 	byte *mappedCryptoInfo = NULL;
+	PARTITION_INFORMATION_EX pi;
+	BOOL bIsGPT = FALSE;
 
 	Dump ("MountDrive pdo=%p\n", Extension->Pdo);
 	ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
@@ -372,11 +375,16 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
 		goto ret;
 	}
 
+	if (NT_SUCCESS(SendDeviceIoControlRequest (Extension->LowerDeviceObject, IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &pi, sizeof (pi))))
+	{
+		bIsGPT = (pi.PartitionStyle == PARTITION_STYLE_GPT)? TRUE : FALSE;
+	}
+
 	if (BootArgs.CryptoInfoLength > 0)
 	{
 		PHYSICAL_ADDRESS cryptoInfoAddress;		
 		
-		cryptoInfoAddress.QuadPart = (BootLoaderSegment << 4) + BootArgs.CryptoInfoOffset;
+		cryptoInfoAddress.QuadPart = BootLoaderArgsPtr + BootArgs.CryptoInfoOffset;
 #ifdef DEBUG
 		Dump ("Wiping memory %x %d\n", cryptoInfoAddress.LowPart, BootArgs.CryptoInfoLength);
 #endif
@@ -386,7 +394,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
 			/* Get the parameters used for booting to speed up driver startup and avoid testing irrelevant PRFs */
 			BOOT_CRYPTO_HEADER* pBootCryptoInfo = (BOOT_CRYPTO_HEADER*) mappedCryptoInfo;
 			Hash* pHash = HashGet(pBootCryptoInfo->pkcs5);
-			if (pHash && pHash->SystemEncryption)
+			if (pHash && (bIsGPT || pHash->SystemEncryption))
 				pkcs5_prf = pBootCryptoInfo->pkcs5;
 		}
 	}