nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-12-03 00:13:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Make EFI System Encryption PostOOBE code more robust to failure to access "\\\\?\\GLOBALROOT" disk namespace

Browse Source
This commit is contained in:
Mounir IDRASSI 2019-10-27 00:09:44 +02:00
parent ca46cf928a
commit 89e2547851
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
2 changed files with 105 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Common/BootEncryption.cpp
View File

@ -2579,6 +2579,7 @@ namespace VeraCrypt
ZeroMemory (&sdn, sizeof (sdn)); ZeroMemory (&sdn, sizeof (sdn));
ZeroMemory (&partInfo, sizeof (partInfo)); ZeroMemory (&partInfo, sizeof (partInfo));
m_bMounted = false; m_bMounted = false;
bDeviceInfoValid = false;
bBootVolumePathSelected = false; bBootVolumePathSelected = false;
} }
@ -2611,7 +2612,7 @@ namespace VeraCrypt
bBootVolumePathSelected = true; bBootVolumePathSelected = true;
} }
void EfiBoot::PrepareBootPartition() { void EfiBoot::PrepareBootPartition(bool bDisableException) {
if (!bBootVolumePathSelected) { if (!bBootVolumePathSelected) {
SelectBootVolumeESP(); SelectBootVolumeESP();
} }
@ -2625,19 +2626,23 @@ namespace VeraCrypt
} }
catch (...) catch (...)
{ {
if (!bDisableException)
throw; throw;
} }
bool bSuccess = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn)) if (dev.IsOpened())
{
bDeviceInfoValid = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
&& dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo)); && dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo));
DWORD dwLastError = GetLastError (); DWORD dwLastError = GetLastError ();
dev.Close(); dev.Close();
if (!bSuccess) if (!bDeviceInfoValid && !bDisableException)
{ {
SetLastError (dwLastError); SetLastError (dwLastError);
throw SystemException(SRC_POS); throw SystemException(SRC_POS);
} }
} }
}
bool EfiBoot::IsEfiBoot() { bool EfiBoot::IsEfiBoot() {
DWORD BootOrderLen; DWORD BootOrderLen;
@ -2701,6 +2706,8 @@ namespace VeraCrypt
throw ErrorException(L"can not detect EFI environment", SRC_POS); throw ErrorException(L"can not detect EFI environment", SRC_POS);
} }
if (bDeviceInfoValid)
{
uint32 varSize = 56; uint32 varSize = 56;
varSize += ((uint32) description.length()) * 2 + 2; varSize += ((uint32) description.length()) * 2 + 2;
varSize += ((uint32) execPath.length()) * 2 + 2; varSize += ((uint32) execPath.length()) * 2 + 2;
@ -2792,6 +2799,7 @@ namespace VeraCrypt
SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize); SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);
delete [] startVar; delete [] startVar;
delete [] existingVar; delete [] existingVar;
}
// Update order // Update order
wstring order = L"Order"; wstring order = L"Order";
@ -2810,12 +2818,15 @@ namespace VeraCrypt
// Create new entry if absent // Create new entry if absent
if (startOrderNumPos == UINT_MAX) { if (startOrderNumPos == UINT_MAX) {
if (bDeviceInfoValid)
{
for (uint32 i = startOrderLen / 2; i > 0; --i) { for (uint32 i = startOrderLen / 2; i > 0; --i) {
startOrder[i] = startOrder[i - 1]; startOrder[i] = startOrder[i - 1];
} }
startOrder[0] = statrtOrderNum; startOrder[0] = statrtOrderNum;
startOrderLen += 2; startOrderLen += 2;
startOrderUpdate = true; startOrderUpdate = true;
}
} else if (startOrderNumPos > 0) { } else if (startOrderNumPos > 0) {
for (uint32 i = startOrderNumPos; i > 0; --i) { for (uint32 i = startOrderNumPos; i > 0; --i) {
startOrder[i] = startOrder[i - 1]; startOrder[i] = startOrder[i - 1];
@ -3318,7 +3329,7 @@ namespace VeraCrypt
if (!DcsInfoImg) if (!DcsInfoImg)
throw ErrorException(L"Out of resource DcsInfo", SRC_POS); throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
EfiBootInst.PrepareBootPartition(); EfiBootInst.PrepareBootPartition(PostOOBEMode);
try try
{ {

5
src/Common/BootEncryption.h
View File

@ -201,7 +201,7 @@ namespace VeraCrypt
public: public:
EfiBoot(); EfiBoot();
void PrepareBootPartition(); void PrepareBootPartition(bool bDisableException = false);
bool IsEfiBoot(); bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL); void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
@ -222,13 +222,14 @@ namespace VeraCrypt
BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg); BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
BOOL DelDir(const wchar_t* name); BOOL DelDir(const wchar_t* name);
void SelectBootVolumeESP(); void SelectBootVolumeESP();
PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;} PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { if (bDeviceInfoValid) return &sdn; else { SetLastError (ERROR_INVALID_DRIVE); throw SystemException(SRC_POS);}}
protected: protected:
bool m_bMounted; bool m_bMounted;
std::wstring EfiBootPartPath; std::wstring EfiBootPartPath;
STORAGE_DEVICE_NUMBER sdn; STORAGE_DEVICE_NUMBER sdn;
PARTITION_INFORMATION_EX partInfo; PARTITION_INFORMATION_EX partInfo;
bool bDeviceInfoValid;
WCHAR tempBuf[1024]; WCHAR tempBuf[1024];
bool bBootVolumePathSelected; bool bBootVolumePathSelected;
std::wstring BootVolumePath; std::wstring BootVolumePath;