Windows: Make EFI System Encryption PostOOBE code more robust to failure to access "\\\\?\\GLOBALROOT" disk namespace

2024-11-28 05:53:29 +01:00 · 2019-10-27 00:09:44 +02:00 · 2019-10-27 00:09:44 +02:00 · 89e2547851
commit 89e2547851
parent ca46cf928a
2 changed files with 105 additions and 93 deletions
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@ -2579,6 +2579,7 @@ namespace VeraCrypt
 		ZeroMemory (&sdn, sizeof (sdn));
 		ZeroMemory (&partInfo, sizeof (partInfo));
 		m_bMounted = false;
+		bDeviceInfoValid = false;
 		bBootVolumePathSelected = false;
 	}

@ -2611,7 +2612,7 @@ namespace VeraCrypt
 		bBootVolumePathSelected = true;
 	}

-	void EfiBoot::PrepareBootPartition() {
+	void EfiBoot::PrepareBootPartition(bool bDisableException) {
 		if (!bBootVolumePathSelected) {
 			SelectBootVolumeESP();
 		}
@ -2625,19 +2626,23 @@ namespace VeraCrypt
 		}
 		catch (...)
 		{
+			if (!bDisableException)
 				throw;
 		}
 		
-		bool bSuccess = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
+		if (dev.IsOpened())
+		{
+			bDeviceInfoValid = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
 								&& dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo));
 			DWORD dwLastError = GetLastError ();
 			dev.Close();
-		if (!bSuccess)
+			if (!bDeviceInfoValid && !bDisableException)
 			{
 				SetLastError (dwLastError);
 				throw SystemException(SRC_POS);
 			}		
 		}
+	}

 	bool EfiBoot::IsEfiBoot() {
 		DWORD BootOrderLen;
@ -2701,6 +2706,8 @@ namespace VeraCrypt
 			throw ErrorException(L"can not detect EFI environment", SRC_POS);
 		}
 		
+		if (bDeviceInfoValid)
+		{
 			uint32 varSize = 56;
 			varSize += ((uint32) description.length()) * 2 + 2;
 			varSize += ((uint32) execPath.length()) * 2 + 2;
@ -2792,6 +2799,7 @@ namespace VeraCrypt
 				SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);
 			delete [] startVar;
 			delete [] existingVar;
+		}

 		// Update order
 		wstring order = L"Order";
@ -2810,12 +2818,15 @@ namespace VeraCrypt

 		// Create new entry if absent
 		if (startOrderNumPos == UINT_MAX) {
+			if (bDeviceInfoValid)
+			{
 				for (uint32 i = startOrderLen / 2; i > 0; --i) {
 					startOrder[i] = startOrder[i - 1];
 				}
 				startOrder[0] = statrtOrderNum;
 				startOrderLen += 2;
 				startOrderUpdate = true;
+			}
 		} else if (startOrderNumPos > 0) {
 			for (uint32 i = startOrderNumPos; i > 0; --i) {
 				startOrder[i] = startOrder[i - 1];
@ -3318,7 +3329,7 @@ namespace VeraCrypt
 			if (!DcsInfoImg)
 				throw ErrorException(L"Out of resource DcsInfo", SRC_POS);

-			EfiBootInst.PrepareBootPartition();			
+			EfiBootInst.PrepareBootPartition(PostOOBEMode);			

 			try
 			{
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@ -201,7 +201,7 @@ namespace VeraCrypt
 	public:
 		EfiBoot();

-		void PrepareBootPartition();
+		void PrepareBootPartition(bool bDisableException = false);
 		bool IsEfiBoot();

 		void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
@ -222,13 +222,14 @@ namespace VeraCrypt
 		BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
 		BOOL DelDir(const wchar_t* name);
 		void SelectBootVolumeESP();
-		PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
+		PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { if (bDeviceInfoValid) return &sdn; else { SetLastError (ERROR_INVALID_DRIVE); throw SystemException(SRC_POS);}}

 	protected:
 		bool m_bMounted;
 		std::wstring	EfiBootPartPath;
 		STORAGE_DEVICE_NUMBER sdn;
 		PARTITION_INFORMATION_EX partInfo;
+		bool bDeviceInfoValid;
 		WCHAR     tempBuf[1024];
 		bool  bBootVolumePathSelected;
 		std::wstring BootVolumePath;