nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-10 13:13:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Add extra checks for bootloader tampering.

Browse Source
This commit is contained in:
Mounir IDRASSI 2015-08-05 12:06:00 +02:00
parent a06c41c5c9
commit c2d0d5e344
2 changed files with 35 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Common/BootEncryption.cpp
View File

@ -1565,6 +1565,11 @@ namespace VeraCrypt
bRet = true;
}
}
catch (SystemException &e)
{
if (!bSilent && (GetLastError () != ERROR_INVALID_IMAGE_HASH))
e.Show (ParentWindow);
}
catch (Exception& e)
{
if (!bSilent)

37
src/Driver/DriveFilter.c
View File

@ -1764,17 +1764,40 @@ void GetBootLoaderFingerprint (PIRP irp, PIO_STACK_LOCATION irpSp)
{
if (ValidateIOBufferSize (irp, sizeof (BootLoaderFingerprintRequest), ValidateOutput))
{
if (BootArgsValid)
irp->IoStatus.Information = 0;
if (BootArgsValid && BootDriveFound && BootDriveFilterExtension && BootDriveFilterExtension->DriveMounted && BootDriveFilterExtension->HeaderCryptoInfo)
{
BootLoaderFingerprintRequest *bootLoaderFingerprint = (BootLoaderFingerprintRequest *) irp->AssociatedIrp.SystemBuffer;
memcpy (bootLoaderFingerprint->Fingerprint, BootLoaderFingerprint, sizeof (BootLoaderFingerprint));
irp->IoStatus.Information = sizeof (BootLoaderFingerprintRequest);
irp->IoStatus.Status = STATUS_SUCCESS;
BootLoaderFingerprintRequest *bootLoaderFingerprint = (BootLoaderFingerprintRequest *) irp->AssociatedIrp.SystemBuffer;
/* compute the fingerprint again and check if it is the same as the one retrieved during boot */
char *header = TCalloc (TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE);
if (!header)
{
irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
}
else
{
memcpy (bootLoaderFingerprint->Fingerprint, BootLoaderFingerprint, sizeof (BootLoaderFingerprint));
ComputeBootLoaderFingerprint (BootDriveFilterExtension->LowerDeviceObject, header);
burn (header, TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE);
TCfree (header);
if (0 == memcmp (bootLoaderFingerprint->Fingerprint, BootLoaderFingerprint, sizeof (BootLoaderFingerprint)))
{
irp->IoStatus.Information = sizeof (BootLoaderFingerprintRequest);
irp->IoStatus.Status = STATUS_SUCCESS;
}
else
{
/* fingerprint mismatch.*/
irp->IoStatus.Status = STATUS_INVALID_IMAGE_HASH;
}
}
}
else
{
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
irp->IoStatus.Information = 0;
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
}
}
}