mirror of
https://github.com/veracrypt/VeraCrypt
synced 2024-11-14 15:13:31 +01:00
Windows: add define to support case of using EFI bootloader signed by Microsoft (no check on custom keys in BIOS + removal of DcsBml EFI driver since it can not be signed).
This commit is contained in:
parent
5455c89a50
commit
deef2031c7
@ -3064,6 +3064,7 @@ namespace VeraCrypt
|
|||||||
#endif
|
#endif
|
||||||
if (!LegacySpeakerImg)
|
if (!LegacySpeakerImg)
|
||||||
throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS);
|
throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS);
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
DWORD sizeBootMenuLocker;
|
DWORD sizeBootMenuLocker;
|
||||||
#ifdef _WIN64
|
#ifdef _WIN64
|
||||||
byte *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
|
byte *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
|
||||||
@ -3072,6 +3073,7 @@ namespace VeraCrypt
|
|||||||
#endif
|
#endif
|
||||||
if (!BootMenuLockerImg)
|
if (!BootMenuLockerImg)
|
||||||
throw ErrorException(L"Out of resource DcsBml", SRC_POS);
|
throw ErrorException(L"Out of resource DcsBml", SRC_POS);
|
||||||
|
#endif
|
||||||
DWORD sizeDcsInfo;
|
DWORD sizeDcsInfo;
|
||||||
#ifdef _WIN64
|
#ifdef _WIN64
|
||||||
byte *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);
|
byte *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);
|
||||||
@ -3180,7 +3182,9 @@ namespace VeraCrypt
|
|||||||
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsInt.dcs", dcsIntImg, sizeDcsInt);
|
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsInt.dcs", dcsIntImg, sizeDcsInt);
|
||||||
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsCfg.dcs", dcsCfgImg, sizeDcsCfg);
|
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsCfg.dcs", dcsCfgImg, sizeDcsCfg);
|
||||||
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs", LegacySpeakerImg, sizeLegacySpeaker);
|
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs", LegacySpeakerImg, sizeLegacySpeaker);
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker);
|
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker);
|
||||||
|
#endif
|
||||||
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsInfo.dcs", DcsInfoImg, sizeDcsInfo);
|
EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsInfo.dcs", DcsInfoImg, sizeDcsInfo);
|
||||||
if (!preserveUserConfig)
|
if (!preserveUserConfig)
|
||||||
EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\PlatformInfo");
|
EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\PlatformInfo");
|
||||||
@ -3208,6 +3212,10 @@ namespace VeraCrypt
|
|||||||
EfiBootInst.DelFile(L"\\LegacySpeaker.efi");
|
EfiBootInst.DelFile(L"\\LegacySpeaker.efi");
|
||||||
EfiBootInst.DelFile(L"\\DcsBoot");
|
EfiBootInst.DelFile(L"\\DcsBoot");
|
||||||
EfiBootInst.DelFile(L"\\DcsProp");
|
EfiBootInst.DelFile(L"\\DcsProp");
|
||||||
|
#ifndef VC_EFI_CUSTOM_MODE
|
||||||
|
// remove DcsBml if it exists since we don't use it in non-custom SecureBoot mode
|
||||||
|
EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsBml.dcs");
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
catch (...)
|
catch (...)
|
||||||
{
|
{
|
||||||
@ -3388,6 +3396,7 @@ namespace VeraCrypt
|
|||||||
#endif
|
#endif
|
||||||
if (!LegacySpeakerImg)
|
if (!LegacySpeakerImg)
|
||||||
throw ParameterIncorrect (SRC_POS);
|
throw ParameterIncorrect (SRC_POS);
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
DWORD sizeBootMenuLocker;
|
DWORD sizeBootMenuLocker;
|
||||||
#ifdef _WIN64
|
#ifdef _WIN64
|
||||||
byte *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
|
byte *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
|
||||||
@ -3396,6 +3405,7 @@ namespace VeraCrypt
|
|||||||
#endif
|
#endif
|
||||||
if (!BootMenuLockerImg)
|
if (!BootMenuLockerImg)
|
||||||
throw ParameterIncorrect (SRC_POS);
|
throw ParameterIncorrect (SRC_POS);
|
||||||
|
#endif
|
||||||
DWORD sizeDcsRescue;
|
DWORD sizeDcsRescue;
|
||||||
#ifdef _WIN64
|
#ifdef _WIN64
|
||||||
byte *DcsRescueImg = MapResource(L"BIN", IDR_EFI_DCSRE, &sizeDcsRescue);
|
byte *DcsRescueImg = MapResource(L"BIN", IDR_EFI_DCSRE, &sizeDcsRescue);
|
||||||
@ -3430,8 +3440,10 @@ namespace VeraCrypt
|
|||||||
|
|
||||||
if (!ZipAdd (z, Is64BitOs()? "EFI/Boot/bootx64.efi": "EFI/Boot/bootia32.efi", DcsRescueImg, sizeDcsRescue))
|
if (!ZipAdd (z, Is64BitOs()? "EFI/Boot/bootx64.efi": "EFI/Boot/bootia32.efi", DcsRescueImg, sizeDcsRescue))
|
||||||
throw ParameterIncorrect (SRC_POS);
|
throw ParameterIncorrect (SRC_POS);
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
if (!ZipAdd (z, "EFI/VeraCrypt/DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker))
|
if (!ZipAdd (z, "EFI/VeraCrypt/DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker))
|
||||||
throw ParameterIncorrect (SRC_POS);
|
throw ParameterIncorrect (SRC_POS);
|
||||||
|
#endif
|
||||||
if (!ZipAdd (z, "EFI/VeraCrypt/DcsBoot.efi", dcsBootImg, sizeDcsBoot))
|
if (!ZipAdd (z, "EFI/VeraCrypt/DcsBoot.efi", dcsBootImg, sizeDcsBoot))
|
||||||
throw ParameterIncorrect (SRC_POS);
|
throw ParameterIncorrect (SRC_POS);
|
||||||
if (!ZipAdd (z, "EFI/VeraCrypt/DcsCfg.dcs", dcsCfgImg, sizeDcsCfg))
|
if (!ZipAdd (z, "EFI/VeraCrypt/DcsCfg.dcs", dcsCfgImg, sizeDcsCfg))
|
||||||
@ -3692,7 +3704,9 @@ namespace VeraCrypt
|
|||||||
{
|
{
|
||||||
const wchar_t* efi64Files[] = {
|
const wchar_t* efi64Files[] = {
|
||||||
L"EFI/Boot/bootx64.efi",
|
L"EFI/Boot/bootx64.efi",
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
L"EFI/VeraCrypt/DcsBml.dcs",
|
L"EFI/VeraCrypt/DcsBml.dcs",
|
||||||
|
#endif
|
||||||
L"EFI/VeraCrypt/DcsBoot.efi",
|
L"EFI/VeraCrypt/DcsBoot.efi",
|
||||||
L"EFI/VeraCrypt/DcsCfg.dcs",
|
L"EFI/VeraCrypt/DcsCfg.dcs",
|
||||||
L"EFI/VeraCrypt/DcsInt.dcs",
|
L"EFI/VeraCrypt/DcsInt.dcs",
|
||||||
@ -3703,7 +3717,9 @@ namespace VeraCrypt
|
|||||||
|
|
||||||
const wchar_t* efi32Files[] = {
|
const wchar_t* efi32Files[] = {
|
||||||
L"EFI/Boot/bootia32.efi",
|
L"EFI/Boot/bootia32.efi",
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
L"EFI/VeraCrypt/DcsBml.dcs",
|
L"EFI/VeraCrypt/DcsBml.dcs",
|
||||||
|
#endif
|
||||||
L"EFI/VeraCrypt/DcsBoot.efi",
|
L"EFI/VeraCrypt/DcsBoot.efi",
|
||||||
L"EFI/VeraCrypt/DcsCfg.dcs",
|
L"EFI/VeraCrypt/DcsCfg.dcs",
|
||||||
L"EFI/VeraCrypt/DcsInt.dcs",
|
L"EFI/VeraCrypt/DcsInt.dcs",
|
||||||
@ -3883,7 +3899,9 @@ namespace VeraCrypt
|
|||||||
|
|
||||||
const wchar_t* efi64Files[] = {
|
const wchar_t* efi64Files[] = {
|
||||||
L"EFI/Boot/bootx64.efi",
|
L"EFI/Boot/bootx64.efi",
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
L"EFI/VeraCrypt/DcsBml.dcs",
|
L"EFI/VeraCrypt/DcsBml.dcs",
|
||||||
|
#endif
|
||||||
L"EFI/VeraCrypt/DcsBoot.efi",
|
L"EFI/VeraCrypt/DcsBoot.efi",
|
||||||
L"EFI/VeraCrypt/DcsCfg.dcs",
|
L"EFI/VeraCrypt/DcsCfg.dcs",
|
||||||
L"EFI/VeraCrypt/DcsInt.dcs",
|
L"EFI/VeraCrypt/DcsInt.dcs",
|
||||||
@ -3894,7 +3912,9 @@ namespace VeraCrypt
|
|||||||
|
|
||||||
const wchar_t* efi32Files[] = {
|
const wchar_t* efi32Files[] = {
|
||||||
L"EFI/Boot/bootia32.efi",
|
L"EFI/Boot/bootia32.efi",
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
L"EFI/VeraCrypt/DcsBml.dcs",
|
L"EFI/VeraCrypt/DcsBml.dcs",
|
||||||
|
#endif
|
||||||
L"EFI/VeraCrypt/DcsBoot.efi",
|
L"EFI/VeraCrypt/DcsBoot.efi",
|
||||||
L"EFI/VeraCrypt/DcsCfg.dcs",
|
L"EFI/VeraCrypt/DcsCfg.dcs",
|
||||||
L"EFI/VeraCrypt/DcsInt.dcs",
|
L"EFI/VeraCrypt/DcsInt.dcs",
|
||||||
@ -4766,15 +4786,16 @@ namespace VeraCrypt
|
|||||||
if (config.SystemPartition.IsGPT)
|
if (config.SystemPartition.IsGPT)
|
||||||
{
|
{
|
||||||
STORAGE_DEVICE_NUMBER sdn;
|
STORAGE_DEVICE_NUMBER sdn;
|
||||||
|
#ifdef VC_EFI_CUSTOM_MODE
|
||||||
BOOL bSecureBootEnabled = FALSE, bVeraCryptKeysLoaded = FALSE;
|
BOOL bSecureBootEnabled = FALSE, bVeraCryptKeysLoaded = FALSE;
|
||||||
GetSecureBootConfig (&bSecureBootEnabled, &bVeraCryptKeysLoaded);
|
GetSecureBootConfig (&bSecureBootEnabled, &bVeraCryptKeysLoaded);
|
||||||
GetEfiBootDeviceNumber (&sdn);
|
|
||||||
activePartitionFound = (config.DriveNumber == (int) sdn.DeviceNumber);
|
|
||||||
|
|
||||||
if (bSecureBootEnabled && !bVeraCryptKeysLoaded)
|
if (bSecureBootEnabled && !bVeraCryptKeysLoaded)
|
||||||
{
|
{
|
||||||
throw ErrorException ("SYSENC_EFI_UNSUPPORTED_SECUREBOOT", SRC_POS);
|
throw ErrorException ("SYSENC_EFI_UNSUPPORTED_SECUREBOOT", SRC_POS);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
GetEfiBootDeviceNumber (&sdn);
|
||||||
|
activePartitionFound = (config.DriveNumber == (int) sdn.DeviceNumber);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user