Windows Driver: Enable RAM encryption only after its security parameters were created

This commit is contained in:
Mounir IDRASSI 2019-03-01 00:32:21 +01:00
parent 3d6032d69e
commit edd1b00126
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F

View File

@ -138,6 +138,7 @@ static BOOL SystemFavoriteVolumeDirty = FALSE;
static BOOL PagingFileCreationPrevented = FALSE;
static BOOL EnableExtendedIoctlSupport = FALSE;
static BOOL AllowTrimCommand = FALSE;
static BOOL RamEncryptionActivated = FALSE;
static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
@ -331,18 +332,16 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
{
// we enable RAM encryption only starting from Windows 7
if (IsRamEncryptionEnabled())
if (RamEncryptionActivated)
{
if (t1ha_selfcheck__t1ha2() != 0)
TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
if (!InitializeSecurityParameters(GetDriverRandomSeed))
TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
EnableRamEncryption (TRUE);
}
}
else
{
EnableRamEncryption (FALSE);
}
#endif
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i)
@ -4513,7 +4512,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
WriteRegistryConfigFlags (flags);
}
EnableRamEncryption ((flags & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE);
RamEncryptionActivated = (flags & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE;
}
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);