mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 11:08:02 -06:00
Windows: use specific order for EFI boot arguments memory regions that matches the one used by EFI bootloader.
This commit is contained in:
Mounir IDRASSI
@@ -205,6 +205,7 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED
|
|||||||
0x100000, 0x200000, 0x300000, 0x400000, 0x500000, 0x600000, 0x700000, 0x800000, \
|
0x100000, 0x200000, 0x300000, 0x400000, 0x500000, 0x600000, 0x700000, 0x800000, \
|
||||||
0x900000, 0xA00000, 0xB00000, 0xC00000, 0xD00000, 0xE00000, 0xF00000, 0x1000000
|
0x900000, 0xA00000, 0xB00000, 0xC00000, 0xD00000, 0xE00000, 0xF00000, 0x1000000
|
||||||
|
|
||||||
#define EFI_BOOTARGS_REGIONS EFI_BOOTARGS_REGIONS_LOW, EFI_BOOTARGS_REGIONS_HIGH
|
#define EFI_BOOTARGS_REGIONS_DEFAULT EFI_BOOTARGS_REGIONS_LOW, EFI_BOOTARGS_REGIONS_HIGH
|
||||||
|
#define EFI_BOOTARGS_REGIONS_EFI EFI_BOOTARGS_REGIONS_HIGH, EFI_BOOTARGS_REGIONS_LOW
|
||||||
|
|
||||||
#endif // TC_HEADER_Boot_BootDefs
|
#endif // TC_HEADER_Boot_BootDefs
|
||||||
|
|||||||
@@ -281,6 +281,14 @@ typedef VOID (NTAPI *KeRestoreExtendedProcessorStateFn) (
|
|||||||
PXSTATE_SAVE XStateSave
|
PXSTATE_SAVE XStateSave
|
||||||
);
|
);
|
||||||
|
|
||||||
|
typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) (
|
||||||
|
PUNICODE_STRING VariableName,
|
||||||
|
LPGUID VendorGuid,
|
||||||
|
PVOID Value,
|
||||||
|
PULONG ValueLength,
|
||||||
|
PULONG Attributes
|
||||||
|
);
|
||||||
|
|
||||||
extern NTSTATUS NTAPI KeSaveExtendedProcessorState (
|
extern NTSTATUS NTAPI KeSaveExtendedProcessorState (
|
||||||
__in ULONG64 Mask,
|
__in ULONG64 Mask,
|
||||||
PXSTATE_SAVE XStateSave
|
PXSTATE_SAVE XStateSave
|
||||||
|
|||||||
@@ -75,28 +75,31 @@ static int64 DecoySystemWipedAreaEnd;
|
|||||||
PKTHREAD DecoySystemWipeThread = NULL;
|
PKTHREAD DecoySystemWipeThread = NULL;
|
||||||
static NTSTATUS DecoySystemWipeResult;
|
static NTSTATUS DecoySystemWipeResult;
|
||||||
|
|
||||||
uint64 BootArgsRegions[] = { EFI_BOOTARGS_REGIONS };
|
static uint64 BootArgsRegionsDefault[] = { EFI_BOOTARGS_REGIONS_DEFAULT };
|
||||||
|
static uint64 BootArgsRegionsEFI[] = { EFI_BOOTARGS_REGIONS_EFI };
|
||||||
|
|
||||||
NTSTATUS LoadBootArguments ()
|
NTSTATUS LoadBootArguments (BOOL bIsEfi)
|
||||||
{
|
{
|
||||||
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
||||||
PHYSICAL_ADDRESS bootArgsAddr;
|
PHYSICAL_ADDRESS bootArgsAddr;
|
||||||
byte *mappedBootArgs;
|
byte *mappedBootArgs;
|
||||||
byte *mappedCryptoInfo = NULL;
|
byte *mappedCryptoInfo = NULL;
|
||||||
uint16 bootLoaderArgsIndex;
|
uint16 bootLoaderArgsIndex;
|
||||||
|
uint64* BootArgsRegionsPtr = bIsEfi? BootArgsRegionsEFI : BootArgsRegionsDefault;
|
||||||
|
size_t BootArgsRegionsCount = bIsEfi? sizeof(BootArgsRegionsEFI)/ sizeof(BootArgsRegionsEFI[0]) : sizeof(BootArgsRegionsDefault)/ sizeof(BootArgsRegionsDefault[0]);
|
||||||
|
|
||||||
KeInitializeMutex (&MountMutex, 0);
|
KeInitializeMutex (&MountMutex, 0);
|
||||||
// __debugbreak();
|
// __debugbreak();
|
||||||
for (bootLoaderArgsIndex = 0;
|
for (bootLoaderArgsIndex = 0;
|
||||||
bootLoaderArgsIndex < sizeof(BootArgsRegions)/ sizeof(BootArgsRegions[1]) && status != STATUS_SUCCESS;
|
bootLoaderArgsIndex < BootArgsRegionsCount && status != STATUS_SUCCESS;
|
||||||
++bootLoaderArgsIndex)
|
++bootLoaderArgsIndex)
|
||||||
{
|
{
|
||||||
bootArgsAddr.QuadPart = BootArgsRegions[bootLoaderArgsIndex] + TC_BOOT_LOADER_ARGS_OFFSET;
|
bootArgsAddr.QuadPart = BootArgsRegionsPtr[bootLoaderArgsIndex] + TC_BOOT_LOADER_ARGS_OFFSET;
|
||||||
Dump ("Checking BootArguments at 0x%x\n", bootArgsAddr.LowPart);
|
Dump ("Checking BootArguments at 0x%x\n", bootArgsAddr.LowPart);
|
||||||
|
|
||||||
mappedBootArgs = MmMapIoSpace (bootArgsAddr, sizeof (BootArguments), MmCached);
|
mappedBootArgs = MmMapIoSpace (bootArgsAddr, sizeof (BootArguments), MmCached);
|
||||||
if (!mappedBootArgs)
|
if (!mappedBootArgs)
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
|
||||||
if (TC_IS_BOOT_ARGUMENTS_SIGNATURE (mappedBootArgs))
|
if (TC_IS_BOOT_ARGUMENTS_SIGNATURE (mappedBootArgs))
|
||||||
{
|
{
|
||||||
@@ -118,7 +121,7 @@ NTSTATUS LoadBootArguments ()
|
|||||||
// Sanity check: for valid boot argument, the password is less than 64 bytes long
|
// Sanity check: for valid boot argument, the password is less than 64 bytes long
|
||||||
if (bootArguments->BootPassword.Length <= MAX_LEGACY_PASSWORD)
|
if (bootArguments->BootPassword.Length <= MAX_LEGACY_PASSWORD)
|
||||||
{
|
{
|
||||||
BootLoaderArgsPtr = BootArgsRegions[bootLoaderArgsIndex];
|
BootLoaderArgsPtr = BootArgsRegionsPtr[bootLoaderArgsIndex];
|
||||||
|
|
||||||
BootArgs = *bootArguments;
|
BootArgs = *bootArguments;
|
||||||
BootArgsValid = TRUE;
|
BootArgsValid = TRUE;
|
||||||
|
|||||||
@@ -70,7 +70,7 @@ CRYPTO_INFO *GetSystemDriveCryptoInfo ();
|
|||||||
BOOL IsBootDriveMounted ();
|
BOOL IsBootDriveMounted ();
|
||||||
BOOL IsBootEncryptionSetupInProgress ();
|
BOOL IsBootEncryptionSetupInProgress ();
|
||||||
BOOL IsHiddenSystemRunning ();
|
BOOL IsHiddenSystemRunning ();
|
||||||
NTSTATUS LoadBootArguments ();
|
NTSTATUS LoadBootArguments (BOOL bIsEfi);
|
||||||
static NTSTATUS SaveDriveVolumeHeader (DriveFilterExtension *Extension);
|
static NTSTATUS SaveDriveVolumeHeader (DriveFilterExtension *Extension);
|
||||||
NTSTATUS StartBootEncryptionSetup (PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_STACK_LOCATION irpSp);
|
NTSTATUS StartBootEncryptionSetup (PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_STACK_LOCATION irpSp);
|
||||||
void EmergencyClearAllKeys (PIRP irp, PIO_STACK_LOCATION irpSp);
|
void EmergencyClearAllKeys (PIRP irp, PIO_STACK_LOCATION irpSp);
|
||||||
|
|||||||
@@ -140,12 +140,44 @@ static BOOL EnableExtendedIoctlSupport = FALSE;
|
|||||||
static BOOL AllowTrimCommand = FALSE;
|
static BOOL AllowTrimCommand = FALSE;
|
||||||
static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
|
static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
|
||||||
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
|
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
|
||||||
|
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
|
||||||
|
|
||||||
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
|
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
|
||||||
ULONG ExDefaultMdlProtection = 0;
|
ULONG ExDefaultMdlProtection = 0;
|
||||||
|
|
||||||
PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
|
PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
|
||||||
|
|
||||||
|
BOOL IsUefiBoot ()
|
||||||
|
{
|
||||||
|
BOOL bStatus = FALSE;
|
||||||
|
NTSTATUS ntStatus = STATUS_NOT_IMPLEMENTED;
|
||||||
|
|
||||||
|
Dump ("IsUefiBoot BEGIN\n");
|
||||||
|
ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
|
||||||
|
|
||||||
|
if (ExGetFirmwareEnvironmentVariablePtr)
|
||||||
|
{
|
||||||
|
ULONG valueLengh = 0;
|
||||||
|
UNICODE_STRING emptyName;
|
||||||
|
GUID guid;
|
||||||
|
RtlInitUnicodeString(&emptyName, L"");
|
||||||
|
memset (&guid, 0, sizeof(guid));
|
||||||
|
Dump ("IsUefiBoot calling ExGetFirmwareEnvironmentVariable\n");
|
||||||
|
ntStatus = ExGetFirmwareEnvironmentVariablePtr (&emptyName, &guid, NULL, &valueLengh, NULL);
|
||||||
|
Dump ("IsUefiBoot ExGetFirmwareEnvironmentVariable returned 0x%08x\n", ntStatus);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Dump ("IsUefiBoot ExGetFirmwareEnvironmentVariable not found on the system\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (STATUS_NOT_IMPLEMENTED != ntStatus)
|
||||||
|
bStatus = TRUE;
|
||||||
|
|
||||||
|
Dump ("IsUefiBoot bStatus = %s END\n", bStatus? "TRUE" : "FALSE");
|
||||||
|
return bStatus;
|
||||||
|
}
|
||||||
|
|
||||||
void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)
|
void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)
|
||||||
{
|
{
|
||||||
LARGE_INTEGER iSeed, iSeed2;
|
LARGE_INTEGER iSeed, iSeed2;
|
||||||
@@ -248,6 +280,14 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
|
|||||||
KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
|
KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
|
||||||
KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
|
KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ExGetFirmwareEnvironmentVariable is available starting from Windows 8
|
||||||
|
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2))
|
||||||
|
{
|
||||||
|
UNICODE_STRING funcName;
|
||||||
|
RtlInitUnicodeString(&funcName, L"ExGetFirmwareEnvironmentVariable");
|
||||||
|
ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName);
|
||||||
|
}
|
||||||
|
|
||||||
// Load dump filter if the main driver is already loaded
|
// Load dump filter if the main driver is already loaded
|
||||||
if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version))))
|
if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version))))
|
||||||
@@ -278,7 +318,7 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
|
|||||||
TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
|
TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
|
|
||||||
LoadBootArguments();
|
LoadBootArguments(IsUefiBoot ());
|
||||||
VolumeClassFilterRegistered = IsVolumeClassFilterRegistered();
|
VolumeClassFilterRegistered = IsVolumeClassFilterRegistered();
|
||||||
|
|
||||||
DriverObject->DriverExtension->AddDevice = DriverAddDevice;
|
DriverObject->DriverExtension->AddDevice = DriverAddDevice;
|
||||||
|
|||||||
Reference in New Issue
Block a user