Windows: verify EFI loader restoration

Verify restored EFI Microsoft and fallback boot loader paths after system decryption. Show clearer recovery guidance when EFI file restoration or NVRAM cleanup remains incomplete. Add a GPT-only EFI boot loader repair menu action for already decrypted systems.
2026-05-21 21:30:48 -05:00 · 2026-04-26 09:49:09 +09:00
parent 4fedeb461e
commit df4e755112
49 changed files with 656 additions and 14 deletions
@@ -663,6 +663,10 @@ static void InitMainDialog (HWND hwndDlg)
 			{
 				EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_HIDDEN_OS, MF_GRAYED);
 			}
+			else
+			{
+				EnableMenuItem (GetMenu (hwndDlg), IDM_REPAIR_EFI_BOOT_LOADER, MF_GRAYED);
+			}
 		}

 		// Disable menu item for changing system header key derivation algorithm until it's implemented
@@ -1464,10 +1468,12 @@ unsigned __int64 GetSysEncDeviceEncryptedPartSize (BOOL bSilent)
 static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
 {
 	SystemDriveConfiguration config;
+	BOOL bRepairEfiBootLoaderApplicable = FALSE;
 	try
 	{
 		BootEncStatus = BootEncObj->GetStatus();
 		config = BootEncObj->GetSystemDriveConfiguration();
+		bRepairEfiBootLoaderApplicable = config.SystemPartition.IsGPT;
 	}
 	catch (Exception &e)
 	{
@@ -1501,6 +1507,8 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
 		AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK"));
 		AppendMenuW (popup, MF_STRING, IDM_VERIFY_RESCUE_DISK, GetString ("IDM_VERIFY_RESCUE_DISK"));
 		AppendMenuW (popup, MF_STRING, IDM_VERIFY_RESCUE_DISK_ISO, GetString ("IDM_VERIFY_RESCUE_DISK_ISO"));
+		if (bRepairEfiBootLoaderApplicable)
+			AppendMenuW (popup, MF_STRING, IDM_REPAIR_EFI_BOOT_LOADER, GetString ("IDM_REPAIR_EFI_BOOT_LOADER"));
 	}

 	if (!bToolsOnly)
@@ -6454,6 +6462,63 @@ static void DecryptSystemDevice (HWND hwndDlg)
 		Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
 }

+static void RepairEfiBootLoader (HWND hwndDlg)
+{
+	SystemDriveConfiguration config;
+	try
+	{
+		BootEncStatus = BootEncObj->GetStatus();
+		config = BootEncObj->GetSystemDriveConfiguration ();
+	}
+	catch (Exception &e)
+	{
+		e.Show (hwndDlg);
+		return;
+	}
+
+	if (!config.SystemPartition.IsGPT)
+	{
+		Warning ("EFI_BOOT_LOADER_REPAIR_NOT_APPLICABLE", hwndDlg);
+		return;
+	}
+
+	if (IsHiddenOSRunning()
+		|| BootEncStatus.SetupInProgress
+		|| BootEncStatus.DriveEncrypted
+		|| BootEncStatus.DriveMounted
+		|| SysEncryptionOrDecryptionRequired ())
+	{
+		Warning ("EFI_BOOT_LOADER_REPAIR_BLOCKED", hwndDlg);
+		return;
+	}
+
+	if (AskWarnNoYes ("CONFIRM_REPAIR_EFI_BOOT_LOADER", hwndDlg) == IDNO)
+		return;
+
+	if (!CreateSysEncMutex ())
+	{
+		Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
+		return;
+	}
+
+	WaitCursor ();
+	try
+	{
+		BootEncObj->RestoreSystemLoader ();
+	}
+	catch (Exception &e)
+	{
+		NormalCursor ();
+		CloseSysEncMutex ();
+		e.Show (hwndDlg);
+		return;
+	}
+
+	NormalCursor ();
+	CloseSysEncMutex ();
+	Info ("EFI_BOOT_LOADER_REPAIR_SUCCESS", hwndDlg);
+}
+
 // Initiates the process of creation of a hidden operating system
 static void CreateHiddenOS (HWND hwndDlg)
 {
@@ -8519,6 +8584,9 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 		case IDM_VERIFY_RESCUE_DISK_ISO:
 			VerifyRescueDisk (hwndDlg, true);
 			break;
+		case IDM_REPAIR_EFI_BOOT_LOADER:
+			RepairEfiBootLoader (hwndDlg);
+			break;
 		case IDM_MOUNT_SYSENC_PART_WITHOUT_PBA:

 			if (CheckSysEncMountWithoutPBA (hwndDlg, L"", FALSE))
@@ -699,6 +699,7 @@ BEGIN
        MENUITEM "Create Rescue Disk...",       IDM_CREATE_RESCUE_DISK
        MENUITEM "Verify Rescue Disk",          IDM_VERIFY_RESCUE_DISK
        MENUITEM "Verify Rescue Disk Image",    IDM_VERIFY_RESCUE_DISK_ISO
+        MENUITEM "Repair EFI Boot Loader...",   IDM_REPAIR_EFI_BOOT_LOADER
        MENUITEM SEPARATOR
        MENUITEM "Mount Without Pre-Boot &Authentication...", IDM_MOUNT_SYSENC_PART_WITHOUT_PBA
        MENUITEM SEPARATOR
@@ -275,6 +275,7 @@
 #define IDM_DECRYPT_NONSYS_VOL          40067
 #define IDM_VERIFY_RESCUE_DISK_ISO      40068
 #define IDM_MOUNIT_NO_CACHE             40069
+#define IDM_REPAIR_EFI_BOOT_LOADER      40070

 // Next default values for new objects
 // 
@@ -282,7 +283,7 @@
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NO_MFC                     1
 #define _APS_NEXT_RESOURCE_VALUE        123
-#define _APS_NEXT_COMMAND_VALUE         40070
+#define _APS_NEXT_COMMAND_VALUE         40071
 #define _APS_NEXT_CONTROL_VALUE         1184
 #define _APS_NEXT_SYMED_VALUE           101
 #endif