diff options
author | kavsrf <kavsrf@gmail.com> | 2017-06-16 21:15:04 +0300 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2017-06-18 15:52:11 +0200 |
commit | ed149d5104f35ab52edd7579f2c956382e7d617f (patch) | |
tree | 670192176e3a5281999a4089bf771731371c6b43 | |
parent | 764556463ff132bd3a10d6c29e219bb10d523206 (diff) | |
download | VeraCrypt-DCS-ed149d5104f35ab52edd7579f2c956382e7d617f.tar.gz VeraCrypt-DCS-ed149d5104f35ab52edd7579f2c956382e7d617f.zip |
BML flags added
-rw-r--r-- | DcsBml/DcsBml.c | 80 | ||||
-rw-r--r-- | DcsBml/DcsBml.h | 4 | ||||
-rw-r--r-- | DcsBoot/DcsBoot.c | 6 | ||||
-rw-r--r-- | DcsInt/DcsInt.c | 4 | ||||
-rw-r--r-- | Include/Library/CommonLib.h | 10 | ||||
-rw-r--r-- | Include/Protocol/DcsBmlProto.h | 6 | ||||
-rw-r--r-- | Library/CommonLib/EfiBml.c | 2 |
7 files changed, 62 insertions, 50 deletions
diff --git a/DcsBml/DcsBml.c b/DcsBml/DcsBml.c index 7b37d1f..dd19a30 100644 --- a/DcsBml/DcsBml.c +++ b/DcsBml/DcsBml.c @@ -33,7 +33,7 @@ typedef struct _BML_GLOBALS { } BML_GLOBALS, *PBML_GLOBALS;
STATIC PBML_GLOBALS gBmlData = NULL;
-STATIC BOOLEAN BootMenuLocked = TRUE;
+STATIC BOOLEAN BootMenuLocked = FALSE;
EFI_EVENT mBmlVirtualAddrChangeEvent;
EFI_SET_VARIABLE orgSetVariable = NULL;
@@ -81,11 +81,37 @@ BmlVirtualNotifyEvent( }
//////////////////////////////////////////////////////////////////////////
-// DcsBml protocol to control lock in BS mode
+// Boot order
//////////////////////////////////////////////////////////////////////////
CHAR16* sDcsBootEfi = L"EFI\\VeraCrypt\\DcsBoot.efi";
CHAR16* sDcsBootEfiDesc = L"VeraCrypt(DCS) loader";
+EFI_STATUS
+UpdateBootOrder()
+{
+ EFI_STATUS res;
+ UINTN len;
+ UINT32 attr;
+ CHAR16* tmp = NULL;
+ res = EfiGetVar(L"BootDC5B", &gEfiGlobalVariableGuid, &tmp, &len, &attr);
+ if (EFI_ERROR(res)) {
+ InitFS();
+ res = BootMenuItemCreate(L"BootDC5B", sDcsBootEfiDesc, gFileRootHandle, sDcsBootEfi, TRUE);
+ res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
+ }
+ else {
+ UINTN boIndex = 1;
+ if (EFI_ERROR(BootOrderPresent(L"BootOrder", 0x0DC5B, &boIndex)) || boIndex != 0) {
+ res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
+ }
+ }
+ MEM_FREE(tmp);
+ return res;
+}
+
+//////////////////////////////////////////////////////////////////////////
+// DcsBml protocol to control lock in BS mode
+//////////////////////////////////////////////////////////////////////////
GUID gEfiDcsBmlProtocolGuid = EFI_DCSBML_INTERFACE_PROTOCOL_GUID;
EFI_DCSBML_PROTOCOL gEfiDcsBmlProtocol = {
BootMenuLock
@@ -94,9 +120,22 @@ EFI_DCSBML_PROTOCOL gEfiDcsBmlProtocol = { EFI_STATUS
BootMenuLock(
IN EFI_DCSBML_PROTOCOL *This,
- IN BOOLEAN Lock
+ IN UINT32 LockFlags
) {
- BootMenuLocked = Lock;
+ if ((LockFlags & BML_UPDATE_BOOTORDER) == BML_UPDATE_BOOTORDER) {
+ UpdateBootOrder();
+ }
+ if ((LockFlags & BML_SET_BOOTNEXT) == BML_SET_BOOTNEXT) {
+ UINT16 DcsBootNum = 0x0DC5B;
+ EfiSetVar(L"BootNext", &gEfiGlobalVariableGuid, &DcsBootNum, sizeof(DcsBootNum), EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ }
+ if ((LockFlags & BML_LOCK_SETVARIABLE) == BML_LOCK_SETVARIABLE) {
+ if (orgSetVariable == NULL) {
+ BootMenuLocked = TRUE;
+ orgSetVariable = gST->RuntimeServices->SetVariable;
+ gST->RuntimeServices->SetVariable = BmlSetVaribale;
+ }
+ }
return EFI_SUCCESS;
}
@@ -138,33 +177,6 @@ DcsBmlUnload( return EFI_SUCCESS;
}
-//////////////////////////////////////////////////////////////////////////
-// Boot order
-//////////////////////////////////////////////////////////////////////////
-EFI_STATUS
-UpdateBootOrder()
-{
- EFI_STATUS res;
- UINT16 DcsBootNum = 0x0DC5B;
- UINTN boIndex = 1;
- UINTN len;
- UINT32 attr;
- CHAR16* tmp = NULL;
- res = EfiGetVar(L"BootDC5B", &gEfiGlobalVariableGuid, &tmp, &len, &attr);
- if (EFI_ERROR(res)) {
- InitFS();
- res = BootMenuItemCreate(L"BootDC5B", sDcsBootEfiDesc, gFileRootHandle, sDcsBootEfi, TRUE);
- res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
- } else {
- if (EFI_ERROR(BootOrderPresent(L"BootOrder", 0x0DC5B, &boIndex)) || boIndex != 0) {
- res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
- }
- }
- res = EfiSetVar(L"BootNext", &gEfiGlobalVariableGuid, &DcsBootNum, sizeof(DcsBootNum), EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS);
- MEM_FREE(tmp);
- return res;
-}
-
/**
The actual entry point for the application.
@@ -232,11 +244,5 @@ DcsBmlMain( return res;
}
- UpdateBootOrder();
-
- orgSetVariable = gST->RuntimeServices->SetVariable;
- gST->RuntimeServices->SetVariable = BmlSetVaribale;
-
- // Prepare BootDC5B
return EFI_SUCCESS;
}
diff --git a/DcsBml/DcsBml.h b/DcsBml/DcsBml.h index df639fc..8a11633 100644 --- a/DcsBml/DcsBml.h +++ b/DcsBml/DcsBml.h @@ -57,8 +57,8 @@ extern EFI_DCSBML_PROTOCOL gEfiDcsBmlProtocol; EFI_STATUS
BootMenuLock(
- IN EFI_DCSBML_PROTOCOL *This,
- IN BOOLEAN Lock
+ IN EFI_DCSBML_PROTOCOL *This,
+ IN UINT32 LockFlags
);
diff --git a/DcsBoot/DcsBoot.c b/DcsBoot/DcsBoot.c index de79e93..f897a48 100644 --- a/DcsBoot/DcsBoot.c +++ b/DcsBoot/DcsBoot.c @@ -18,6 +18,7 @@ https://opensource.org/licenses/LGPL-3.0 #include <Library/DevicePathLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/PrintLib.h>
+#include <Protocol/DcsBmlProto.h>
#include "DcsConfig.h"
#include <Guid/Gpt.h>
#include <Guid/GlobalVariable.h>
@@ -37,6 +38,11 @@ DoExecCmd() if (!EFI_ERROR(res)) {
res = FileOpenRoot(gFileRootHandle, &gFileRoot);
if (!EFI_ERROR(res)) {
+ UINT32 lockFlags = 0;
+ // Lock EFI boot variables
+ InitBml();
+ lockFlags = ConfigReadInt("DcsBmlLockFlags", BML_LOCK_SETVARIABLE | BML_SET_BOOTNEXT | BML_UPDATE_BOOTORDER);
+ BmlLock(lockFlags);
res = EfiExec(NULL, gEfiExecCmd);
AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't exec %s start partition %g\n", gEfiExecCmd, gEfiExecPartGuid);
} else {
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c index 4b84256..3dad27e 100644 --- a/DcsInt/DcsInt.c +++ b/DcsInt/DcsInt.c @@ -1153,10 +1153,6 @@ UefiMain( return OnExit(gOnExitFailed, OnExitAuthFaild, res);
}
- // Lock EFI boot variables
- InitBml();
- BmlLock(TRUE);
-
// Install decrypt
res = EfiLibInstallDriverBindingComponentName2(
ImageHandle,
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h index cd7e068..9a15afd 100644 --- a/Include/Library/CommonLib.h +++ b/Include/Library/CommonLib.h @@ -29,10 +29,10 @@ https://opensource.org/licenses/LGPL-3.0 //////////////////////////////////////////////////////////////////////////
extern UINTN gCELine;
#define CE(ex) gCELine = __LINE__; if(EFI_ERROR(res = ex)) goto err
- -#ifndef CSTATIC_ASSERT -#define CSTATIC_ASSERT(b, name) typedef int StaticAssertFailed##name[b ? 1 : -1]; -#endif +
+#ifndef CSTATIC_ASSERT
+#define CSTATIC_ASSERT(b, name) typedef int StaticAssertFailed##name[b ? 1 : -1];
+#endif
//////////////////////////////////////////////////////////////////////////
// defines
@@ -564,7 +564,7 @@ InitBml(); EFI_STATUS
BmlLock(
- IN BOOLEAN lock
+ IN UINT32 lock
);
diff --git a/Include/Protocol/DcsBmlProto.h b/Include/Protocol/DcsBmlProto.h index 9fafa97..2a04d89 100644 --- a/Include/Protocol/DcsBmlProto.h +++ b/Include/Protocol/DcsBmlProto.h @@ -29,6 +29,10 @@ https://opensource.org/licenses/LGPL-3.0 typedef struct _EFI_DCSBML_PROTOCOL EFI_DCSBML_PROTOCOL;
+#define BML_LOCK_SETVARIABLE 0x1
+#define BML_UPDATE_BOOTORDER 0x2
+#define BML_SET_BOOTNEXT 0x4
+
//
// Lock boot menu
//
@@ -36,7 +40,7 @@ typedef EFI_STATUS
(EFIAPI *EFI_BOOT_MENU_LOCK) (
IN EFI_DCSBML_PROTOCOL *This,
- IN BOOLEAN Lock
+ IN UINT32 LockFlags
);
diff --git a/Library/CommonLib/EfiBml.c b/Library/CommonLib/EfiBml.c index 184ca75..f7b55aa 100644 --- a/Library/CommonLib/EfiBml.c +++ b/Library/CommonLib/EfiBml.c @@ -46,7 +46,7 @@ InitBml() { EFI_STATUS
BmlLock(
- IN BOOLEAN lock
+ IN UINT32 lock
)
{
if (gBml != NULL) {
|