VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--DcsBoot/DcsBoot.c52
-rw-r--r--DcsInt/DcsInt.c33
-rw-r--r--Library/DcsCfgLib/DcsRandom.c2
-rw-r--r--Library/VeraCryptLib/DcsVeraCrypt.c117
-rw-r--r--Library/VeraCryptLib/DcsVeraCrypt.h3
5 files changed, 125 insertions, 82 deletions
diff --git a/DcsBoot/DcsBoot.c b/DcsBoot/DcsBoot.c
index 30bc4a9..4650ae6 100644
--- a/DcsBoot/DcsBoot.c
+++ b/DcsBoot/DcsBoot.c
@@ -17,6 +17,7 @@ https://opensource.org/licenses/LGPL-3.0
#include <Library/UefiBootServicesTableLib.h>
#include <Library/DevicePathLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/PrintLib.h>
#include "DcsConfig.h"
#include <Guid/Gpt.h>
#include <Guid/GlobalVariable.h>
@@ -25,6 +26,27 @@ EFI_GUID ImagePartGuid;
EFI_GUID *gEfiExecPartGuid = &ImagePartGuid;
CHAR16 *gEfiExecCmdDefault = L"\\EFI\\Microsoft\\Boot\\Bootmgfw.efi";
CHAR16 *gEfiExecCmd = NULL;
+CHAR8 gDoExecCmdMsg[256];
+
+EFI_STATUS
+DoExecCmd()
+{
+ EFI_STATUS res;
+ gDoExecCmdMsg[0] = 0;
+ res = EfiFindPartByGUID(gEfiExecPartGuid, &gFileRootHandle);
+ if (!EFI_ERROR(res)) {
+ res = FileOpenRoot(gFileRootHandle, &gFileRoot);
+ if (!EFI_ERROR(res)) {
+ res = EfiExec(NULL, gEfiExecCmd);
+ AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't exec %s start partition %g\n", gEfiExecCmd, gEfiExecPartGuid);
+ } else {
+ AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't open start partition %g\n", gEfiExecPartGuid);
+ }
+ } else {
+ AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't find start partition %g\n", gEfiExecPartGuid);
+ }
+ return res;
+}
CHAR16* sDcsBootEfi = L"EFI\\VeraCrypt\\DcsBoot.efi";
CHAR16* sDcsDriverEfiDesc = L"VeraCrypt(DCS) driver";
@@ -106,6 +128,10 @@ DcsBootMain(
if (EFI_ERROR(FileExist(NULL, L"\\EFI\\VeraCrypt\\PlatformInfo")) &&
!EFI_ERROR(FileExist(NULL, L"\\EFI\\VeraCrypt\\DcsInfo.dcs"))) {
res = EfiExec(NULL, L"\\EFI\\VeraCrypt\\DcsInfo.dcs");
+ if (!EFI_ERROR(res) &&
+ !EFI_ERROR(FileExist(NULL, L"\\EFI\\VeraCrypt\\PlatformInfo"))) {
+ gST->RuntimeServices->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
+ }
}
// Load all drivers
@@ -161,34 +187,18 @@ DcsBootMain(
if (CompareGuid(&gptEntry[i].PartitionTypeGUID, &gEfiPartTypeSystemPartGuid)) {
// select ESP GUID
CopyGuid(gEfiExecPartGuid, &gptEntry[i].UniquePartitionGUID);
- break;
+ res = DoExecCmd();
+ if(EFI_ERROR(res)) continue;
}
}
}
}
}
+ } else {
+ res = DoExecCmd();
}
- // OUT_PRINT(L".");
- res = EfiFindPartByGUID(gEfiExecPartGuid, &gFileRootHandle);
- if (EFI_ERROR(res)) {
- ERR_PRINT(L"\nCan't find start partition %g\n", gEfiExecPartGuid);
- EfiCpuHalt();
- }
-// OUT_PRINT(L".");
- res = FileOpenRoot(gFileRootHandle, &gFileRoot);
- if (EFI_ERROR(res)) {
- ERR_PRINT(L"\nCan't open start partition\n");
- EfiCpuHalt();
- }
-// OUT_PRINT(L".");
- // Try to exec windows loader...
- res = EfiExec(NULL, gEfiExecCmd);
- if (EFI_ERROR(res)) {
- ERR_PRINT(L"\nStart %s - %r\n", gEfiExecCmd, res);
- EfiCpuHalt();
- }
- ERR_PRINT(L"???%r");
+ ERR_PRINT(L"%a\nStatus - %r", gDoExecCmdMsg, res);
EfiCpuHalt();
return EFI_INVALID_PARAMETER;
}
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c
index 1499069..e792993 100644
--- a/DcsInt/DcsInt.c
+++ b/DcsInt/DcsInt.c
@@ -994,20 +994,31 @@ UefiMain(
if (!devFound) return OnExit(gOnExitNotFound, OnExitAuthNotFound, EFI_NOT_FOUND);
}
- // Try to find by OS partition GUID
- if (SecRegionData == NULL && gPartitionGuidOS != NULL) {
- UINTN i;
- for (i = 0; i < gBIOCount; ++i) {
- EFI_GUID guid;
- res = EfiGetPartGUID(gBIOHandles[i], &guid);
- if(EFI_ERROR(res)) continue;
- if (memcmp(gPartitionGuidOS, &guid, sizeof(guid)) == 0) {
- res = SecRegionLoadDefault(gBIOHandles[i]);
- if (EFI_ERROR(res)) {
- return OnExit(gOnExitNotFound, OnExitAuthNotFound, res);
+ // Force authorization
+ if (SecRegionData == NULL && gDcsBootForce != 0) {
+ res = EFI_NOT_FOUND;
+ if (gPartitionGuidOS != NULL) {
+ // Try to find by OS partition GUID
+ UINTN i;
+ for (i = 0; i < gBIOCount; ++i) {
+ EFI_GUID guid;
+ res = EfiGetPartGUID(gBIOHandles[i], &guid);
+ if (EFI_ERROR(res)) continue;
+ if (memcmp(gPartitionGuidOS, &guid, sizeof(guid)) == 0) {
+ res = SecRegionLoadDefault(gBIOHandles[i]);
+ break;
}
}
+ } else {
+ res = SecRegionLoadDefault(gFileRootHandle);
+ }
+ if (EFI_ERROR(res)) {
+ return OnExit(gOnExitNotFound, OnExitAuthNotFound, res);
}
+ // force password type and message
+ gAuthPasswordType = gForcePasswordType;
+ gAuthPasswordMsg = gForcePasswordMsg;
+ gPasswordProgress = gForcePasswordProgress;
}
// ask any way? (by DcsBoot flag)
diff --git a/Library/DcsCfgLib/DcsRandom.c b/Library/DcsCfgLib/DcsRandom.c
index eceba8d..f4eb2e0 100644
--- a/Library/DcsCfgLib/DcsRandom.c
+++ b/Library/DcsCfgLib/DcsRandom.c
@@ -22,7 +22,7 @@ https://opensource.org/licenses/LGPL-3.0
#include <common/Pkcs5.h>
#include <crypto/sha2.h>
-#include "../../Include/Library/DcsTpmLib.h"
+#include <Library/DcsTpmLib.h>
DCS_RND* gRnd = NULL;
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c
index d5680ba..cc85f4e 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.c
+++ b/Library/VeraCryptLib/DcsVeraCrypt.c
@@ -15,6 +15,7 @@ https://opensource.org/licenses/Apache-2.0
#include <DcsVeraCrypt.h>
#include <Uefi.h>
#include <Library/UefiBootServicesTableLib.h>
+#include <Library/PrintLib.h>
#include <Library/CommonLib.h>
#include <Library/GraphLib.h>
@@ -72,6 +73,9 @@ UINTN gPlatformKeyFileSize = 0;
EFI_GUID *gPartitionGuidOS = NULL;
int gDcsBootForce = 1;
+char* gForcePasswordMsg = NULL;
+int gForcePasswordType = 0;
+UINT8 gForcePasswordProgress = 1;
CHAR8* gOnExitFailed = NULL;
CHAR8* gOnExitSuccess = NULL;
@@ -85,56 +89,24 @@ VOID
VCAuthLoadConfig()
{
int tmp;
+ char* strTemp = NULL;
if (gAuthPasswordMsg != NULL) return; // Already loaded
SetMem(&gAuthPassword, sizeof(gAuthPassword), 0);
- {
- char* passwordPictureAscii = NULL;
- passwordPictureAscii = MEM_ALLOC(MAX_MSG);
- gPasswordPictureFileName = MEM_ALLOC(MAX_MSG * 2);
- ConfigReadString("PasswordPicture", "\\EFI\\VeraCrypt\\login.bmp", passwordPictureAscii, MAX_MSG);
- AsciiStrToUnicodeStr(passwordPictureAscii, gPasswordPictureFileName);
- MEM_FREE(passwordPictureAscii);
- }
- SetMem(&gAuthPassword, sizeof(gAuthPassword), 0);
-
- //
- gAuthSecRegionSearch = ConfigReadInt("SecRegionSearch", 0);
- gPlatformLocked = ConfigReadInt("PlatformLocked", 0);
- gTPMLocked = ConfigReadInt("TPMLocked", 0);
- gSCLocked = ConfigReadInt("SCLocked", 0);
- gDcsBootForce = ConfigReadInt("DcsBootForce", 1);
-
- // Actions for DcsInt
- gOnExitSuccess = MEM_ALLOC(MAX_MSG);
- ConfigReadString("ActionSuccess", "Exit", gOnExitSuccess, MAX_MSG);
- gOnExitNotFound = MEM_ALLOC(MAX_MSG);
- ConfigReadString("ActionNotFound", "Exit", gOnExitNotFound, MAX_MSG);
- gOnExitFailed = MEM_ALLOC(MAX_MSG);
- ConfigReadString("ActionFailed", "Exit", gOnExitFailed, MAX_MSG);
- {
- char* strTemp = NULL;
- strTemp = MEM_ALLOC(MAX_MSG);
- ConfigReadString("PartitionGuidOS", "", strTemp, MAX_MSG);
- if (strTemp[0] != 0) {
- EFI_GUID g;
- if (AsciiStrToGuid(&g, strTemp)) {
- gPartitionGuidOS = MEM_ALLOC(sizeof(EFI_GUID));
- if (gPartitionGuidOS != NULL) {
- memcpy(gPartitionGuidOS, &g, sizeof(g));
- }
- }
- }
- MEM_FREE(strTemp);
- }
+ strTemp = MEM_ALLOC(MAX_MSG);
+ gPasswordPictureFileName = MEM_ALLOC(MAX_MSG * 2);
+ ConfigReadString("PasswordPicture", "\\EFI\\VeraCrypt\\login.bmp", strTemp, MAX_MSG);
+ AsciiStrToUnicodeStr(strTemp, gPasswordPictureFileName);
+ MEM_FREE(strTemp);
gPasswordPictureChars = MEM_ALLOC(MAX_MSG);
ConfigReadString("PictureChars", gPasswordPictureCharsDefault, gPasswordPictureChars, MAX_MSG);
gPasswordPictureCharsLen = strlen(gPasswordPictureChars);
gAuthPasswordType = ConfigReadInt("PasswordType", 0);
+
gAuthPasswordMsg = MEM_ALLOC(MAX_MSG);
ConfigReadString("PasswordMsg", "Password:", gAuthPasswordMsg, MAX_MSG);
@@ -150,23 +122,70 @@ VCAuthLoadConfig()
gAuthHashMsg = MEM_ALLOC(MAX_MSG);
gAuthHashRqt = ConfigReadInt("HashRqt", 1);
gAuthHash = ConfigReadInt("Hash", 0);
- ConfigReadString("HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160\n\rHash:", gAuthHashMsg, MAX_MSG);
- gPasswordProgress = (UINT8)ConfigReadInt("AuthorizeProgress", 1);
- gPasswordVisible = (UINT8)ConfigReadInt("AuthorizeVisible", 0);
- gPasswordShowMark = ConfigReadInt("AuthorizeMarkTouch", 1);
+ strTemp = MEM_ALLOC(MAX_MSG);
+ tmp = 1;
+ AsciiSPrint(strTemp, MAX_MSG, "(0) TEST ALL");
+ while (HashGetName(tmp) != NULL && *HashGetName(tmp) != 0)
+ {
+ AsciiSPrint(strTemp, MAX_MSG, "%a (%d) %s", strTemp, tmp, HashGetName(tmp));
+ ++tmp;
+ };
+ AsciiSPrint(strTemp, MAX_MSG, "%a \n\rHash:", strTemp);
+ ConfigReadString("HashMsg", strTemp, gAuthHashMsg, MAX_MSG);
+ MEM_FREE(strTemp);
- gAuthStartMsg = MEM_ALLOC(MAX_MSG);
- ConfigReadString("AuthStartMsg", "Authorizing...\n\r", gAuthStartMsg, MAX_MSG);
- gAuthErrorMsg = MEM_ALLOC(MAX_MSG);
- ConfigReadString("AuthErrorMsg", "Authorization failed. Wrong password, PIM or hash.\n\r", gAuthErrorMsg, MAX_MSG);
- gAuthBootRqt = ConfigReadInt("BootRqt", 0);
+ gAuthBootRqt = ConfigReadInt("BootRqt", 0);
gAuthTcRqt = ConfigReadInt("TcRqt", 0);
- gRUD = ConfigReadInt("RUD", 0);
+
+ gPasswordProgress = (UINT8)ConfigReadInt("AuthorizeProgress", 1); // print "*"
+ gPasswordVisible = (UINT8)ConfigReadInt("AuthorizeVisible", 0); // show chars
+ gPasswordShowMark = ConfigReadInt("AuthorizeMarkTouch", 1); // show touch points
+
+ gDcsBootForce = ConfigReadInt("DcsBootForce", 1); // Ask password even if no USB marked found.
+
+ gForcePasswordMsg = MEM_ALLOC(MAX_MSG);
+ ConfigReadString("ForcePasswordMsg", gAuthPasswordMsg, gForcePasswordMsg, MAX_MSG);
+ gForcePasswordType = ConfigReadInt("ForcePasswordType", gAuthPasswordType);
+ gForcePasswordProgress = (UINT8)ConfigReadInt("ForcePasswordProgress", gPasswordProgress);
+
gAuthRetry = ConfigReadInt("AuthorizeRetry", 10);
+ gAuthStartMsg = MEM_ALLOC(MAX_MSG);
+ ConfigReadString("AuthStartMsg", "Authorizing...\n\r", gAuthStartMsg, MAX_MSG);
+ gAuthErrorMsg = MEM_ALLOC(MAX_MSG);
+ ConfigReadString("AuthErrorMsg", "Authorization failed. Wrong password, PIM or hash.\n\r", gAuthErrorMsg, MAX_MSG);
+
+ gRUD = ConfigReadInt("RUD", 0);
+
gRndDefault = ConfigReadInt("Random", 0);
+ gAuthSecRegionSearch = ConfigReadInt("SecRegionSearch", 0);
+ gPlatformLocked = ConfigReadInt("PlatformLocked", 0);
+ gTPMLocked = ConfigReadInt("TPMLocked", 0);
+ gSCLocked = ConfigReadInt("SCLocked", 0);
+
+ // Actions for DcsInt
+ gOnExitSuccess = MEM_ALLOC(MAX_MSG);
+ ConfigReadString("ActionSuccess", "Exit", gOnExitSuccess, MAX_MSG);
+ gOnExitNotFound = MEM_ALLOC(MAX_MSG);
+ ConfigReadString("ActionNotFound", "Exit", gOnExitNotFound, MAX_MSG);
+ gOnExitFailed = MEM_ALLOC(MAX_MSG);
+ ConfigReadString("ActionFailed", "Exit", gOnExitFailed, MAX_MSG);
+
+ strTemp = MEM_ALLOC(MAX_MSG);
+ ConfigReadString("PartitionGuidOS", "", strTemp, MAX_MSG);
+ if (strTemp[0] != 0) {
+ EFI_GUID g;
+ if (AsciiStrToGuid(&g, strTemp)) {
+ gPartitionGuidOS = MEM_ALLOC(sizeof(EFI_GUID));
+ if (gPartitionGuidOS != NULL) {
+ memcpy(gPartitionGuidOS, &g, sizeof(g));
+ }
+ }
+ }
+ MEM_FREE(strTemp);
+
// touch
tmp = ConfigReadInt("TouchDevice", -1);
if (tmp == -1) InitTouch();
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.h b/Library/VeraCryptLib/DcsVeraCrypt.h
index 41dc6c2..e6ee57c 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.h
+++ b/Library/VeraCryptLib/DcsVeraCrypt.h
@@ -65,6 +65,9 @@ extern UINTN gPlatformKeyFileSize;
extern EFI_GUID *gPartitionGuidOS;
extern int gDcsBootForce;
+extern char* gForcePasswordMsg;
+extern int gForcePasswordType;
+extern UINT8 gForcePasswordProgress;
extern CHAR8* gOnExitFailed;
extern CHAR8* gOnExitSuccess;