VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--DcsBml/DcsBml.c80
-rw-r--r--DcsBml/DcsBml.h4
-rw-r--r--DcsBoot/DcsBoot.c6
-rw-r--r--DcsInt/DcsInt.c4
-rw-r--r--Include/Library/CommonLib.h10
-rw-r--r--Include/Protocol/DcsBmlProto.h6
-rw-r--r--Library/CommonLib/EfiBml.c2
7 files changed, 62 insertions, 50 deletions
diff --git a/DcsBml/DcsBml.c b/DcsBml/DcsBml.c
index 7b37d1f..dd19a30 100644
--- a/DcsBml/DcsBml.c
+++ b/DcsBml/DcsBml.c
@@ -33,7 +33,7 @@ typedef struct _BML_GLOBALS {
} BML_GLOBALS, *PBML_GLOBALS;
STATIC PBML_GLOBALS gBmlData = NULL;
-STATIC BOOLEAN BootMenuLocked = TRUE;
+STATIC BOOLEAN BootMenuLocked = FALSE;
EFI_EVENT mBmlVirtualAddrChangeEvent;
EFI_SET_VARIABLE orgSetVariable = NULL;
@@ -81,11 +81,37 @@ BmlVirtualNotifyEvent(
}
//////////////////////////////////////////////////////////////////////////
-// DcsBml protocol to control lock in BS mode
+// Boot order
//////////////////////////////////////////////////////////////////////////
CHAR16* sDcsBootEfi = L"EFI\\VeraCrypt\\DcsBoot.efi";
CHAR16* sDcsBootEfiDesc = L"VeraCrypt(DCS) loader";
+EFI_STATUS
+UpdateBootOrder()
+{
+ EFI_STATUS res;
+ UINTN len;
+ UINT32 attr;
+ CHAR16* tmp = NULL;
+ res = EfiGetVar(L"BootDC5B", &gEfiGlobalVariableGuid, &tmp, &len, &attr);
+ if (EFI_ERROR(res)) {
+ InitFS();
+ res = BootMenuItemCreate(L"BootDC5B", sDcsBootEfiDesc, gFileRootHandle, sDcsBootEfi, TRUE);
+ res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
+ }
+ else {
+ UINTN boIndex = 1;
+ if (EFI_ERROR(BootOrderPresent(L"BootOrder", 0x0DC5B, &boIndex)) || boIndex != 0) {
+ res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
+ }
+ }
+ MEM_FREE(tmp);
+ return res;
+}
+
+//////////////////////////////////////////////////////////////////////////
+// DcsBml protocol to control lock in BS mode
+//////////////////////////////////////////////////////////////////////////
GUID gEfiDcsBmlProtocolGuid = EFI_DCSBML_INTERFACE_PROTOCOL_GUID;
EFI_DCSBML_PROTOCOL gEfiDcsBmlProtocol = {
BootMenuLock
@@ -94,9 +120,22 @@ EFI_DCSBML_PROTOCOL gEfiDcsBmlProtocol = {
EFI_STATUS
BootMenuLock(
IN EFI_DCSBML_PROTOCOL *This,
- IN BOOLEAN Lock
+ IN UINT32 LockFlags
) {
- BootMenuLocked = Lock;
+ if ((LockFlags & BML_UPDATE_BOOTORDER) == BML_UPDATE_BOOTORDER) {
+ UpdateBootOrder();
+ }
+ if ((LockFlags & BML_SET_BOOTNEXT) == BML_SET_BOOTNEXT) {
+ UINT16 DcsBootNum = 0x0DC5B;
+ EfiSetVar(L"BootNext", &gEfiGlobalVariableGuid, &DcsBootNum, sizeof(DcsBootNum), EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ }
+ if ((LockFlags & BML_LOCK_SETVARIABLE) == BML_LOCK_SETVARIABLE) {
+ if (orgSetVariable == NULL) {
+ BootMenuLocked = TRUE;
+ orgSetVariable = gST->RuntimeServices->SetVariable;
+ gST->RuntimeServices->SetVariable = BmlSetVaribale;
+ }
+ }
return EFI_SUCCESS;
}
@@ -138,33 +177,6 @@ DcsBmlUnload(
return EFI_SUCCESS;
}
-//////////////////////////////////////////////////////////////////////////
-// Boot order
-//////////////////////////////////////////////////////////////////////////
-EFI_STATUS
-UpdateBootOrder()
-{
- EFI_STATUS res;
- UINT16 DcsBootNum = 0x0DC5B;
- UINTN boIndex = 1;
- UINTN len;
- UINT32 attr;
- CHAR16* tmp = NULL;
- res = EfiGetVar(L"BootDC5B", &gEfiGlobalVariableGuid, &tmp, &len, &attr);
- if (EFI_ERROR(res)) {
- InitFS();
- res = BootMenuItemCreate(L"BootDC5B", sDcsBootEfiDesc, gFileRootHandle, sDcsBootEfi, TRUE);
- res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
- } else {
- if (EFI_ERROR(BootOrderPresent(L"BootOrder", 0x0DC5B, &boIndex)) || boIndex != 0) {
- res = BootOrderInsert(L"BootOrder", 0, 0x0DC5B);
- }
- }
- res = EfiSetVar(L"BootNext", &gEfiGlobalVariableGuid, &DcsBootNum, sizeof(DcsBootNum), EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS);
- MEM_FREE(tmp);
- return res;
-}
-
/**
The actual entry point for the application.
@@ -232,11 +244,5 @@ DcsBmlMain(
return res;
}
- UpdateBootOrder();
-
- orgSetVariable = gST->RuntimeServices->SetVariable;
- gST->RuntimeServices->SetVariable = BmlSetVaribale;
-
- // Prepare BootDC5B
return EFI_SUCCESS;
}
diff --git a/DcsBml/DcsBml.h b/DcsBml/DcsBml.h
index df639fc..8a11633 100644
--- a/DcsBml/DcsBml.h
+++ b/DcsBml/DcsBml.h
@@ -57,8 +57,8 @@ extern EFI_DCSBML_PROTOCOL gEfiDcsBmlProtocol;
EFI_STATUS
BootMenuLock(
- IN EFI_DCSBML_PROTOCOL *This,
- IN BOOLEAN Lock
+ IN EFI_DCSBML_PROTOCOL *This,
+ IN UINT32 LockFlags
);
diff --git a/DcsBoot/DcsBoot.c b/DcsBoot/DcsBoot.c
index de79e93..f897a48 100644
--- a/DcsBoot/DcsBoot.c
+++ b/DcsBoot/DcsBoot.c
@@ -18,6 +18,7 @@ https://opensource.org/licenses/LGPL-3.0
#include <Library/DevicePathLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/PrintLib.h>
+#include <Protocol/DcsBmlProto.h>
#include "DcsConfig.h"
#include <Guid/Gpt.h>
#include <Guid/GlobalVariable.h>
@@ -37,6 +38,11 @@ DoExecCmd()
if (!EFI_ERROR(res)) {
res = FileOpenRoot(gFileRootHandle, &gFileRoot);
if (!EFI_ERROR(res)) {
+ UINT32 lockFlags = 0;
+ // Lock EFI boot variables
+ InitBml();
+ lockFlags = ConfigReadInt("DcsBmlLockFlags", BML_LOCK_SETVARIABLE | BML_SET_BOOTNEXT | BML_UPDATE_BOOTORDER);
+ BmlLock(lockFlags);
res = EfiExec(NULL, gEfiExecCmd);
AsciiSPrint(gDoExecCmdMsg, sizeof(gDoExecCmdMsg), "\nCan't exec %s start partition %g\n", gEfiExecCmd, gEfiExecPartGuid);
} else {
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c
index 4b84256..3dad27e 100644
--- a/DcsInt/DcsInt.c
+++ b/DcsInt/DcsInt.c
@@ -1153,10 +1153,6 @@ UefiMain(
return OnExit(gOnExitFailed, OnExitAuthFaild, res);
}
- // Lock EFI boot variables
- InitBml();
- BmlLock(TRUE);
-
// Install decrypt
res = EfiLibInstallDriverBindingComponentName2(
ImageHandle,
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h
index cd7e068..9a15afd 100644
--- a/Include/Library/CommonLib.h
+++ b/Include/Library/CommonLib.h
@@ -29,10 +29,10 @@ https://opensource.org/licenses/LGPL-3.0
//////////////////////////////////////////////////////////////////////////
extern UINTN gCELine;
#define CE(ex) gCELine = __LINE__; if(EFI_ERROR(res = ex)) goto err
-
-#ifndef CSTATIC_ASSERT
-#define CSTATIC_ASSERT(b, name) typedef int StaticAssertFailed##name[b ? 1 : -1];
-#endif
+
+#ifndef CSTATIC_ASSERT
+#define CSTATIC_ASSERT(b, name) typedef int StaticAssertFailed##name[b ? 1 : -1];
+#endif
//////////////////////////////////////////////////////////////////////////
// defines
@@ -564,7 +564,7 @@ InitBml();
EFI_STATUS
BmlLock(
- IN BOOLEAN lock
+ IN UINT32 lock
);
diff --git a/Include/Protocol/DcsBmlProto.h b/Include/Protocol/DcsBmlProto.h
index 9fafa97..2a04d89 100644
--- a/Include/Protocol/DcsBmlProto.h
+++ b/Include/Protocol/DcsBmlProto.h
@@ -29,6 +29,10 @@ https://opensource.org/licenses/LGPL-3.0
typedef struct _EFI_DCSBML_PROTOCOL EFI_DCSBML_PROTOCOL;
+#define BML_LOCK_SETVARIABLE 0x1
+#define BML_UPDATE_BOOTORDER 0x2
+#define BML_SET_BOOTNEXT 0x4
+
//
// Lock boot menu
//
@@ -36,7 +40,7 @@ typedef
EFI_STATUS
(EFIAPI *EFI_BOOT_MENU_LOCK) (
IN EFI_DCSBML_PROTOCOL *This,
- IN BOOLEAN Lock
+ IN UINT32 LockFlags
);
diff --git a/Library/CommonLib/EfiBml.c b/Library/CommonLib/EfiBml.c
index 184ca75..f7b55aa 100644
--- a/Library/CommonLib/EfiBml.c
+++ b/Library/CommonLib/EfiBml.c
@@ -46,7 +46,7 @@ InitBml() {
EFI_STATUS
BmlLock(
- IN BOOLEAN lock
+ IN UINT32 lock
)
{
if (gBml != NULL) {