diff options
Diffstat (limited to 'DcsInt')
-rw-r--r-- | DcsInt/DcsInt.c | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c index 6d008cc..af2391b 100644 --- a/DcsInt/DcsInt.c +++ b/DcsInt/DcsInt.c @@ -23,6 +23,7 @@ https://opensource.org/licenses/LGPL-3.0 #include <Library/PasswordLib.h>
#include <Library/BaseLib.h>
#include <Library/DcsCfgLib.h>
+#include <Library/DcsTpmLib.h>
#include "common/Tcdefs.h"
#include "common/Crypto.h"
@@ -262,7 +263,7 @@ IntBlockIO_Write( writeCrypted = MEM_ALLOC(BufferSize);
if (writeCrypted == NULL) {
Status = EFI_BAD_BUFFER_SIZE;
- return Status; + return Status;
}
CopyMem(writeCrypted, Buffer, BufferSize);
// Print(L"*");
@@ -354,7 +355,7 @@ IntBlockIo_Hook( DcsIntBlockIo->Controller = DeviceHandle;
DcsIntBlockIo->BlockIo = BlockIo;
DcsIntBlockIo->IsReinstalled = 0;
-// Block +// Block
// Tpl = gBS->RaiseTPL(TPL_NOTIFY);
// Install new routines
DcsIntBlockIo->CryptInfo = SecRegionCryptInfo;
@@ -570,28 +571,28 @@ SecRegionChangePwd() { if (vcres != 0) {
ERR_PRINT(L"header create error(%x)\n", vcres);
- Status = EFI_INVALID_PARAMETER; - goto ret; + Status = EFI_INVALID_PARAMETER;
+ goto ret;
}
// get BlockIo protocol
bio = EfiGetBlockIO(SecRegionHandle);
if (bio == NULL) {
ERR_PRINT(L"Block io not supported\n,");
- Status = EFI_NOT_FOUND; - goto ret; + Status = EFI_NOT_FOUND;
+ goto ret;
}
Status = bio->WriteBlocks(bio, bio->Media->MediaId, SecRegionSector, 512, Header);
if (EFI_ERROR(Status)) {
ERR_PRINT(L"Write: %r\n", Status);
- goto ret; + goto ret;
}
CopyMem(&gAuthPassword, &newPassword, sizeof(gAuthPassword));
CopyMem(SecRegionData + SecRegionOffset, Header, 512);
ERR_PRINT(L"Update (%r)\n", Status);
- -ret: +
+ret:
MEM_BURN(&newPassword, sizeof(newPassword));
MEM_BURN(&confirmPassword, sizeof(confirmPassword));
return Status;
@@ -644,7 +645,7 @@ SecRegionTryDecrypt() } while (SecRegionOffset < SecRegionSize && vcres != 0);
if (vcres == 0) {
OUT_PRINT(L"Success\n");
- OUT_PRINT(L"start %lld len %lld\n", SecRegionCryptInfo->EncryptedAreaStart.Value, SecRegionCryptInfo->EncryptedAreaLength.Value);
+ OUT_PRINT(L"Start %d %lld len %lld\n", SecRegionOffset / (1024*128), SecRegionCryptInfo->EncryptedAreaStart.Value, SecRegionCryptInfo->EncryptedAreaLength.Value);
break;
} else {
ERR_PRINT(L"Authorization failed. Wrong password, PIM or hash. Decrypt error(%x)\n\r", vcres);
@@ -963,6 +964,7 @@ UefiMain( if (key.UnicodeChar != 0) {
GetKey();
}
+ OUT_PRINT(L"\n");
}
} else if (gRUD != 0) {
// RUD defined
@@ -1020,12 +1022,26 @@ UefiMain( return res;
}
+ res = GetTpm(); // Try to get TPM
+ if (!EFI_ERROR(res)) {
+ if (gConfigBuffer != NULL) {
+ TpmMeasure(gConfigBuffer, gConfigBufferSize); // Measure configuration
+ }
+ RndInit(RndTypeTpm, NULL, 0, &gRnd);
+ if (gTpm->IsConfigured(gTpm) && !gTpm->IsOpen(gTpm)) {
+ ERR_PRINT(L"TPM is configured but locked. Probably boot chain is modified!\n");
+ KeyWait(L"%1d\r", 9, 0, 0);
+ }
+ }
+
DetectX86Features();
res = SecRegionTryDecrypt();
- - // Reset Console buffer - gST->ConIn->Reset(gST->ConIn, FALSE); - + if (gTpm != NULL) {
+ gTpm->Lock(gTpm);
+ }
+ // Reset Console buffer
+ gST->ConIn->Reset(gST->ConIn, FALSE);
+
if (EFI_ERROR(res)) {
return OnExit(gOnExitFailed, OnExitAuthFaild, res);
}
|