VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/Library
diff options
context:
space:
mode:
Diffstat (limited to 'Library')
-rw-r--r--Library/PasswordLib/ConsolePassword.c14
-rw-r--r--Library/PasswordLib/PicturePassword.c21
-rw-r--r--Library/VeraCryptLib/DcsProp182
-rw-r--r--Library/VeraCryptLib/DcsVeraCrypt.c5
-rw-r--r--Library/VeraCryptLib/DcsVeraCrypt.h2
-rw-r--r--Library/VeraCryptLib/mklinks_src.bat2
6 files changed, 226 insertions, 0 deletions
diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c
index 797ee4a..6894b50 100644
--- a/Library/PasswordLib/ConsolePassword.c
+++ b/Library/PasswordLib/ConsolePassword.c
@@ -31,6 +31,20 @@ AskConsolePwdInt(
UINTN i;
gST->ConOut->EnableCursor(gST->ConOut, TRUE);
+ if (gPasswordTimeout) {
+ EFI_EVENT InputEvents[2];
+ UINTN EventIndex = 0;
+ InputEvents[0] = gST->ConIn->WaitForKey;
+ gBS->CreateEvent(EVT_TIMER, 0, (EFI_EVENT_NOTIFY)NULL, NULL, &InputEvents[1]);
+ gBS->SetTimer(InputEvents[1], TimerPeriodic, 10000000 * gPasswordTimeout);
+ gBS->WaitForEvent(2, InputEvents, &EventIndex);
+ gPasswordTimeout = 0;
+ gBS->CloseEvent(InputEvents[1]);
+ if (EventIndex == 1) {
+ *retCode = AskPwdRetCancel;
+ return ;
+ }
+ }
do {
key = GetKey();
diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c
index c3831ad..4e46f47 100644
--- a/Library/PasswordLib/PicturePassword.c
+++ b/Library/PasswordLib/PicturePassword.c
@@ -31,9 +31,11 @@ UINTN gPasswordPictureCharsLen = 95;
UINT8 gPasswordVisible = 0;
int gPasswordShowMark = 1;
UINT8 gPasswordProgress = 1;
+int gPasswordTimeout = 0;
int gPlatformLocked = 0;
int gTPMLocked = 0;
+int gTPMLockedInfoDelay = 9;
int gSCLocked = 0;
@@ -282,6 +284,25 @@ AskPictPwdInt(
UINTN pwdAction = PwdActNone;
CHAR8 pwdNewChar = 0;
+ if (gPasswordTimeout) {
+ UINTN EventIndex = 0;
+ InputEvents[0] = gST->ConIn->WaitForKey;
+ eventsCount = 2;
+ if (gTouchPointer != NULL) {
+ eventsCount = 3;
+ InputEvents[2] = gTouchPointer->WaitForInput;
+ }
+ gBS->CreateEvent(EVT_TIMER, 0, (EFI_EVENT_NOTIFY)NULL, NULL, &InputEvents[1]);
+ gBS->SetTimer(InputEvents[1], TimerPeriodic, 10000000 * gPasswordTimeout);
+ gBS->WaitForEvent(eventsCount, InputEvents, &EventIndex);
+ gPasswordTimeout = 0;
+ gBS->CloseEvent(InputEvents[1]);
+ if (EventIndex == 1) {
+ *retCode = AskPwdRetCancel;
+ return;
+ }
+ }
+
InitConsoleControl();
if (gBeepEnabled) {
InitSpeaker();
diff --git a/Library/VeraCryptLib/DcsProp b/Library/VeraCryptLib/DcsProp
new file mode 100644
index 0000000..e0b6691
--- /dev/null
+++ b/Library/VeraCryptLib/DcsProp
@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="utf-8"?>
+<VeraCrypt>
+ <!-- EFI boot DCS configuration -->
+ <configuration>
+ <!-- PasswordType 0/1
+ 0 - text message is displayed
+ PasswordMsg to specify message
+ 1 - touch picture password if touch is supported by EFI. check PlatformInfo
+ PasswordPicture to specify bitmap
+ -->
+ <config key="PasswordType">0</config>
+ <config key="PasswordMsg">Password:</config>
+ <config key="PasswordPicture">EFI\VeraCrypt\login.bmp</config>
+
+ <!-- Show "*" on each key pressed or picture zone touched -->
+ <config key="AuthorizeProgress">1</config>
+ <!-- Show chars on each key press -->
+ <config key="AuthorizeVisible">0</config>
+ <!-- Show zones touched -->
+ <config key="AuthorizeMarkTouch">0</config>
+
+ <!-- Number of authorization retries -->
+ <config key="AuthorizeRetry">10</config>
+ <!-- Timeout in seconds before <ESC> from password prompt -->
+ <config key="PasswordTimeout">0</config>
+
+ <!-- authorization start message -->
+ <config key="AuthStartMsg">Authorizing...</config>
+ <!-- authorization error message -->
+ <config key="AuthErrorMsg">Authorization failed. Wrong password, PIM or hash.</config>
+
+ <!-- PictureChars specifies PasswordPicture alphabet order
+ It is possible to save it on external USB if SecRegionSearch selected
+ -->
+ <!-- config key="PictureChars">MN/[aQ-eyPr}GT: |V^UqiI_gbdA9YwZ%f8t6S@D\"7uXl\\30R#+zH*,W4J?= BLFv]hx~E;$ .o'sp1`(>C)O{!5j2nmkcK</config -->
+
+ <!-- AutoLogin 0/1
+ Posibility to avoid password prompt
+ AutoPassword is password by default
+ Use it with PlatformLocked or TPMLocked enabled to lock password to the computer.
+ -->
+ <config key="AutoLogin">0</config>
+ <config key="AutoPassword"></config>
+
+ <!-- PimRqt 0/1
+ Request PIM during authorization
+ PimMsg - message
+ Pim - default value
+ -->
+ <config key="PimMsg">Pim:</config>
+ <config key="Pim">0</config>
+ <config key="PimRqt">1</config>
+
+ <!-- HashRqt 0/1
+ Request hash during authorization
+ HashMsg - message. It is generated if not specified
+ Hash - default value
+ -->
+ <!-- config key="HashMsg">(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG
+Hash:</config-->
+ <config key="Hash">0</config>
+ <config key="HashRqt">0</config>
+
+ <!-- PlatformLocked 0/1 (it is controled by <F7>)
+ Password is mixed with data from SMBIOS and USB serial structures
+ to avoid authorization on another computer
+ -->
+ <config key="PlatformLocked">0</config>
+
+ <!-- TPMLocked 0/1 (it is controled by <F8>)
+ Password is mixed with data from TPM
+ data is in TPM NVRAM and the data is locked to PCRs selected (use configuration <F2> and "c" "t")
+ BIOS modification or any other boot module blocks authorization with TPMLocked=1
+ DcsProp is measured to PCR8 also.
+ TPM 1.2 support only.
+ -->
+ <config key="TPMLocked">0</config>
+ <!-- Display error if TPM configured and locked before password to inform user with pause (sec) -->
+ <config key="TPMLockedInfoDelay">0</config>
+
+ <!-- Random generator to generate salt to change password <F2> function key
+ 2 RDRAND
+ 3 PRNDGEN but state hast to be saved on external USB
+ 5 TPM 1.2 if pressent
+ -->
+ <config key="Random">2</config>
+
+ <!-- RUD - Require USB device (authorization started if the USB is attached. "what I have")
+ 0 - skip
+ NNNN - CRC32 decimal value of USB "VID_PID_SERIAL" string
+ It is possible to configure via DcsWinCfg
+ or from EFI shell: DcsCfg.dcs -ul
+ -->
+ <config key="RUD">0</config>
+
+ <!-- Try to find security region -->
+ <config key="SecRegionSearch">0</config>
+ <!-- Display device of RUD or SecRegion found with pause (sec) -->
+ <config key="SecRegionInfoDelay">0</config>
+
+ <!-- Ask password even no USB with SecRegions found
+ ForcePasswordMsg, ForcePasswordType,ForcePasswordProgress keys can overide default values
+ -->
+ <config key="DcsBootForce">1</config>
+
+ <!--
+ to find OS partition GUID if ESP and OS uses diffrent disks
+ -->
+ <!-- config key="PartitionGuidOS">XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</config-->
+
+
+ <!-- Actions
+ Success - authorization OK
+ NotFound - RUD of SecRegion search failed
+ Failed - <ESC> pressed or AuthorizeRetry limit
+
+ It can contain several keywords space separated
+
+ Keywords:
+ Exit – simple exit (default)
+ Status(code) – override exit status code (0 is OK)
+ File(path) – path to file to be executed
+ Guid(xxx-x..) – GUID of partition with file to be executed
+ Printinfo – print guid, file and status.
+ Message(msg) – message to display for the action
+ Postexec – send loader path to DcsBoot to execute after exit
+ Exec – execute module
+ Halt – CPU halt
+ Delay(N) – delay boot
+ -->
+ <config key="ActionSuccess">Exit</config>
+ <config key="ActionNotFound">Exit</config>
+ <config key="ActionFailed">Exit</config>
+
+ <!-- Devices to configure PicturePassword if possible. Check PlatformInfo of your computer
+ GraphDevice - Graphics device and mode
+ TouchDevice - Touch device
+ BeepDevice - ordinary speaker to beep on touch zone
+ -->
+
+ <!-- GraphDevice
+ -1 - initialize + autodetect
+ -2 - ignore
+ <n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
+ -->
+ <config key="GraphDevice">-1</config>
+
+ <!-- GraphMode
+ -1 default (see PlatformInfo. or use DcsCfg.dcs -gm <n> to test)
+ -->
+ <config key="GraphMode">-1</config>
+
+ <!--
+ TouchDevice
+ -1 init + autodetect
+ -2 ignore;
+ <N> number in list of devices (See platformInfo or use DcsCfg -tl and to test DcsCfg -tt <N>)
+ -->
+ <config key="TouchDevice">-1</config>
+
+ <!-- TouchSimulate to use keyboard arrows to move touch <F11>/<F12> speed -->
+ <config key="TouchSimulate">1</config>
+
+ <!-- 0/1 Beep if picture zone touched -->
+ <config key="Beep">0</config>
+
+ <!-- BeepDevice (LegacySpeaker.dcs driver is used to support)
+ -1 - initialize + autodetect
+ <n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
+ -->
+ <config key="BeepDevice">-1</config>
+
+ <!-- Beep paramters -->
+ <config key="BeepNumber">1</config>
+ <config key="BeepDuration">100</config>
+ <config key="BeepInterval">0</config>
+ <config key="BeepTone">1280</config>
+ <!-- <F4> enable/disable beeps -->
+ <config key="BeepControl">1</config>
+
+ </configuration>
+</VeraCrypt> \ No newline at end of file
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c
index f4a1e27..5d9be88 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.c
+++ b/Library/VeraCryptLib/DcsVeraCrypt.c
@@ -66,6 +66,7 @@ char* gAuthStartMsg = NULL;
INT32 gRUD = 0;
int gAuthSecRegionSearch = 0;
+int gSecRegionInfoDelay = 0;
CHAR8* gPlatformKeyFile = NULL;
UINTN gPlatformKeyFileSize = 0;
@@ -146,6 +147,7 @@ VCAuthLoadConfig()
gPasswordProgress = (UINT8)ConfigReadInt("AuthorizeProgress", 1); // print "*"
gPasswordVisible = (UINT8)ConfigReadInt("AuthorizeVisible", 0); // show chars
gPasswordShowMark = ConfigReadInt("AuthorizeMarkTouch", 1); // show touch points
+ gPasswordTimeout = (UINT8)ConfigReadInt("PasswordTimeout", 0); // If no password for <seconds> => <ESC>
gDcsBootForce = ConfigReadInt("DcsBootForce", 1); // Ask password even if no USB marked found.
@@ -165,8 +167,11 @@ VCAuthLoadConfig()
gRndDefault = ConfigReadInt("Random", 0);
gAuthSecRegionSearch = ConfigReadInt("SecRegionSearch", 0);
+ gSecRegionInfoDelay = ConfigReadInt("SecRegionInfoDelay", 0);
+
gPlatformLocked = ConfigReadInt("PlatformLocked", 0);
gTPMLocked = ConfigReadInt("TPMLocked", 0);
+ gTPMLockedInfoDelay = ConfigReadInt("TPMLockedInfoDelay", 9);
gSCLocked = ConfigReadInt("SCLocked", 0);
// Actions for DcsInt
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.h b/Library/VeraCryptLib/DcsVeraCrypt.h
index e6ee57c..f7a3c8f 100644
--- a/Library/VeraCryptLib/DcsVeraCrypt.h
+++ b/Library/VeraCryptLib/DcsVeraCrypt.h
@@ -53,9 +53,11 @@ extern char* gAuthErrorMsg;
extern INT32 gRUD;
extern int gAuthSecRegionSearch;
+extern int gSecRegionInfoDelay;
extern int gPlatformLocked;
extern int gTPMLocked;
+extern int gTPMLockedInfoDelay;
extern int gSCLocked;
extern int gAuthPwdCode;
diff --git a/Library/VeraCryptLib/mklinks_src.bat b/Library/VeraCryptLib/mklinks_src.bat
index 1126cfa..a62298e 100644
--- a/Library/VeraCryptLib/mklinks_src.bat
+++ b/Library/VeraCryptLib/mklinks_src.bat
@@ -1,6 +1,8 @@
@echo off
pushd %~dp0
+if "%veracrypt_src%"=="" if exist %CD:~0,-28%\VeraCrypt\src set veracrypt_src=%CD:~0,-28%\VeraCrypt\src
+
call :select_path "%veracrypt_src%" "Select VeraCrypt directory:"
set veracrypt_src=%select_path_result%