VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/BootEncryption.cpp
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2024-08-14 10:58:52 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2024-08-14 10:58:52 +0200
commit17ad739405152ef25b1d97849469270ddfb2bc1b (patch)
tree947e6fe2301ecd428050deea629983082bd1331d /src/Common/BootEncryption.cpp
parentae65707649ece09647626b69a19d7fdd0d1ac017 (diff)
downloadVeraCrypt-17ad739405152ef25b1d97849469270ddfb2bc1b.tar.gz
VeraCrypt-17ad739405152ef25b1d97849469270ddfb2bc1b.zip
Windows: better handling of reading EFI variable to display help error messages in case of failure.
Now we accept the possibility of BootOrder EFI variable to be empty in order to try to solve issues on some PCs.
Diffstat (limited to 'src/Common/BootEncryption.cpp')
-rw-r--r--src/Common/BootEncryption.cpp48
1 files changed, 44 insertions, 4 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 2be81416..9fdcea29 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -2640,10 +2640,27 @@ namespace VeraCrypt
}
void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) {
- SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE);
+ DWORD dwLastError;
+ BOOL bPrivilegesSet = IsPrivilegeEnabled (SE_SYSTEM_ENVIRONMENT_NAME);
+ if (!bPrivilegesSet && !SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE))
+ {
+ dwLastError = GetLastError();
+ wchar_t szMsg[128];
+ StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to set SE_SYSTEM_ENVIRONMENT_NAME privilege (error code 0x.8X)", dwLastError);
+ throw ErrorException(szMsg, SRC_POS);
+ }
// Check EFI
if (!IsEfiBoot()) {
- throw ErrorException(L"can not detect EFI environment", SRC_POS);
+ dwLastError = GetLastError();
+ if (dwLastError != ERROR_SUCCESS)
+ {
+ if (!bPrivilegesSet)
+ SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
+ // format message to append the error code to the exception message
+ wchar_t szMsg[128];
+ StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x.8X)", dwLastError);
+ throw ErrorException(szMsg, SRC_POS);
+ }
}
wchar_t varName[256];
StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
@@ -2686,13 +2703,33 @@ namespace VeraCrypt
SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, startOrder, 0);
}
}
+
+ if (!bPrivilegesSet)
+ SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
}
void EfiBoot::SetStartExec(wstring description, wstring execPath, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
- SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE);
+ DWORD dwLastError;
+ BOOL bPrivilegesSet = IsPrivilegeEnabled (SE_SYSTEM_ENVIRONMENT_NAME);
+ if (!bPrivilegesSet && !SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE))
+ {
+ dwLastError = GetLastError();
+ wchar_t szMsg[128];
+ StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to set SE_SYSTEM_ENVIRONMENT_NAME privilege (error code 0x.8X)", dwLastError);
+ throw ErrorException(szMsg, SRC_POS);
+ }
// Check EFI
if (!IsEfiBoot()) {
- throw ErrorException(L"can not detect EFI environment", SRC_POS);
+ dwLastError = GetLastError();
+ if (dwLastError != ERROR_SUCCESS)
+ {
+ if (!bPrivilegesSet)
+ SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
+ // format message to append the error code to the exception message
+ wchar_t szMsg[1024];
+ StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x.8X)", dwLastError);
+ throw ErrorException(szMsg, SRC_POS);
+ }
}
if (bDeviceInfoValid)
@@ -2866,6 +2903,9 @@ namespace VeraCrypt
SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2);
}
+
+ if (!bPrivilegesSet)
+ SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
}
bool EfiBoot::CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2)