status = TCReadDevice (LowerDeviceObject, ioBuffer, offset, TC_SECTOR_SIZE_BIOS);

if (NT_SUCCESS (status))

{

NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

XSTATE_SAVE SaveState;

if (IsCpuIntel() && HasSAVX())

#endif

WHIRLPOOL_add (ioBuffer, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &whirlpool);

WHIRLPOOL_add (ioBuffer + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &whirlpool);

sha512_end (&BootLoaderFingerprint [WHIRLPOOL_DIGESTSIZE], &sha2);

}

#endif

}

else

}

{

BOOL hiddenVolume = (BootArgs.HiddenSystemPartitionStart != 0);

int64 hiddenHeaderOffset = BootArgs.HiddenSystemPartitionStart + TC_HIDDEN_VOLUME_HEADER_OFFSET;

NTSTATUS status;

LARGE_INTEGER offset;

int pkcs5_prf = 0, pim = 0;

PARTITION_INFORMATION_EX pi;

BOOL bIsGPT = FALSE;

Extension->Queue.MaxReadAheadOffset = BootDriveLength;

/* encrypt keys */

if (IsRamEncryptionEnabled())

{

VcProtectKeys (Extension->HeaderCryptoInfo, VcGetEncryptionID (Extension->HeaderCryptoInfo));

VcProtectKeys (Extension->Queue.CryptoInfo, VcGetEncryptionID (Extension->Queue.CryptoInfo));

}

status = EncryptedIoQueueStart (&Extension->Queue);

if (!NT_SUCCESS (status))

TC_BUG_CHECK (status);

{

}

// Hidden system hibernation is not supported if an extra boot partition is present as the system is not allowed to update the boot partition

if (IsHiddenSystemRunning() && (BootArgs.Flags & TC_BOOT_ARGS_FLAG_EXTRA_BOOT_PARTITION))

uint64 encryptedAreaLength = Extension->Queue.EncryptedAreaEnd + 1 - Extension->Queue.EncryptedAreaStart;

uint8 *fieldPos = header + TC_HEADER_OFFSET_ENCRYPTED_AREA_LENGTH;

PCRYPTO_INFO pCryptoInfo = Extension->HeaderCryptoInfo;

CRYPTO_INFO tmpCI;

if (IsRamEncryptionEnabled())

{

VcUnprotectKeys (&tmpCI, VcGetEncryptionID (pCryptoInfo));

pCryptoInfo = &tmpCI;

}

DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, pCryptoInfo);

mputLong (fieldPos, headerCrc32);

EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, pCryptoInfo);

if (IsRamEncryptionEnabled())

{

burn (&tmpCI, sizeof (CRYPTO_INFO));

}

}

status = TCWriteDevice (Extension->LowerDeviceObject, header, offset, TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE);

static VOID MountDriveWorkItemRoutine (PDEVICE_OBJECT deviceObject, DriveFilterExtension *filterExtension)

{

CheckDeviceTypeAndMount (filterExtension);

KeSetEvent (&filterExtension->MountWorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);

}

static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilterExtension *Extension, PIO_STACK_LOCATION irpSp)

{

NTSTATUS status;

Dump ("IRP_MJ_POWER minor=%d type=%d shutdown=%d\n", (int) irpSp->MinorFunction, (int) irpSp->Parameters.Power.Type, (int) irpSp->Parameters.Power.ShutdownType);

if (SetupInProgress

// Dismount the system drive on shutdown on Windows 7 and later

if (DriverShuttingDown

&& EraseKeysOnShutdown

&& Extension->BootDrive

&& Extension->DriveMounted

&& irpSp->MinorFunction == IRP_MN_SET_POWER

&& irpSp->Parameters.Power.Type == DevicePowerState)

{

DismountDrive (Extension, TRUE);

ClearSecurityParameters ();

}

PoStartNextPowerIrp (Irp);

{

BOOL bBlockTrim = BlockSystemTrimCommand || IsHiddenSystemRunning();

NTSTATUS status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);

if (!NT_SUCCESS (status))

return TCCompleteIrp (Irp, status, 0);

Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES\n");

if (bBlockTrim)

{

DWORD inputLength = irpSp->Parameters.DeviceIoControl.InputBufferLength;

if (inputLength >= sizeof (DEVICE_MANAGE_DATA_SET_ATTRIBUTES))

{

return status;

}

{

irp->IoStatus.Information = 0;

if (BootDriveFound && BootDriveFilterExtension && BootDriveFilterExtension->DriveMounted)

InvalidateDriveFilterKeys (BootDriveFilterExtension);

ClearSecurityParameters();

irp->IoStatus.Status = STATUS_SUCCESS;

}

}

{

LARGE_INTEGER offset;

ReopenBootVolumeHeaderRequest *request = (ReopenBootVolumeHeaderRequest *) irp->AssociatedIrp.SystemBuffer;

irp->IoStatus.Information = 0;

goto ret;

}

if (IsRamEncryptionEnabled())

{

VcUnprotectKeys (BootDriveFilterExtension->HeaderCryptoInfo, VcGetEncryptionID (BootDriveFilterExtension->HeaderCryptoInfo));

}

if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, request->pim, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)

{

Dump ("Header reopened\n");

if (IsRamEncryptionEnabled())

{

VcProtectKeys (BootDriveFilterExtension->HeaderCryptoInfo, VcGetEncryptionID(BootDriveFilterExtension->HeaderCryptoInfo));

}

ComputeBootLoaderFingerprint (BootDriveFilterExtension->LowerDeviceObject, header);

BootDriveFilterExtension->Queue.CryptoInfo->pkcs5 = BootDriveFilterExtension->HeaderCryptoInfo->pkcs5;

typedef struct

{

uint8 FieldPad1[64];

HiberDriverWriteFunctionB WriteFunctionB;

uint8 FieldPad2[56];

HiberDriverWriteFunctionA WriteFunctionA;

uint8 FieldPad3[24];

LARGE_INTEGER PartitionStartOffset;

typedef struct

{

LIST_ENTRY ModuleList;

uint8 FieldPad1[32];

PVOID ModuleBaseAddress;

HiberDriverEntry ModuleEntryAddress;

uint8 FieldPad2[24];

UNICODE_STRING ModuleName;

} ModuleTableItem;

ModuleTableItem *moduleItem;

LIST_ENTRY *listEntry;

KIRQL origIrql;

if (!imageInfo || !imageInfo->SystemModeImage || !imageInfo->ImageBase || !TCDriverObject->DriverSection)

return;

}

static VOID SetupThreadProc (PVOID threadArg)

{

DriveFilterExtension *Extension = BootDriveFilterExtension;

// wipeRandCharsUpdate instead of relying on uninitialized stack memory

ChaCha20RngCtx rngCtx;

uint8 pbSeed[CHACHA20RNG_KEYSZ + CHACHA20RNG_IVSZ];

GetDriverRandomSeed (pbSeed, sizeof (pbSeed));

ChaCha20RngInit (&rngCtx, pbSeed, GetDriverRandomSeed, 0);

}

{

if (ValidateIOBufferSize (irp, sizeof (VOLUME_PROPERTIES_STRUCT), ValidateOutput))

{

}

{

/* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */

}

{

if (ValidateIOBufferSize (irp, sizeof (uint16), ValidateOutput))

{

}

}

{

if (ValidateIOBufferSize (irp, sizeof (BootLoaderFingerprintRequest), ValidateOutput))

{

BootLoaderFingerprintRequest *bootLoaderFingerprint = (BootLoaderFingerprintRequest *) irp->AssociatedIrp.SystemBuffer;

/* compute the fingerprint again and check if it is the same as the one retrieved during boot */

if (!header)

{

irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;

}

}

{

if (ValidateIOBufferSize (irp, sizeof (GetBootEncryptionAlgorithmNameRequest), ValidateOutput))

{

static VOID DecoySystemWipeThreadProc (PVOID threadArg)

{

DriveFilterExtension *Extension = BootDriveFilterExtension;

LARGE_INTEGER offset;

goto err;

}

if (IsRamEncryptionEnabled ())

VcProtectKeys (wipeCryptoInfo, VcGetEncryptionID (wipeCryptoInfo));

EncryptDataUnits (wipeRandBuffer, &dataUnit, wipeBlockSize / ENCRYPTION_DATA_UNIT_SIZE, wipeCryptoInfo);

memcpy (wipeRandChars, wipeRandBuffer, sizeof (wipeRandChars));

}

{

if (ValidateIOBufferSize (irp, sizeof (DecoySystemWipeStatus), ValidateOutput))

{