From 17ad739405152ef25b1d97849469270ddfb2bc1b Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 14 Aug 2024 10:58:52 +0200 Subject: Windows: better handling of reading EFI variable to display help error messages in case of failure. Now we accept the possibility of BootOrder EFI variable to be empty in order to try to solve issues on some PCs. --- src/Common/BootEncryption.cpp | 48 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 4 deletions(-) diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 2be81416..9fdcea29 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -2640,10 +2640,27 @@ namespace VeraCrypt } void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) { - SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE); + DWORD dwLastError; + BOOL bPrivilegesSet = IsPrivilegeEnabled (SE_SYSTEM_ENVIRONMENT_NAME); + if (!bPrivilegesSet && !SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) + { + dwLastError = GetLastError(); + wchar_t szMsg[128]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to set SE_SYSTEM_ENVIRONMENT_NAME privilege (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } // Check EFI if (!IsEfiBoot()) { - throw ErrorException(L"can not detect EFI environment", SRC_POS); + dwLastError = GetLastError(); + if (dwLastError != ERROR_SUCCESS) + { + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); + // format message to append the error code to the exception message + wchar_t szMsg[128]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } } wchar_t varName[256]; StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum); @@ -2686,13 +2703,33 @@ namespace VeraCrypt SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, startOrder, 0); } } + + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); } void EfiBoot::SetStartExec(wstring description, wstring execPath, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext, uint16 statrtOrderNum , wchar_t* type, uint32 attr) { - SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE); + DWORD dwLastError; + BOOL bPrivilegesSet = IsPrivilegeEnabled (SE_SYSTEM_ENVIRONMENT_NAME); + if (!bPrivilegesSet && !SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) + { + dwLastError = GetLastError(); + wchar_t szMsg[128]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to set SE_SYSTEM_ENVIRONMENT_NAME privilege (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } // Check EFI if (!IsEfiBoot()) { - throw ErrorException(L"can not detect EFI environment", SRC_POS); + dwLastError = GetLastError(); + if (dwLastError != ERROR_SUCCESS) + { + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); + // format message to append the error code to the exception message + wchar_t szMsg[1024]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } } if (bDeviceInfoValid) @@ -2866,6 +2903,9 @@ namespace VeraCrypt SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2); } + + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); } bool EfiBoot::CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2) -- cgit v1.2.3