mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2026-06-09 21:22:41 +00:00
Windows: harden EFI Secure Boot CA fallback
Validate SecureBoot firmware data before trusting fallback selection and mark the unsupported-db helper as noreturn. Record unsupported Secure Boot db refusals in EFI loader diagnostics, and avoid stale rescue-disk prompts after a refusal. Reuse the central EFI loader selection policy for elevated signing-support checks instead of duplicating fallback/refusal logic. Translate unsupported Secure Boot db failures across elevation without duplicate generic dialogs, surface stored-PIM refresh failures, and log unattended loader update failures.
This commit is contained in:
@@ -1807,6 +1807,12 @@ BOOL UpgradeBootLoader (HWND hwndDlg)
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
catch (ErrorException &e)
|
||||
{
|
||||
e.Show (hwndDlg);
|
||||
if (e.ErrLangId && strcmp (e.ErrLangId, "SYSENC_EFI_UNSUPPORTED_SECUREBOOT_CA") == 0)
|
||||
return FALSE;
|
||||
}
|
||||
catch (Exception &e)
|
||||
{
|
||||
e.Show (hwndDlg);
|
||||
|
||||
Reference in New Issue
Block a user