Windows: Don't start EFI system encryption process if SecureBoot is enabled and VeraCrypt-DCS custom keys were not loaded in the machine firmware.

2026-05-18 18:41:31 +00:00 · 2018-04-23 12:56:02 +02:00
parent 42e7da2e8a
commit 4f0d1c02bd
12 changed files with 341 additions and 50 deletions
--- a/src/Common/BaseCom.cpp
+++ b/src/Common/BaseCom.cpp
@@ -336,6 +336,10 @@ DWORD BaseCom::BackupEfiSystemLoader ()
 	{
 		return GetLastError();
 	}
+	catch (UserAbort&)
+	{
+		return ERROR_CANCELLED;
+	}
 	catch (Exception &e)
 	{
 		e.Show (NULL);
@@ -400,6 +404,33 @@ DWORD BaseCom::GetEfiBootDeviceNumber (BSTR* pSdn)
 	return ERROR_SUCCESS;
 }

+DWORD BaseCom::GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded)
+{
+	if (!pSecureBootEnabled || !pVeraCryptKeysLoaded)
+		return ERROR_INVALID_PARAMETER;
+
+	try
+	{
+		BootEncryption bootEnc (NULL);
+		bootEnc.GetSecureBootConfig (pSecureBootEnabled, pVeraCryptKeysLoaded);
+	}
+	catch (SystemException &)
+	{
+		return GetLastError();
+	}
+	catch (Exception &e)
+	{
+		e.Show (NULL);
+		return ERROR_EXCEPTION_IN_SERVICE;
+	}
+	catch (...)
+	{
+		return ERROR_EXCEPTION_IN_SERVICE;
+	}
+
+	return ERROR_SUCCESS;
+}
+
 DWORD BaseCom::WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
 {
 	if (!customUserMessage)