Mattiwatti
commented
3 years ago is this possible to load another driver at boot or would i have to work within the full standard EFIGuard source you have in order to make something like that work?
I'm interpreting this question as 'can I load a driver at boot without having to modify the EfiGuard source and recompile it?'. Then followed by a complaint about how cumbersome it is to set up EDK2 (I agree, but that's not relevant to the question.)
The answer is, no, you can't. EfiGuard is no longer active during the boot stage where drivers are loaded by Windows, and the next time you can communicate with it again is only after the HAL has constructed the virtual EFI runtime services table.
If the question is: could you load boot a driver from within a UEFI execution context, then sure, I don't see why not. (with some caveats.) You could manipulate the LOADER_PARAMETER_BLOCK's LoadOrderListHead and append a new KLDR_DATA_TABLE_ENTRY (which for boot loaded drivers is part of a BLDR_DATA_TABLE_ENTRY containing it).
The hard part about doing this would be allocating the loader structure for your driver in such a way that it will not be marked by either the boot loader or the kernel memory manager as being reserved by the firmware (which it actually is). This problem can definitely be solved because as a UEFI driver you in principle have full access over the memory map (EFI_MEMORY_MAP_DESCRIPTOR) that the firmware provides to the boot loader. You would have to edit this to mark the pages containing your driver image and loader entry as whatever type winload.efi uses.
A second option would be to hook one of the functions winload.efi uses to allocate new loader entries and insert them into the driver list, such as OslLoadDrivers, OslGetBootDrivers or OslpLoadAllModules. This method presents other issues, such as ensuring your driver entry survives the many verification checks performed by the boot loader (some of those are disabled by EfiGuard, but not all of them.)
Anyway, to make a long story short: yes, this can probably be done. But if you want to do it, you'll just have to live with the fact that EDK2 is a requirement (only if you want to use EfiGuard as a base for your project of course). I, and everyone I know who has ever used EDK2, agrees that installing it and getting it to work is a horrible experience (more so on Windows than on Linux by the way). But to be quite frank, if you cannot get EDK2 to at least build a basic EFI executable, then you probably also wouldn't be able to implement the functionality you are asking about in the first place - no offence.
atomik00
I am looking into using this patch to apply my own driver on boot. is this possible to load another driver at boot or would i have to work within the full standard EFIGuard source you have in order to make something like that work? I only ask because i have tried so many times to setup EDK and i cannot for the life of me get it to work let alone looking at source code lol. I am very knowledge in drivers as i currently have one now that works fine when loaded through windows im just trying to find a way to patch windows and run this driver on boot rather then loaded once in windows. if that makes sense.