Closed DavidXanatos closed 1 year ago
Just a side note: Windows 11 doesn't require Secured Boot to be turned on to install, it only requires Secure Boot to be available in general.
I am aware of the current state of things, but its always good to be one step ahead of your enemy.
Sorry for the delay in response.
Yes, this is possible, but generally speaking, emulating Secure Boot is not a goal of EfiGuard (unless there is a case for this I didn't think of and which you think would benefit the project of course - if so, feel free to reopen this with a comment and I'll reconsider).
See image (I've highlighted areas of interest):
This was done by simply reusing the existing SetVariable
hook code in EfiGuardDxe.c
and repurposing it for a GetVariable
hook on the Secure Boot variable.
The main issues with this approach are:
Code for reference:
#include <Guid/ImageAuthentication.h>
// ...
EFI_STATUS
EFIAPI
HookedGetVariable(
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT UINT32 *Attributes OPTIONAL,
IN OUT UINTN *DataSize,
OUT VOID *Data OPTIONAL
)
{
if (VariableName != NULL && VariableName[0] != CHAR_NULL && VendorGuid != NULL && DataSize != NULL &&
CompareGuid(VendorGuid, &gEfiGlobalVariableGuid) &&
StrnCmp(VariableName, EFI_SECURE_BOOT_MODE_NAME, (sizeof(EFI_SECURE_BOOT_MODE_NAME) / sizeof(CHAR16)) - 1) == 0)
{
if (Attributes != NULL)
{
*Attributes = (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS);
}
CONST UINTN InDataSize = *DataSize;
*DataSize = sizeof(BOOLEAN);
if (Data != NULL && InDataSize >= sizeof(BOOLEAN))
{
*(BOOLEAN*)Data = SECURE_BOOT_MODE_ENABLE;
}
if (InDataSize < sizeof(BOOLEAN))
return EFI_BUFFER_TOO_SMALL;
return Data != NULL ? EFI_SUCCESS : EFI_INVALID_PARAMETER;
}
return mOriginalGetVariable(VariableName, VendorGuid, Attributes, DataSize, Data);
}
Since MSFT demands Secure Boot for windows 11 to be on in order to install, and this is a irrational demand. I was wondering if we can sue a efiguard to fake the secure boot starts variable such that on a system without secure boot windows wil think it was booted securely?
Cheers David X.