Closed marcan closed 5 years ago
@marcan thx for the proposed changes. Could you also send me a debug output log of one of those volumes so I can have look at potential format changes as well. https://github.com/libyal/libbde/wiki/Troubleshooting#verbose-and-debug-output
Sorry, I can't really share this volume :( I don't think there are any significant format changes, though. There's just a bit Validation section taking up most of the 8K, and the FVEK ends up just over the threshold.
This is a TPM encrypted volume, and I managed to get the key out of the TPM and hack it into libbde; I intend to clean up the code so the key can be specified externally (what comes out of the TPM is just a raw VMK).
I'm not asking for the volume just the format debug output which contains information about the metadata. Please double check the format debug output if you want to sanitize details like volume name and date.
What details are you looking for? I'm not sure about the hex dumps, but if you just want the decoded structure info (with some manual sanitization) I think I can do that.
What I would like to know is if the "FVE metadata header" contains 16k as well.
If you can share that part of the debug output that would be helpful.
Yeah, it says > 8192. I guess the more correct way to handle this would be to read 8K, then read additional blocks if necessary to cover the metadata size in the header.
libbde_metadata_read_header: FVE metadata header:
<snip>
libbde_metadata_read_header: metadata size : 8304
libbde_metadata_read_header: version : 1
libbde_metadata_read_header: metadata header size : 48
libbde_metadata_read_header: metadata size copy : 8304
libbde_metadata_read_header: volume identifier : <snip>
libbde_metadata_read_header: next nonce counter : 0x0000000a
libbde_metadata_read_header: encryption method : 0x00008003 (AES-CBC 256-bit encryption)
libbde_metadata_read_header: encryption method copy : 0x00008003 (AES-CBC 256-bit encryption)
libbde_metadata_read_header: creation time : <snip>
Thanks for the input, I've created https://github.com/libyal/libbde/issues/34 as a reminder to make the changes.
Merging #33 into master will not change coverage. The diff coverage is
0%
.
@@ Coverage Diff @@
## master #33 +/- ##
=======================================
Coverage 11.34% 11.34%
=======================================
Files 19 19
Lines 3809 3809
=======================================
Hits 432 432
Misses 3377 3377
Impacted Files | Coverage Δ | |
---|---|---|
libbde/libbde_metadata.c | 10.21% <0%> (ø) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update ed6543d...022b67a. Read the comment docs.
Made changes to use metadata size instead https://github.com/libyal/libbde/commit/8476b750b8f16b991958a62cb6b0c2b270453bd2
Some volumes have too much metadata for 8K, which then fail in strange ways (e.g. FVEK not found)