EfiDSEFix -i: print CI option values and IUM status

author: Matthijs Lavrijsen <mattiwatti@gmail.com> 2023-03-13 00:15:29 +0100
committer: Matthijs Lavrijsen <mattiwatti@gmail.com> 2023-03-13 00:15:29 +0100
commit: 741686c176775024ebc06f8ade2e198a30d65020 (patch)
tree: c8680c2b9dbdf8e7e0f3efc4dac4134d1a06cf46
parent: dea33fff9fa32be74bb18f9404e64c93418342af (diff)
1 files changed, 67 insertions, 15 deletions
diff --git a/Application/EfiDSEFix/src/sysinfo.cpp b/Application/EfiDSEFix/src/sysinfo.cpp
index 25b751e..e39f4f8 100644
--- a/Application/EfiDSEFix/src/sysinfo.cpp
+++ b/Application/EfiDSEFix/src/sysinfo.cpp
@@ -1,17 +1,53 @@
 #include "EfiDSEFix.h"
 #include <ntstatus.h>
 
+static constexpr PCWCHAR CodeIntegrityOptionNames[] =
+{
+	L"CODEINTEGRITY_OPTION_ENABLED",
+	L"CODEINTEGRITY_OPTION_TESTSIGN",
+	L"CODEINTEGRITY_OPTION_UMCI_ENABLED",
+	L"CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED",
+	L"CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED",
+	L"CODEINTEGRITY_OPTION_TEST_BUILD",
+	L"CODEINTEGRITY_OPTION_PREPRODUCTION_BUILD",
+	L"CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED",
+	L"CODEINTEGRITY_OPTION_FLIGHT_BUILD",
+	L"CODEINTEGRITY_OPTION_FLIGHTING_ENABLED",
+	L"CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED",
+	L"CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED",
+	L"CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED",
+	L"CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED",
+	L"CODEINTEGRITY_OPTION_WHQL_ENFORCEMENT_ENABLED",
+	L"CODEINTEGRITY_OPTION_WHQL_AUDITMODE_ENABLED"
+};
+
+static
+VOID
+PrintCodeIntegrityOptions(
+	_In_ ULONG CodeIntegrityOptions
+	)
+{
+	for (ULONG i = 0; i < ARRAYSIZE(CodeIntegrityOptionNames); ++i)
+	{
+		const ULONG Value = 1UL << i;
+		if ((CodeIntegrityOptions & Value) != 0)
+		{
+			Printf(L"\t   0x%04lX: %ls\n", Value, CodeIntegrityOptionNames[i]);
+		}
+	}
+}
+
 NTSTATUS
 DumpSystemInformation(
 	)
 {
-	SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootInfo = { 0 };
+	SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootInfo = {};
 	NTSTATUS Status = NtQuerySystemInformation(SystemBootEnvironmentInformation,
 												&BootInfo,
 												sizeof(BootInfo),
 												nullptr);
 	if (!NT_SUCCESS(Status))
-		Printf(L"SystemBootEnvironmentInformation: error %08X\n\n", Status);
+		Printf(L"SystemBootEnvironmentInformation: error %08lX\n\n", Status);
 	else
 	{
 		Printf(L"SystemBootEnvironmentInformation:\n\t- BootIdentifier: ");
@@ -26,7 +62,7 @@ DumpSystemInformation(
 										0,
 										&Size);
 	if (Status != STATUS_INFO_LENGTH_MISMATCH)
-		Printf(L"SystemModuleInformation: %08X\n\n", Status);
+		Printf(L"SystemModuleInformation: %08lX\n\n", Status);
 	else
 	{
 		const PRTL_PROCESS_MODULES ModuleInfo = static_cast<PRTL_PROCESS_MODULES>(
@@ -36,7 +72,7 @@ DumpSystemInformation(
 										2 * Size,
 										nullptr);
 		if (!NT_SUCCESS(Status))
-			Printf(L"SystemModuleInformation: %08X\n\n", Status);
+			Printf(L"SystemModuleInformation: %08lX\n\n", Status);
 		else
 		{
 			const RTL_PROCESS_MODULE_INFORMATION Ntoskrnl = ModuleInfo->Modules[0];
@@ -53,10 +89,13 @@ DumpSystemInformation(
 										sizeof(CodeIntegrityInfo),
 										nullptr);
 	if (!NT_SUCCESS(Status))
-		Printf(L"SystemCodeIntegrityInformation: error %08X\n\n", Status);
+		Printf(L"SystemCodeIntegrityInformation: error %08lX\n\n", Status);
 	else
-		Printf(L"SystemCodeIntegrityInformation:\n\t- IntegrityOptions: 0x%04X\n\n",
+	{
+		Printf(L"SystemCodeIntegrityInformation:\n\t- IntegrityOptions: 0x%04lX\n",
 			CodeIntegrityInfo.CodeIntegrityOptions);
+		PrintCodeIntegrityOptions(CodeIntegrityInfo.CodeIntegrityOptions);
+	}
 
 	SYSTEM_KERNEL_DEBUGGER_INFORMATION KernelDebuggerInfo = { 0 };
 	Status = NtQuerySystemInformation(SystemKernelDebuggerInformation,
@@ -64,9 +103,9 @@ DumpSystemInformation(
 										sizeof(KernelDebuggerInfo),
 										nullptr);
 	if (!NT_SUCCESS(Status))
-		Printf(L"SystemKernelDebuggerInformation: error %08X\n\n", Status);
+		Printf(L"\nSystemKernelDebuggerInformation: error %08lX\n\n", Status);
 	else
-		Printf(L"SystemKernelDebuggerInformation:\n\t- KernelDebuggerEnabled: %u\n\t- KernelDebuggerNotPresent: %u\n\n",
+		Printf(L"\nSystemKernelDebuggerInformation:\n\t- KernelDebuggerEnabled: %hhu\n\t- KernelDebuggerNotPresent: %hhu\n\n",
 			KernelDebuggerInfo.KernelDebuggerEnabled, KernelDebuggerInfo.KernelDebuggerNotPresent);
 
 	if ((RtlNtMajorVersion() >= 6 && RtlNtMinorVersion() >= 3) || RtlNtMajorVersion() > 6)
@@ -77,14 +116,14 @@ DumpSystemInformation(
 											sizeof(KernelDebuggerInfoEx),
 											nullptr);
 		if (!NT_SUCCESS(Status))
-			Printf(L"SystemKernelDebuggerInformationEx: error %08X\n\n", Status);
+			Printf(L"SystemKernelDebuggerInformationEx: error %08lX\n\n", Status);
 		else
-			Printf(L"SystemKernelDebuggerInformationEx:\n\t- DebuggerAllowed: %u\n\t- DebuggerEnabled: %u\n\t- DebuggerPresent: %u\n\n",
+			Printf(L"SystemKernelDebuggerInformationEx:\n\t- DebuggerAllowed: %hhu\n\t- DebuggerEnabled: %hhu\n\t- DebuggerPresent: %hhu\n\n",
 				KernelDebuggerInfoEx.DebuggerAllowed, KernelDebuggerInfoEx.DebuggerEnabled, KernelDebuggerInfoEx.DebuggerPresent);
 	}
 
 	const UCHAR KdDebuggerEnabled = SharedUserData->KdDebuggerEnabled;
-	Printf(L"SharedUserData->KdDebuggerEnabled: 0x%02X\n\n", KdDebuggerEnabled);
+	Printf(L"SharedUserData->KdDebuggerEnabled: 0x%02hhX\n\n", KdDebuggerEnabled);
 
 	if (RtlNtMajorVersion() > 6)
 	{
@@ -94,9 +133,9 @@ DumpSystemInformation(
 											sizeof(KernelDebuggerFlags),
 											nullptr);
 		if (!NT_SUCCESS(Status))
-			Printf(L"SystemKernelDebuggerFlags: error %08X\n\n", Status);
+			Printf(L"SystemKernelDebuggerFlags: error %08lX\n\n", Status);
 		else
-			Printf(L"SystemKernelDebuggerFlags: 0x%02X\n\n", KernelDebuggerFlags);
+			Printf(L"SystemKernelDebuggerFlags: 0x%02hhX\n\n", KernelDebuggerFlags);
 
 		SYSTEM_CODEINTEGRITYPOLICY_INFORMATION CodeIntegrityPolicyInfo = { 0 };
 		Status = NtQuerySystemInformation(SystemCodeIntegrityPolicyInformation,
@@ -104,10 +143,23 @@ DumpSystemInformation(
 											sizeof(CodeIntegrityPolicyInfo),
 											nullptr);
 		if (!NT_SUCCESS(Status))
-			Printf(L"SystemCodeIntegrityPolicyInformation: error %08X\n\n", Status);
+			Printf(L"SystemCodeIntegrityPolicyInformation: error %08lX\n\n", Status);
 		else
-			Printf(L"SystemCodeIntegrityPolicyInformation:\n\t- Options: 0x%04X\n\t- HVCIOptions: 0x%04X\n\n",
+			Printf(L"SystemCodeIntegrityPolicyInformation:\n\t- Options: 0x%04lX\n\t- HVCIOptions: 0x%04lX\n\n",
 				CodeIntegrityPolicyInfo.Options, CodeIntegrityPolicyInfo.HVCIOptions);
+
+		SYSTEM_ISOLATED_USER_MODE_INFORMATION IumInfo = { 0 };
+		Status = NtQuerySystemInformation(SystemIsolatedUserModeInformation,
+											&IumInfo,
+											sizeof(IumInfo),
+											nullptr);
+		if (!NT_SUCCESS(Status))
+			Printf(L"SystemIsolatedUserModeInformation: error %08lX\n\n", Status);
+		else
+			Printf(L"SystemIsolatedUserModeInformation:\n\t- SecureKernelRunning: %hhu\n\t- HvciEnabled: %hhu\n\t- HvciStrictMode: %hhu\n"
+				"\t- DebugEnabled: %hhu\n\t- FirmwarePageProtection: %hhu\n\t- EncryptionKeyAvailable: %hhu\n\t- TrustletRunning: %hhu\n\t- HvciDisableAllowed: %hhu\n\n",
+				IumInfo.SecureKernelRunning, IumInfo.HvciEnabled, IumInfo.HvciStrictMode, IumInfo.DebugEnabled, IumInfo.FirmwarePageProtection,
+				IumInfo.EncryptionKeyAvailable, IumInfo.TrustletRunning, IumInfo.HvciDisableAllowed);
 	}
 
 	return Status;
author	Matthijs Lavrijsen <mattiwatti@gmail.com>	2023-03-13 00:15:29 +0100
committer	Matthijs Lavrijsen <mattiwatti@gmail.com>	2023-03-13 00:15:29 +0100
commit	741686c176775024ebc06f8ade2e198a30d65020 (patch)
tree	c8680c2b9dbdf8e7e0f3efc4dac4134d1a06cf46
parent	dea33fff9fa32be74bb18f9404e64c93418342af (diff)