Slice Posted November 8, 2017 Share Posted November 8, 2017 I see this : ->LocateHandleBuffer(ByProtocol, gEfiFirmwareVolumeProtocolGuid, 0, 1, BE872018) = Success ->HandleProtocol(BD8EBA18, 7AA35A69-506C-444F-A7AF-694BF56F71C8, 0) = Unsupported ->LocateHandleBuffer(ByProtocol, gEfiFirmwareVolumeProtocolGuid, 0, 1, BE872018) = Success ->HandleProtocol(BD8EBA18, 7AA35A69-506C-444F-A7AF-694BF56F71C8, 0) = Unsupported full log : https://pastebin.com/DZZ64rBs I never encounter this before /* Abstract: Firmware Volume Dispatch protocol as defined in the Tiano Firmware Volume specification. Presence of this protocol tells the dispatch to dispatch from this Firmware Volume */ #define EFI_FIRMWARE_VOLUME_DISPATCH_PROTOCOL_GUID \ { 0x7aa35a69, 0x506c, 0x444f, {0xa7, 0xaf, 0x69, 0x4b, 0xf5, 0x6f, 0x71, 0xc8} } Additional investigation needed. Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 9, 2017 Share Posted November 9, 2017 I'm wondering : can this be because Clover is on a usb stick, so not the same volume as the root encrypted one ? Link to comment Share on other sites More sharing options...
Slice Posted November 9, 2017 Share Posted November 9, 2017 I'm wondering : can this be because Clover is on a usb stick, so not the same volume as the root encrypted one ? No. Clover should be in EFI System Partition which is not encrypted. The problem is rather because of Yosemite. I have no experience with it. Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 9, 2017 Share Posted November 9, 2017 I never put Clover on EFI partition. I create a FAT32 partition for Clover. Currently, my config is Clover on USB stick and Yosemite on SATA HDD. My hard drive has a Clover 1GB Fat32 partition prepared, but empty for now. Do you think it should work, or it can be a mixup in volumes/partitions. Just asking because I see "Firmware Volume". If the setup is ok, should I try el capitan ? Link to comment Share on other sites More sharing options...
Slice Posted November 9, 2017 Share Posted November 9, 2017 I never put Clover on EFI partition. I create a FAT32 partition for Clover. Currently, my config is Clover on USB stick and Yosemite on SATA HDD. My hard drive has a Clover 1GB Fat32 partition prepared, but empty for now. Do you think it should work, or it can be a mixup in volumes/partitions. Just asking because I see "Firmware Volume". If the setup is ok, should I try el capitan ? Yes, ElCapitan will be better. It is my favorite system. But FileFault2 will not work with bad formatted HDD. It must be pure GPT with EFI partition having signature EF00 and with Recovery partition where FileVault will place additional info. About FirmwareVolume I think it was Yosemite only problem. Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 9, 2017 Share Posted November 9, 2017 My hdd is well formatted. Pure GPT with EFI partition (empty I guess). There's also a recovery partition, because Clover proposed "Mac OS from recovery HD" and "Recovery from Recovery HD". The only thing is just that currently Clover is on a USB stick. USB stick also pure gpt formatted. If you confirm that Clover on a USB stick should work, I'll try el capitan. Link to comment Share on other sites More sharing options...
smolderas Posted November 9, 2017 Share Posted November 9, 2017 My hdd is well formatted. Pure GPT with EFI partition (empty I guess). There's also a recovery partition, because Clover proposed "Mac OS from recovery HD" and "Recovery from Recovery HD". The only thing is just that currently Clover is on a USB stick. USB stick also pure gpt formatted. If you confirm that Clover on a USB stick should work, I'll try el capitan. I can confirm the second part. I'm using the FileVault 2 since 10.11 (I guess), so on 10.12 with jHFS+ and on 10.13 with apfs. I installed clover on the EFI partition of my boot disk and can also boot from USB-Stick, if I need to revert to a previously clover revisions. Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 10, 2017 Share Posted November 10, 2017 El capitan 10.11.6 seems to works. I have the login screen when I select "Boot Mac OS From Recovery HD". But my internal keyboard is PS/2 and I don't find any driver. It's a dell m4300, same as d630. It's a BIOS (non-UEFI). The strange thing is : even with no driver (no AptiInputFix or UsbKbDxe) I can still plug a USB keyboard and enter a password. Link to comment Share on other sites More sharing options...
Slice Posted November 10, 2017 Share Posted November 10, 2017 El capitan 10.11.6 seems to works. I have the login screen when I select "Boot Mac OS From Recovery HD". But my internal keyboard is PS/2 and I don't find any driver. It's a dell m4300, same as d630. It's a BIOS (non-UEFI). The strange thing is : even with no driver (no AptiInputFix or UsbKbDxe) I can still plug a USB keyboard and enter a password. USB keyboard driver with FileVault2 support is already included in legacy Clover. No developer to modify PS2 keyboard driver for the same purpose. Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 10, 2017 Share Posted November 10, 2017 I'm a developer (I found the png bug a while ago). I have a Clover folder that compiles. So maybe I can do it. Could you point me in the direction ? What should I modify ? Other question : is it possible to completely bypass the graphic page that ask the password ? I mean : let's imagine that Clover ask for the password in it's own GUI and then load the right efi providing the password ? 1 Link to comment Share on other sites More sharing options...
smolderas Posted November 10, 2017 Share Posted November 10, 2017 I'm a developer (I found the png bug a while ago). I have a Clover folder that compiles. So maybe I can do it. Could you point me in the direction ? What should I modify ? Other question : is it possible to completely bypass the graphic page that ask the password ? I mean : let's imagine that Clover ask for the password in it's own GUI and then load the right efi providing the password ? Why would you use FileVault 2 then, if you giveaway your passwords happily? 1 Link to comment Share on other sites More sharing options...
mhaeuser Posted November 10, 2017 Share Posted November 10, 2017 Other question : is it possible to completely bypass the graphic page that ask the password ? I mean : let's imagine that Clover ask for the password in it's own GUI and then load the right efi providing the password ? Pretty? No. Semi-ugly? Wait till the GUI has init and then simulate key presses. But why do you want that? Link to comment Share on other sites More sharing options...
Slice Posted November 10, 2017 Share Posted November 10, 2017 I'm a developer (I found the png bug a while ago). I have a Clover folder that compiles. So maybe I can do it. Could you point me in the direction ? What should I modify ? Other question : is it possible to completely bypass the graphic page that ask the password ? I mean : let's imagine that Clover ask for the password in it's own GUI and then load the right efi providing the password ? It will be nice if you do this. I will help with my knowledge. Compare folders Clover/Drivers/UsbKbDxe edk2/MdeModulePkg/Bus/Usb/UsbKbDxe Main difference is a presence of new protocol (Clover/Protocols/AppleKeyAggregator) which is used by Apple's boot.efi to catch password input. But it is hard to do the same with Clover/LegacyBios/KeyboardDxe.. I partially did this but it is not working. because Usb driver get a buffer of scan codes while Bios driver get symbol. May be the better to rewrite edk2/MdeModulePkg/Bus/Isa/Ps2KeyboardDxe knowing VoodooPS2Keyboard.cpp, I did not try. Think about this! I think it is possible to override Keyboard buffer to bypass passwork check but thinking required. Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 10, 2017 Share Posted November 10, 2017 Sorry, I don't understand your answers. I'll try to make myself clearer. I don't giveaway my password, I just want to avoid launching Apple GUI. That would be another way of solving PS/2 keyboard that doesn't work in Apple GUI. @smolderas : entering my password in Clover or in AppleGUI doesn't mean I'm giving it away. Maybe I sounded that stupid, but, of course, I won't put my password in config.plist. I just want Clover to ask for the password at each boot in it's own GUI instead of booting the AppleGUI. Another way of asking is : why Clover chose to boot AppleGUI instead of asking the password in its own GUI. I guess it was easier ? @Download-Fritz : "why do you want that?". You're right, I don't. @Slice : what do you mean "bypass passwork check" ? I'll have a look in Dxe you told me. Thanks. Link to comment Share on other sites More sharing options...
vit9696 Posted November 11, 2017 Author Share Posted November 11, 2017 It is pretty obvious why this code is not put to Clover. Password input is a security criticial code, which requires several actions to be made to take a good care of the entered data and not leaking it somewhere further to the OS (effectively defeating the overall point of the encryption). Leaving this to Apple reduces the attack area and lowers the risk of a mistake. It should be noted that keyboard driver and key map protocols still may leave some entered keys in memory, but from what I can tell even Apple currently does not try to protect from it, unlike boot.efi password input code. 5 Link to comment Share on other sites More sharing options...
Slice Posted November 11, 2017 Share Posted November 11, 2017 If we enter password in Clover GUI then we can send this password to boot.efi, or not? Link to comment Share on other sites More sharing options...
smolderas Posted November 11, 2017 Share Posted November 11, 2017 If we enter password in Clover GUI then we can send this password to boot.efi, or not? You could, but please don't. It is not the task of the bootloader. One should try to fix the main problem, instead creating ways around it. 2 Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 11, 2017 Share Posted November 11, 2017 I'm not sure to see that as "not the task of a bootloader". Can be seen as : the partition is password protected, so the bootloader ask for the password to boot it. But I understand your point. Now almost all the work is done and Apple pre-boot works, it makes sense to continue that way. Too bad for me, it works except for PS2 keyboard. I take my hackintosh laptop on a long trip in 3 weeks and I wanted to protect it. I probably won't have time to understand the ps2 keyboard driver and improve it because I don't master the efi environment. Hey, I'm not complaining : I have MacOS, thanks to Colver. So thanks to everyone who made it ! PS : if it's simpler to make Clover ask for password and pass it to boot.efi, than fixing the ps2 keyboard, I'm still up for it (better than nothing) ! :-) Link to comment Share on other sites More sharing options...
smolderas Posted November 11, 2017 Share Posted November 11, 2017 I'm not sure to see that as "not the task of a bootloader". Can be seen as : the partition is password protected, so the bootloader ask for the password to boot it. But I understand your point. Now almost all the work is done and Apple pre-boot works, it makes sense to continue that way. Too bad for me, it works except for PS2 keyboard. I take my hackintosh laptop on a long trip in 3 weeks and I wanted to protect it. I probably won't have time to understand the ps2 keyboard driver and improve it because I don't master the efi environment. Hey, I'm not complaining : I have MacOS, thanks to Colver. So thanks to everyone who made it ! PS : if it's simpler to make Clover ask for password and pass it to boot.efi, than fixing the ps2 keyboard, I'm still up for it (better than nothing) ! :-) If you (really) want to protect your data, you could still enable FileVault 1 (as in encrypt only the home folder). There were posts about it, need to search a bit. Link to comment Share on other sites More sharing options...
Slice Posted November 11, 2017 Share Posted November 11, 2017 You could, but please don't. It is not the task of the bootloader. One should try to fix the main problem, instead creating ways around it. Because you are not using Clover? Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 11, 2017 Share Posted November 11, 2017 I know. I'm already with FileVault1. I would have preferred FileVault2. Link to comment Share on other sites More sharing options...
mhaeuser Posted November 11, 2017 Share Posted November 11, 2017 Because you are not using Clover? Or because he actually appreciates good design lol 1 Link to comment Share on other sites More sharing options...
Slice Posted November 12, 2017 Share Posted November 12, 2017 I prefer bugless solutions. Link to comment Share on other sites More sharing options...
mhaeuser Posted November 12, 2017 Share Posted November 12, 2017 Yes, converting text to keycodes will be way less buggy when done in Bloatver as opposed to the PS2 kb driver... In reality we just fear we won't get this amazing implementation as non-Clover users rofl Slice, I like competetive teasing in a humorous way, but doing that with a potentially horrible workaround which is a spit away from a somewhat proper solution is humorous on a whole different level. Link to comment Share on other sites More sharing options...
Jief_Machak Posted November 12, 2017 Share Posted November 12, 2017 Just because you see things in a way, doesn't mean that it's "horrible workaround which is a spit away from a somewhat proper solution". At least, it's worth thinking about it. Even if it's for to conclude that you're right. Explain your reasons instead of just saying that the others are wrong. I still don't get why Clover asking for a password is such an horrible thing. A bootloader that need a password to boot a partition : why is it bad design ? Link to comment Share on other sites More sharing options...
Recommended Posts