Add -osundecrypt flag

DcsCfg/DcsCfg.h

@@ -58,6 +58,9 @@ OSRestoreKey();
 EFI_STATUS
 OSDecrypt();
 
+EFI_STATUS
+OSUndecrypt();
+
 EFI_STATUS
 VolumeChangePassword(
 	IN UINTN index);

DcsCfg/DcsCfg.man

@@ -75,6 +75,7 @@ DcsCfg -ds <BN> -wipe <start> <end>
 
 ** Rescue
  -osdecrypt - decrypt OS (rescue)
+ -osundecrypt - undecrypt OS (rescue)
  -osrestorekey - restore key (rescue)
 
 ** TPM

DcsCfg/DcsCfgCrypt.c

@@ -879,12 +879,12 @@ VolumeChangePassword(
 //////////////////////////////////////////////////////////////////////////
 
 EFI_STATUS
-OSDecrypt()
+_OSCrypt(BOOLEAN encrypt)
 {
 
 	EFI_STATUS              res;
 	UINTN                   disk;
-	BOOLEAN                 doDecrypt = FALSE;
+	BOOLEAN                 doCrypt = FALSE;
 	EFI_BLOCK_IO_PROTOCOL*  io;
 	if (gAuthPasswordMsg == NULL) {
 		VCAuthAsk();
@@ -899,20 +899,20 @@ OSDecrypt()
 		BioPrintDevicePath(disk);
 		res = TryHeaderDecrypt(Header, &gAuthCryptInfo, &gHeaderCryptInfo);
 		if (EFI_ERROR(res)) continue;
-		doDecrypt = TRUE;
+		doCrypt = TRUE;
 		break;
 	}
 
-	if (doDecrypt) {
-		if (!AskConfirm("Decrypt?", 1)) {
-			ERR_PRINT(L"Decryption stoped\n");
+	if (doCrypt) {
+		if (!AskConfirm(encrypt ? "Encrypt?" : "Decrypt?", 1)) {
+			ERR_PRINT(encrypt ? L"Encryption stopped\n" : L"Decryption stopped\n");
 			return EFI_INVALID_PARAMETER;
 		}
 		res = RangeCrypt(gBIOHandles[disk], 
 			gAuthCryptInfo->EncryptedAreaStart.Value >> 9, 
 			gAuthCryptInfo->VolumeSize.Value >> 9,
 			gAuthCryptInfo->EncryptedAreaLength.Value >> 9, 
-			gAuthCryptInfo, FALSE,
+			gAuthCryptInfo, encrypt,
 			gHeaderCryptInfo,
 			62);
 		crypto_close(gHeaderCryptInfo);
@@ -924,6 +924,18 @@ OSDecrypt()
 	return res;
 }
 
+EFI_STATUS
+OSDecrypt()
+{
+	return _OSCrypt(TRUE);
+}
+
+EFI_STATUS
+OSUndecrypt()
+{
+	return _OSCrypt(FALSE);
+}
+
 CHAR16* sOSKeyBackup = L"EFI\\VeraCrypt\\svh_bak";
 // dirty import from GptEdit
 extern DCS_DISK_ENTRY_DISKID       DeDiskId;

DcsCfg/DcsCfgMain.c

@@ -86,6 +86,7 @@ The full text of the license may be found at
 #define OPT_WIPE							L"-wipe"
 
 #define OPT_OS_DECRYPT					L"-osdecrypt"
+#define OPT_OS_UNDECRYPT				L"-osundecrypt"
 #define OPT_OS_RESTORE_KEY				L"-osrestorekey"
 
 #define OPT_TPM_PCRS						L"-tpmpcrs"
@@ -157,6 +158,7 @@ STATIC CONST SHELL_PARAM_ITEM ParamList[] = {
 	{ OPT_SECREGION_DUMP,       TypeValue },
 	{ OPT_WIPE,                 TypeDoubleValue },
 	{ OPT_OS_DECRYPT,     TypeFlag },
+	{ OPT_OS_UNDECRYPT,   TypeFlag },
 	{ OPT_OS_RESTORE_KEY, TypeFlag },
 	{ OPT_OS_HIDE_PREP,   TypeFlag },
 	{ OPT_TPM_PCRS,       TypeDoubleValue },
@@ -215,6 +217,9 @@ DcsCfgMain(
 		if (StrStr(cmd, OPT_OS_DECRYPT) != NULL) {
 			return OSDecrypt();
 		}
+		if (StrStr(cmd, OPT_OS_UNDECRYPT) != NULL) {
+			return OSUndecrypt();
+		}
 		return EFI_INVALID_PARAMETER;
 	}
 
@@ -271,6 +276,10 @@ DcsCfgMain(
 		return OSDecrypt();
 	}
 
+	if (ShellCommandLineGetFlag(Package, OPT_OS_UNDECRYPT)) {
+		return OSUndecrypt();
+	}
+
 	if (ShellCommandLineGetFlag(Package, OPT_OS_RESTORE_KEY)) {
 		return OSRestoreKey();
 	}

DcsRe/DcsRe.c

@@ -297,9 +297,11 @@ ActionRestoreDcsProp(IN VOID* ctx) {
 }
 
 #define OPT_OS_DECRYPT L"-osdecrypt"
+#define OPT_OS_UNDECRYPT L"-osundecrypt"
 #define OPT_OS_RESTORE_KEY L"-osrestorekey"
 
 CHAR16* sOSDecrypt = OPT_OS_DECRYPT;
+CHAR16* sOSUndecrypt = OPT_OS_UNDECRYPT;
 CHAR16* sOSRestoreKey = OPT_OS_RESTORE_KEY;
 CHAR16* sDcsCfg = L"EFI\\VeraCrypt\\DcsCfg.dcs";
 
@@ -317,6 +319,13 @@ ActionDecryptOS(IN VOID* ctx) {
 	return EfiExec(NULL, sDcsCfg);
 }
 
+EFI_STATUS
+ActionUndecryptOS(IN VOID* ctx) {
+	EFI_STATUS res = EFI_NOT_READY;
+	res = EfiSetVar(L"dcscfgcmd", NULL, sOSUndecrypt, StrSize(sOSUndecrypt), EFI_VARIABLE_BOOTSERVICE_ACCESS);
+	return EfiExec(NULL, sDcsCfg);
+}
+
 EFI_STATUS
 ActionExit(IN VOID* ctx) {
 	gContiniue = FALSE;