summarylogtreecommitdiffstats
path: root/0003-highlight-recovery-guid.patch
blob: 6327a5f3b69eed934c7b09d93f0f0de7766b9550 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

--- a/src/metadata/datums.c
+++ b/src/metadata/datums.c
@@ -425,6 +425,29 @@ void print_datum_tpmenc(DIS_LOGS level, void* vdatum)
 	);
 }
 
+int is_recovery_key(datum_vmk_t* datum)
+{
+	int bRecoveryKey = FALSE;
+
+	if (datum) {
+		char *pStart = ((char *)datum) + sizeof(datum_vmk_t);
+		char *pEnd = ((char *)datum) + datum->header.datum_size;
+		while (pStart < pEnd) {
+			uint32_t u32Size = *((uint32_t*)pStart);
+			if (u32Size == 0) {
+				break;
+			}
+			if (*((uint16_t *)(pStart + 4)) == 0x15) {
+				bRecoveryKey = TRUE;
+				break;
+			}
+			pStart += u32Size;
+		}
+	}
+
+	return bRecoveryKey;
+}
+
 void print_datum_vmk(DIS_LOGS level, void* vdatum)
 {
 	datum_vmk_t* datum = (datum_vmk_t*) vdatum;
@@ -433,7 +456,15 @@ void print_datum_vmk(DIS_LOGS level, void* vdatum)
 
 	format_guid(datum->guid, extkey_id);
 
-	dis_printf(level, "Recovery Key GUID: '%.39s'\n", extkey_id);
+	if (is_recovery_key(datum))
+	{
+		// The '[*' and '*]' are literal characters, not ANSI escape codes for the terminal.
+		dis_printf(level, "[* Recovery Key GUID *]: '%s'\n", extkey_id);
+	}
+	else
+	{
+		dis_printf(level, "Recovery Key GUID: '%s'\n", extkey_id);
+	}
 	dis_printf(level, "Nonce: \n");
 	print_nonce(level, datum->nonce);