newyear2006/Confirm-SecureBootUEFI.PS1

## Confirm-SecureBootUEFI.PS1
# peeked from C:\WINDOWS\Microsoft.Net\assembly\GAC_64\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll

$UEFIInterop = Add-Type @"
using System;
using System.Reflection;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace UEFIInterop
{

    public class NativeMethods
    {
        [DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
        public static extern uint NtQuerySystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, ref uint ValueLength, out uint Attributes);

        [DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
        public static extern uint NtSetSystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, uint ValueLength, uint Attributes);

    }

    public struct UNICODE_STRING
    {
        private const int SIZEOF_WCHAR = 2;

        private ushort Length;

        private ushort MaximumLength;

        private string Buffer;

        public UNICODE_STRING(string sourceString)
        {
            this.Buffer = sourceString;
            this.Length = (ushort)(this.Buffer.Length * 2);
            this.MaximumLength = (ushort)(this.Length + 2);
        }
    }
}
"@ -PassThru


[UEFIInterop.NativeMethods]::EFI_MICROSOFT_GUID

$EFI_MICROSOFT_GUID = [Guid]"{77fa9abd-0359-4d32-bd60-28f4e78f784b}"
#oder
$EFI_MICROSOFT_GUID = New-Object System.Guid(2012912317, 857, 19762, 189, 96, 40, 244, 231, 143, 120, 75)

$EFI_GLOBAL_VARIABLE = [Guid]"{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}"
$Attributes = [Uint32]0
$Size=[uint32]0
$BootOrder=New-Object UEFIInterop.UNICODE_STRING("BootOrder")

# in Verbindung mit $EFI_MICROSOFT_GUID
$KernelConfig=New-Object UEFIInterop.UNICODE_STRING("Kernel_Lsa_Ppl_Config")

$num=[uint32]0
$attr=[uint32]0
$r=[UEFIInterop.NativeMethods]::NtQuerySystemEnvironmentValueEx([ref]$BootOrder, $EFI_GLOBAL_VARIABLE.ToByteArray(), $null, [ref] $num, [out] $attr)

# https://msdn.microsoft.com/en-us/library/cc704588.aspx
$STATUS_PRIVILEGE_NOT_HELD = 0xc0000061
$STATUS_ACCESS_VIOLATION = 0xc0000005
$STATUS_XX = 0xc0000023


$SFTCode = @"

[DllImport("kernel32.dll", SetLastError=true)]
public static extern UInt32 GetFirmwareEnvironmentVariableW(string lpName, string lpGuid, IntPtr pBuffer, UInt32 nSize);

[DllImport("kernel32.dll", SetLastError=true)]
public static extern UInt32 GetFirmwareEnvironmentVariableEx(string lpName, string lpGuid, IntPtr pBuffer, UInt32 nSize, ref UInt32 pdwAttribubutes);

[DllImport("kernel32.dll")]
public static extern void RtlZeroMemory(IntPtr dst, int length);

[DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
public static extern uint NtQuerySystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, ref uint ValueLength, out uint Attributes);

[DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
public static extern uint NtSetSystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, uint ValueLength, uint Attributes);

public struct UNICODE_STRING
{
    private const int SIZEOF_WCHAR = 2;

    private ushort Length;

    private ushort MaximumLength;

    private string Buffer;

    public UNICODE_STRING(string sourceString)
    {
        this.Buffer = sourceString;
        this.Length = (ushort)(this.Buffer.Length * 2);
        this.MaximumLength = (ushort)(this.Length + 2);
    }
}
"@

$SFT = Add-Type -MemberDefinition $SFTCode -Name "SFTKlasse" -Language CSharp -UsingNamespace "System.Reflection", "System.Diagnostics", "System.Collections.Generic" -PassThru

# https://docs.microsoft.com/de-de/windows/desktop/api/winbase/nf-winbase-setfirmwareenvironmentvariableexa
$VARIABLE_ATTRIBUTE_NON_VOLATILE = 0x00000001
$VARIABLE_ATTRIBUTE_BOOTSERVICE_ACCESS = 0x00000002
$VARIABLE_ATTRIBUTE_RUNTIME_ACCESS = 0x00000004
$VARIABLE_ATTRIBUTE_HARDWARE_ERROR_RECORD = 0x00000008
$VARIABLE_ATTRIBUTE_AUTHENTICATED_WRITE_ACCESS = 0x00000010
$VARIABLE_ATTRIBUTE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020
$VARIABLE_ATTRIBUTE_APPEND_WRITE = 0x00000040

# 7.2 Variable Services:
# http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf#page=285
# http://wiki.phoenix.com/wiki/index.php/EFI_STATUS#EFI_SUCCESS
$EFI_SUCCESS = 0
$EFI_NOT_FOUND = 14
$EFI_BUFFER_TOO_SMALL = 5
$EFI_INVALID_PARAMETER = 2
$EFI_SECURITY_VIOLATION = 26
# #define ENCODE_ERROR	(	 	StatusCode	)	   ((RETURN_STATUS)(MAX_BIT | (StatusCode)))

# https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes
# https://msdn.microsoft.com/en-us/library/cc231199.aspx
$ERROR_NOACCESS = 998
$ERROR_PRIVILEGE_NOT_HELD = 1314
$ERROR_ENVVAR_NOT_FOUND = 203
$ERROR_INVALID_PARAMETER = 87
$ERROR_INVALID_FUNCTION = 1

$EFI_GLOBAL_VARIABLE = "{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}"

# wichtig!
[System.IntPtr]::Size -eq 8

$r=$sft::GetFirmwareEnvironmentVariableW("","{00000000-0000-0000-0000-000000000000}",[System.IntPtr]::Zero,0); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
$r; $e

$r=$sft::GetFirmwareEnvironmentVariableW("OsIndicationsSupported",$EFI_GLOBAL_VARIABLE,[System.IntPtr]::Zero,0); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
$r; $e

$r=$sft::GetFirmwareEnvironmentVariableW("BootOrder",$EFI_GLOBAL_VARIABLE,[System.IntPtr]::Zero,0); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
$r; $e

$strSize = 1000
$strPointer=[System.Runtime.InteropServices.Marshal]::AllocHGlobal($strSize)
$sft::RtlZeroMemory($strPointer, $strSize)
$r=$sft::GetFirmwareEnvironmentVariableW("BootOrder",$EFI_GLOBAL_VARIABLE,$strPointer,$strSize); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
$r; $e
$buffer = New-Object Byte[]($strSize)
$buffer|Out-GridView
[System.Runtime.InteropServices.Marshal]::copy($strPointer, $buffer, 0,$strSize)
[System.Runtime.InteropServices.Marshal]::FreeHGlobal($strPointer)
	# peeked from C:\WINDOWS\Microsoft.Net\assembly\GAC_64\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll

	$UEFIInterop = Add-Type @"
	using System;
	using System.Reflection;
	using System.Diagnostics;
	using System.Runtime.InteropServices;

	namespace UEFIInterop
	{

	public class NativeMethods
	{
	[DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
	public static extern uint NtQuerySystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, ref uint ValueLength, out uint Attributes);

	[DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
	public static extern uint NtSetSystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, uint ValueLength, uint Attributes);

	}

	public struct UNICODE_STRING
	{
	private const int SIZEOF_WCHAR = 2;

	private ushort Length;

	private ushort MaximumLength;

	private string Buffer;

	public UNICODE_STRING(string sourceString)
	{
	this.Buffer = sourceString;
	this.Length = (ushort)(this.Buffer.Length * 2);
	this.MaximumLength = (ushort)(this.Length + 2);
	}
	}
	}
	"@ -PassThru


	[UEFIInterop.NativeMethods]::EFI_MICROSOFT_GUID

	$EFI_MICROSOFT_GUID = [Guid]"{77fa9abd-0359-4d32-bd60-28f4e78f784b}"
	#oder
	$EFI_MICROSOFT_GUID = New-Object System.Guid(2012912317, 857, 19762, 189, 96, 40, 244, 231, 143, 120, 75)

	$EFI_GLOBAL_VARIABLE = [Guid]"{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}"
	$Attributes = [Uint32]0
	$Size=[uint32]0
	$BootOrder=New-Object UEFIInterop.UNICODE_STRING("BootOrder")

	# in Verbindung mit $EFI_MICROSOFT_GUID
	$KernelConfig=New-Object UEFIInterop.UNICODE_STRING("Kernel_Lsa_Ppl_Config")

	$num=[uint32]0
	$attr=[uint32]0
	$r=[UEFIInterop.NativeMethods]::NtQuerySystemEnvironmentValueEx([ref]$BootOrder, $EFI_GLOBAL_VARIABLE.ToByteArray(), $null, [ref] $num, [out] $attr)

	# https://msdn.microsoft.com/en-us/library/cc704588.aspx
	$STATUS_PRIVILEGE_NOT_HELD = 0xc0000061
	$STATUS_ACCESS_VIOLATION = 0xc0000005
	$STATUS_XX = 0xc0000023


	$SFTCode = @"

	[DllImport("kernel32.dll", SetLastError=true)]
	public static extern UInt32 GetFirmwareEnvironmentVariableW(string lpName, string lpGuid, IntPtr pBuffer, UInt32 nSize);

	[DllImport("kernel32.dll", SetLastError=true)]
	public static extern UInt32 GetFirmwareEnvironmentVariableEx(string lpName, string lpGuid, IntPtr pBuffer, UInt32 nSize, ref UInt32 pdwAttribubutes);

	[DllImport("kernel32.dll")]
	public static extern void RtlZeroMemory(IntPtr dst, int length);

	[DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
	public static extern uint NtQuerySystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, ref uint ValueLength, out uint Attributes);

	[DllImport("ntdll.dll", CharSet=CharSet.Unicode, ExactSpelling=false, SetLastError=true)]
	public static extern uint NtSetSystemEnvironmentValueEx(ref UNICODE_STRING VariableName, byte[] VendorGuid, byte[] Value, uint ValueLength, uint Attributes);

	public struct UNICODE_STRING
	{
	private const int SIZEOF_WCHAR = 2;

	private ushort Length;

	private ushort MaximumLength;

	private string Buffer;

	public UNICODE_STRING(string sourceString)
	{
	this.Buffer = sourceString;
	this.Length = (ushort)(this.Buffer.Length * 2);
	this.MaximumLength = (ushort)(this.Length + 2);
	}
	}
	"@

	$SFT = Add-Type -MemberDefinition $SFTCode -Name "SFTKlasse" -Language CSharp -UsingNamespace "System.Reflection", "System.Diagnostics", "System.Collections.Generic" -PassThru

	# https://docs.microsoft.com/de-de/windows/desktop/api/winbase/nf-winbase-setfirmwareenvironmentvariableexa
	$VARIABLE_ATTRIBUTE_NON_VOLATILE = 0x00000001
	$VARIABLE_ATTRIBUTE_BOOTSERVICE_ACCESS = 0x00000002
	$VARIABLE_ATTRIBUTE_RUNTIME_ACCESS = 0x00000004
	$VARIABLE_ATTRIBUTE_HARDWARE_ERROR_RECORD = 0x00000008
	$VARIABLE_ATTRIBUTE_AUTHENTICATED_WRITE_ACCESS = 0x00000010
	$VARIABLE_ATTRIBUTE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS = 0x00000020
	$VARIABLE_ATTRIBUTE_APPEND_WRITE = 0x00000040

	# 7.2 Variable Services:
	# http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf#page=285
	# http://wiki.phoenix.com/wiki/index.php/EFI_STATUS#EFI_SUCCESS
	$EFI_SUCCESS = 0
	$EFI_NOT_FOUND = 14
	$EFI_BUFFER_TOO_SMALL = 5
	$EFI_INVALID_PARAMETER = 2
	$EFI_SECURITY_VIOLATION = 26
	# #define ENCODE_ERROR ( StatusCode ) ((RETURN_STATUS)(MAX_BIT \| (StatusCode)))

	# https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes
	# https://msdn.microsoft.com/en-us/library/cc231199.aspx
	$ERROR_NOACCESS = 998
	$ERROR_PRIVILEGE_NOT_HELD = 1314
	$ERROR_ENVVAR_NOT_FOUND = 203
	$ERROR_INVALID_PARAMETER = 87
	$ERROR_INVALID_FUNCTION = 1

	$EFI_GLOBAL_VARIABLE = "{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}"

	# wichtig!
	[System.IntPtr]::Size -eq 8

	$r=$sft::GetFirmwareEnvironmentVariableW("","{00000000-0000-0000-0000-000000000000}",[System.IntPtr]::Zero,0); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
	$r; $e

	$r=$sft::GetFirmwareEnvironmentVariableW("OsIndicationsSupported",$EFI_GLOBAL_VARIABLE,[System.IntPtr]::Zero,0); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
	$r; $e

	$r=$sft::GetFirmwareEnvironmentVariableW("BootOrder",$EFI_GLOBAL_VARIABLE,[System.IntPtr]::Zero,0); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
	$r; $e

	$strSize = 1000
	$strPointer=[System.Runtime.InteropServices.Marshal]::AllocHGlobal($strSize)
	$sft::RtlZeroMemory($strPointer, $strSize)
	$r=$sft::GetFirmwareEnvironmentVariableW("BootOrder",$EFI_GLOBAL_VARIABLE,$strPointer,$strSize); $e=[System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
	$r; $e
	$buffer = New-Object Byte[]($strSize)
	$buffer\|Out-GridView
	[System.Runtime.InteropServices.Marshal]::copy($strPointer, $buffer, 0,$strSize)
	[System.Runtime.InteropServices.Marshal]::FreeHGlobal($strPointer)