Expand description
Block IO hooking engine.
See docs/architecture.md “Block IO 후킹 메커니즘”. The engine:
- enumerates Block IO devices via
LocateHandleBuffer(EFI_BLOCK_IO_PROTOCOL), - matches the target partition by GPT partition GUID,
- saves the original
ReadBlocks/WriteBlocksfunction pointers and replaces the protocol vtable entries with our hooks, - on a hooked read, decrypts after the original fills the buffer; on a hooked write, encrypts a copy of the plaintext before forwarding.
Hooked-read decision (all comparisons are in data-region relative sectors):
lba in metadata region -> original read, passthrough (plaintext)
rel = lba - offset_sector
rel < encrypted_offset.sector -> original read, then AES-XTS decrypt
rel >= encrypted_offset.sector -> original read, passthrough (plaintext)Hooked-write decision (symmetric):
lba in metadata region -> passthrough to original write (plaintext)
rel = lba - offset_sector
rel < encrypted_offset.sector -> encrypt a copy, then original write
rel >= encrypted_offset.sector -> passthrough to original write (plaintext)Modules§
- block_
io EFI_BLOCK_IO_PROTOCOLhooking (ReadBlocks+WriteBlocks).- block_
io2 EFI_BLOCK_IO2_PROTOCOLhooking (ReadBlocksEx).
Structs§
- Block
IoHook Engine - Installs and removes Block IO read/write hooks for the target volume, and holds the cipher supplier used by the hooked paths.