Skip to main content

vck_loader/
provider.rs

1// SPDX-FileCopyrightText: 2026 JC-Lab <joseph@jc-lab.net>
2//
3// SPDX-License-Identifier: Apache-2.0
4
5//! Loader-side shared types.
6//!
7//! `vck-loader` provides mechanism only: a sample loader drives the flow itself
8//! (read config, open the OS volume, decrypt the metadata with its own chosen
9//! algorithm, build a [`VolumeCipher`], install the Block IO hook, publish the
10//! handover, chainload). See `sample/loader` for the reference flow.
11
12use vck_common::types::{EncryptedOffset, Guid};
13
14// The borrowed device path is the unsized `uefi::proto::device_path::DevicePath`;
15// the owned form in uefi 0.37 is `Box<DevicePath>` (via `DevicePath::to_boxed`).
16pub type DevicePath = alloc::boxed::Box<uefi::proto::device_path::DevicePath>;
17
18/// Geometry the Block IO decrypt hook needs to map an absolute LBA to a
19/// data-region-relative sector and decide whether it is ciphertext. The cipher
20/// itself is supplied separately (the sample builds it), so no key material
21/// lives here.
22pub struct HookGeometry {
23    /// GPT unique partition GUID of the volume whose Block IO is hooked.
24    pub partition_guid: Guid,
25    /// Absolute starting LBA of the data (encryption target) region. The hooked
26    /// read computes `rel = lba - offset_sector` from this value.
27    pub offset_sector: u64,
28    /// Progressive-encryption boundary and total data-region sector count.
29    pub encrypted_offset: EncryptedOffset,
30}