Expand description
vck-loader — UEFI loader framework for volumecrypt-kit.
This crate provides the loader-side mechanisms described in
docs/architecture.md (“lib/loader”); the sample loader drives the flow
itself and owns the crypto policy:
init: start banner + enable the SSE/XMM control bits AES-NI needs.- Block IO hooking engine (
hook::BlockIoHookEngine): given a sample-builtHookGeometry+VolumeCipher, hooksEFI_BLOCK_IO_PROTOCOLandEFI_BLOCK_IO2_PROTOCOLso that the OS volume data region is decrypted transparently while it is read during boot. - Handover (
handover): publishes the driver handover payload as a UEFI runtime variable (the driver reads it at OS runtime). - Chainloading (
chainload): loads and starts the next EFI image (the OS boot manager).
Full compilation targets a UEFI triple and requires the WEDK toolchain
(G:\, see AGENTS.md); host builds are not expected.
Re-exports§
pub use provider::DevicePath;pub use provider::HookGeometry;pub use hook::BlockIoHookEngine;
Modules§
- chainload
- Chainloading the next EFI image.
- cpu
- Loader-side CPU diagnostics and SSE/XMM enablement.
- handover
- Loader→driver handover (loader side).
- hook
- Block IO hooking engine.
- provider
- Loader-side shared types.
Functions§
- init
- Loader initialization: emit a start banner and report/enable the SSE/XMM control bits required by AES-NI before any AES-NI code (cipher construction, the Block IO decrypt hook) runs. Call this first from the sample’s entry.