The sample runtime DXE driver (UEFI driver) monitoring access to the UEFI variables by hooking the runtime service table in C and Rust.
This project was developed to provide a small sample of a runtime driver.
Rust implementation was made solely for author's learning.
-
UefiVarMonitorDxe
The UEFI runtime driver that hooks
GetVariable
andSetVariable
runtime services, and logs the use of them into serial output. Written in less than 300 lines of C code. -
uefi-var-monitor
Nearly equivalent implementation of
UefiVarMonitorDxe
in Rust. Unsafe, unsafe everywhere. -
UefiVarMonitorExDxe
The enhanced version of
UefiVarMonitorDxe
allowing a Windows driver to register an inline callback of the above runtime services. This can also be used to alter parameters and block those calls. -
UefiVarMonitorExClient
The sample Windows driver registering a callback with
UefiVarMonitorExDxe
.
-
UefiVarMonitorDxe and UefiVarMonitorExDxe
- Set up edk2 build environment
- Copy
UefiVarMonitorPkg
asedk2\UefiVarMonitorPkg
- On the edk2 build command prompt, run the below command:
Or on WSL,
> edksetup.bat > build -t VS2019 -a X64 -b NOOPT -p UefiVarMonitorPkg\UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT
$ . edksetup.sh $ build -t GCC5 -a X64 -b NOOPT -p UefiVarMonitorPkg/UefiVarMonitorPkg.dsc -D DEBUG_ON_SERIAL_PORT
-
uefi-var-monitor
- Install the nightly rust compiler.
- Install
cargo-xbuild
> cargo install cargo-xbuild
- Override
/subsystem
via theRUSTFLAGS
environnement variables and build the project.> cd uefi-var-monitor > set RUSTFLAGS=-Z pre-link-args=/subsystem:efi_runtime_driver > cargo xbuild --target x86_64-unknown-uefi
-
UefiVarMonitorExClient
This is a standard Windows driver. VS2019 and WDK 10.0.18362 or later are required.