UEFI: EFI System Partition Write protected by Windows?

Experts,

I am working on a recovery product, where, at times, we need to completely
over write the ESP partition with a valid BCD. My observations are, that
when we are booted up from WinPE (from UEFI firmware), and we try to do
this, we get Write errors on the sectors owned by the ESP/BCD. Is there a
way to bypass this write protection and go ahead?

Scenario in detail:

  1. User boots up from WinPe (through UEFI firmware)
  2. User uses our product to select and ‘restore/overwrite’ ESP with his own
    backed up ESP partition (with a valid BCD)
  3. Our app opens the \.\PhysicalDriveX with read/write options (please
    note, CreateFile suceeds, so it is not a permission issue opening this
    device)
  4. We get a legit handle.
  5. we use WriteFile to copy the new BCD sector by sector to the correct
    locations on this device, here is where we get an error, disk is write
    protected (or sometimes some thing else), but indicating that those sectors
    are blocked by some entity.

Please note, I have tried creating a blank ESP partition with (diskpart
create partition EFI size=100) and over write of that works fine, this
indicated *only* when there is a valid BCD, the write fails.

Can one of you suggest a work around. Please note, we need this solution
for Wndows PE environment.

Thanks

amitr0

Your copy should include ReadI/O. Does it work?
Where is your destination partition and file? On another disk? And you get an error from WriteFile in destination partition, do you?
I did entire copy of EFI partition, including BCD files. But I used UEFI Shell to do it.

Igor Sharovar

Yes read works. the source is an already created image (so it did use read
to create it). and yes i get an error from teh destination partition
(rather disk, as EFI partiton is not mounted, we open the physical disk and
write to the appropriate sectors recreating the partition as a whole.

as i noted before, if there are more than one esps on the machine, with
firmware bcd pointing to one, the other one is over writable, seems like
wither windows or efi itself locks those sectors.

On Fri, Feb 3, 2012 at 10:52 PM, wrote:

> Your copy should include ReadI/O. Does it work?
> Where is your destination partition and file? On another disk? And you get
> an error from WriteFile in destination partition, do you?
> I did entire copy of EFI partition, including BCD files. But I used UEFI
> Shell to do it.
>
> Igor Sharovar
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>



- ab

You could check UEFI enviroment by using UEFI Shell. As I mention before I loaded the UEFI Shell which mapped more than one EFI partitions. And I did copy whole \EFI directory, into another EFI partition, including BCD files. EFI is not a problem in your case. Maybe Windows doing something but I doubt. You need more deeply debug Windows components to define why you get an error.

Igor Sharovar