fix(host/windows): drop the SudoVDA to SDR for the secure DDA leg, verified

Keep HDR OFF for the DDA (secure-desktop) path rather than bailing to WGC: the DDA capturer is SDR-only (BGRA8), so an HDR SudoVDA makes the Winlogon capture black. On the secure transition, drop the monitor out of HDR and VERIFY it took (re-read advanced_color_enabled, retry up to 6×200ms) before opening DDA — the CCD toggle can transiently fail (rc=5) or lag. Restore HDR on return to the WGC normal-desktop leg. Logs clearly if the drop can't be applied (e.g. denied on the Winlogon desktop). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-16 21:56:11 +00:00
parent af6787c0bd
commit 69765bad93
1 changed files with 26 additions and 5 deletions
@@ -2572,11 +2572,32 @@ fn virtual_stream_relay(
                dropped_hdr_for_secure =
                    unsafe { crate::vdisplay::sudovda::advanced_color_enabled(target.target_id) };
                if dropped_hdr_for_secure {
-                    let toggled = unsafe {
-                        crate::vdisplay::sudovda::set_advanced_color(target.target_id, false)
-                    };
-                    if toggled {
-                        std::thread::sleep(std::time::Duration::from_millis(250));
+                    // The DDA path is SDR-only (BGRA8) — leaving the SudoVDA in HDR makes the secure
+                    // desktop capture black. Drop to SDR and VERIFY it actually took before opening DDA:
+                    // the CCD advanced-color toggle can transiently fail (rc=5) or lag, so retry until
+                    // advanced_color_enabled() reads false (or we give up and open DDA regardless).
+                    let mut off = false;
+                    for attempt in 0..6 {
+                        unsafe {
+                            crate::vdisplay::sudovda::set_advanced_color(target.target_id, false);
+                        }
+                        std::thread::sleep(std::time::Duration::from_millis(200));
+                        if !unsafe {
+                            crate::vdisplay::sudovda::advanced_color_enabled(target.target_id)
+                        } {
+                            off = true;
+                            tracing::info!(
+                                attempt,
+                                "SudoVDA dropped to SDR for the secure DDA leg"
+                            );
+                            break;
+                        }
+                    }
+                    if !off {
+                        tracing::warn!(
+                            "could not drop the SudoVDA out of HDR for the secure desktop — DDA may \
+                             be black (display-config change likely denied on the Winlogon desktop)"
+                        );
                    }
                }
                dda = None; // reopen so we capture the (SDR) output