mirrors
/
VeraCrypt
mirror of https://github.com/veracrypt/VeraCrypt.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Windows: Implement feature that enables clearing of encryption keys when a new device is inserted. Better implementation for update of EFI bootloader without usage of drive letters (this can fix random issues encountered during Windows upgrade).

This commit is contained in:
Mounir IDRASSI 2019-01-12 01:24:25 +01:00
parent 69cb0bea81
commit d3e7ed96f3
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
8 changed files with 197 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Common/Apidrvr.h
View File

@ -416,5 +416,6 @@ typedef struct
#define VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM 0x80
#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100
#define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200
#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400
#endif /* _WIN32 */

76
src/Common/BootEncryption.cpp
View File

@ -994,10 +994,16 @@ namespace VeraCrypt
Device::Device (wstring path, bool readOnly)
{
FileOpen = false;
Elevated = false;
wstring effectivePath;
FileOpen = false;
Elevated = false;
Handle = CreateFile ((wstring (L"\\\\.\\") + path).c_str(),
if (path.find(L"\\\\?\\") == 0)
effectivePath = path;
else
effectivePath = wstring (L"\\\\.\\") + path;
Handle = CreateFile (effectivePath.c_str(),
readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING,
FILE_FLAG_RANDOM_ACCESS | FILE_FLAG_WRITE_THROUGH, NULL);
@ -1978,8 +1984,7 @@ namespace VeraCrypt
}
else
{
finally_do ({ EfiBootInst.DismountBootPartition(); });
EfiBootInst.MountBootPartition(0);
EfiBootInst.PrepareBootPartition();
if (! (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM))
pim = -1;
@ -2492,8 +2497,6 @@ namespace VeraCrypt
}
EfiBoot::EfiBoot() {
ZeroMemory(EfiBootPartPath, sizeof(EfiBootPartPath));
ZeroMemory (BootVolumePath, sizeof (BootVolumePath));
ZeroMemory (&sdn, sizeof (sdn));
ZeroMemory (&partInfo, sizeof (partInfo));
m_bMounted = false;
@ -2521,34 +2524,21 @@ namespace VeraCrypt
}
PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
memcpy (BootVolumePath, pStr->Buffer, min (pStr->Length, (sizeof (BootVolumePath) - 2)));
BootVolumePath = pStr->Buffer;
EfiBootPartPath = L"\\\\?";
EfiBootPartPath += &pStr->Buffer[7];
bBootVolumePathSelected = true;
}
void EfiBoot::SelectBootVolume(WCHAR* bootVolumePath) {
wstring str;
str = bootVolumePath;
memcpy (BootVolumePath, &str[0], min (str.length() * 2, (sizeof (BootVolumePath) - 2)));
bBootVolumePathSelected = true;
}
void EfiBoot::MountBootPartition(WCHAR letter) {
void EfiBoot::PrepareBootPartition() {
if (!bBootVolumePathSelected) {
SelectBootVolumeESP();
}
if (!letter) {
if (!GetFreeDriveLetter(&EfiBootPartPath[0])) {
throw ErrorException(L"No free letter to mount EFI boot partition", SRC_POS);
}
} else {
EfiBootPartPath[0] = letter;
}
EfiBootPartPath[1] = ':';
EfiBootPartPath[2] = 0;
throw_sys_if(!DefineDosDevice(DDD_RAW_TARGET_PATH, EfiBootPartPath, BootVolumePath));
Device dev(EfiBootPartPath, TRUE);
std::wstring devicePath = L"\\\\?\\GLOBALROOT";
devicePath += BootVolumePath;
Device dev(devicePath.c_str(), TRUE);
try
{
@ -2556,7 +2546,6 @@ namespace VeraCrypt
}
catch (...)
{
DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
throw;
}
@ -2566,20 +2555,9 @@ namespace VeraCrypt
dev.Close();
if (!bSuccess)
{
DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
SetLastError (dwLastError);
throw SystemException(SRC_POS);
}
m_bMounted = true;
}
void EfiBoot::DismountBootPartition() {
if (m_bMounted)
{
DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
m_bMounted = false;
}
}
}
bool EfiBoot::IsEfiBoot() {
@ -3085,8 +3063,7 @@ namespace VeraCrypt
if (!DcsInfoImg)
throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
finally_do ({ EfiBootInst.DismountBootPartition(); });
EfiBootInst.MountBootPartition(0);
EfiBootInst.PrepareBootPartition();
try
{
@ -4110,9 +4087,7 @@ namespace VeraCrypt
const char* g_szMsBootString = "bootmgfw.pdb";
bool bModifiedMsBoot = true;
finally_do ({ EfiBootInst.DismountBootPartition(); });
EfiBootInst.MountBootPartition(0);
EfiBootInst.PrepareBootPartition();
EfiBootInst.GetFileSize(szStdMsBootloader, loaderSize);
bootLoaderBuf.resize ((size_t) loaderSize);
@ -4233,9 +4208,7 @@ namespace VeraCrypt
}
}
finally_do ({ EfiBootInst.DismountBootPartition(); });
EfiBootInst.MountBootPartition(0);
EfiBootInst.PrepareBootPartition();
EfiBootInst.DeleteStartExec();
EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed
@ -4735,8 +4708,7 @@ namespace VeraCrypt
}
else
{
finally_do ({ EfiBootInst.DismountBootPartition(); });
EfiBootInst.MountBootPartition(0);
EfiBootInst.PrepareBootPartition();
memcpy (pSdn, EfiBootInst.GetStorageDeviceNumber(), sizeof (STORAGE_DEVICE_NUMBER));
}
}

8
src/Common/BootEncryption.h
View File

@ -199,8 +199,7 @@ namespace VeraCrypt
public:
EfiBoot();
void MountBootPartition(WCHAR letter);
void DismountBootPartition();
void PrepareBootPartition();
bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
@ -219,17 +218,16 @@ namespace VeraCrypt
BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
BOOL DelDir(const wchar_t* name);
void SelectBootVolumeESP();
void SelectBootVolume(WCHAR* bootVolumePath);
PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
protected:
bool m_bMounted;
WCHAR EfiBootPartPath[3];
std::wstring EfiBootPartPath;
STORAGE_DEVICE_NUMBER sdn;
PARTITION_INFORMATION_EX partInfo;
WCHAR tempBuf[1024];
bool bBootVolumePathSelected;
WCHAR BootVolumePath[MAX_PATH];
std::wstring BootVolumePath;
};
class BootEncryption

2
src/Common/Language.xml
View File

@ -1429,6 +1429,8 @@
<entry lang="en" key="CONFIRM_ALLOW_WINDOWS_DEFRAG">WARNING: Defragmenting non-system partitions/drives may leak metadata about their content or cause issues with hidden volumes they may contain.\n\nContinue?</entry>
<entry lang="en" key="VIRTUAL_DEVICE">Virtual Device</entry>
<entry lang="en" key="MOUNTED_VOLUME_NOT_ASSOCIATED">The selected mounted volume is not associated with its drive letter in Windows and so it can not be opened in Windows Explorer.</entry>
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">

7
src/Driver/Ntdriver.c
View File

@ -4346,6 +4346,13 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)
BlockSystemTrimCommand = TRUE;
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION if it is set */
if (flags & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)
{
flags ^= VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION;
WriteRegistryConfigFlags (flags);
}
}
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);

148
src/Mount/Mount.c
View File

@ -51,6 +51,8 @@
#include "../Setup/SelfExtract.h"
#include <Strsafe.h>
#include <InitGuid.h>
#include <devguid.h>
#import <msxml6.dll> no_auto_exclude
@ -9296,6 +9298,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
static SERVICE_STATUS SystemFavoritesServiceStatus;
static SERVICE_STATUS_HANDLE SystemFavoritesServiceStatusHandle;
static HANDLE SystemFavoriteServiceStopEvent = NULL;
static HDEVNOTIFY SystemFavoriteServiceNotify = NULL;
DEFINE_GUID(OCL_GUID_DEVCLASS_SOFTWARECOMPONENT, 0x5c4c3332, 0x344d, 0x483c, 0x87, 0x39, 0x25, 0x9e, 0x93, 0x4c, 0x9c, 0xc8);
static void SystemFavoritesServiceLogMessage (const wstring &errorMessage, WORD wType)
{
@ -9336,12 +9342,84 @@ static void SystemFavoritesServiceSetStatus (DWORD status, DWORD waitHint = 0)
}
static VOID WINAPI SystemFavoritesServiceCtrlHandler (DWORD control)
static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
DWORD dwEventType,
LPVOID lpEventData,
LPVOID lpContext)
{
if (control == SERVICE_CONTROL_STOP)
switch (dwControl)
{
case SERVICE_CONTROL_PRESHUTDOWN:
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
else
if (BootEncObj)
{
try
{
BootEncryption::UpdateSetupConfigFile (true);
// re-install our bootloader again in case the update process has removed it.
BootEncryption bootEnc (NULL, true);
bootEnc.InstallBootLoader (true);
}
catch (...)
{
}
}
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, FALSE);
SetEvent (SystemFavoriteServiceStopEvent);
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
break;
case SERVICE_CONTROL_STOP:
SetEvent (SystemFavoriteServiceStopEvent);
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
break;
case SERVICE_CONTROL_DEVICEEVENT:
if (DBT_DEVICEARRIVAL == dwEventType)
{
DEV_BROADCAST_HDR* pHdr = (DEV_BROADCAST_HDR *) lpEventData;
if (pHdr->dbch_devicetype != DBT_DEVTYP_VOLUME && pHdr->dbch_devicetype != DBT_DEVTYP_HANDLE)
{
SystemFavoritesServiceLogInfo (L"SERVICE_CONTROL_DEVICEEVENT - DBT_DEVICEARRIVAL received");
if (ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)
{
BOOL bClearKeys = TRUE;
if (pHdr->dbch_devicetype == DBT_DEVTYP_DEVICEINTERFACE)
{
DEV_BROADCAST_DEVICEINTERFACE* pInf = (DEV_BROADCAST_DEVICEINTERFACE*) pHdr;
if (IsEqualGUID (pInf->dbcc_classguid, OCL_GUID_DEVCLASS_SOFTWARECOMPONENT)
|| IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUME)
|| IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUMESNAPSHOT)
)
{
bClearKeys = FALSE;
}
}
if (bClearKeys)
{
DWORD cbBytesReturned = 0;
BOOL bResult = DeviceIoControl (hDriver, VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS, NULL, 0, NULL, 0, &cbBytesReturned, NULL);
if (bResult)
SystemFavoritesServiceLogInfo (L"New device insertion detected - encryption keys cleared");
else
SystemFavoritesServiceLogInfo (L"New device insertion detected - failed to clear encryption keys");
}
}
}
}
break;
default:
SystemFavoritesServiceSetStatus (SystemFavoritesServiceStatus.dwCurrentState);
break;
}
return NO_ERROR;
}
static LONG WINAPI SystemFavoritesServiceExceptionHandler (EXCEPTION_POINTERS *ep)
@ -9363,13 +9441,27 @@ static void SystemFavoritesServiceInvalidParameterHandler (const wchar_t *expres
static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
{
BOOL status = FALSE;
DEV_BROADCAST_DEVICEINTERFACE hdr;
memset (&SystemFavoritesServiceStatus, 0, sizeof (SystemFavoritesServiceStatus));
SystemFavoritesServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
SystemFavoritesServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
if (IsOSAtLeast (WIN_VISTA) && BootEncObj && BootEncStatus.DriveMounted && BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT)
SystemFavoritesServiceStatus.dwControlsAccepted |= SERVICE_ACCEPT_PRESHUTDOWN;
SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandler (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler);
ZeroMemory (&hdr, sizeof(hdr));
hdr.dbcc_size = sizeof (hdr);
hdr.dbcc_devicetype = DBT_DEVTYP_DEVICEINTERFACE;
SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandlerEx (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler, NULL);
if (!SystemFavoritesServiceStatusHandle)
return;
SystemFavoriteServiceStopEvent = CreateEvent (NULL, FALSE, FALSE, NULL);
if (!SystemFavoriteServiceStopEvent)
return;
SystemFavoriteServiceNotify = RegisterDeviceNotification (SystemFavoritesServiceStatusHandle, &hdr,DEVICE_NOTIFY_SERVICE_HANDLE | DEVICE_NOTIFY_ALL_INTERFACE_CLASSES);
InitGlobalLocks ();
SetUnhandledExceptionFilter (SystemFavoritesServiceExceptionHandler);
@ -9400,7 +9492,22 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
FinalizeGlobalLocks ();
if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD))
WipeCache (NULL, TRUE);
SystemFavoritesServiceSetStatus (SERVICE_RUNNING);
WaitForSingleObject (SystemFavoriteServiceStopEvent, INFINITE);
if (SystemFavoriteServiceNotify)
{
UnregisterDeviceNotification (SystemFavoriteServiceNotify);
SystemFavoriteServiceNotify = NULL;
}
CloseHandle (SystemFavoriteServiceStopEvent);
SystemFavoriteServiceStopEvent = NULL;
SystemFavoritesServiceSetStatus (SERVICE_STOPPED);
}
@ -9419,6 +9526,16 @@ static BOOL StartSystemFavoritesService ()
if (DriverAttach() != ERR_SUCCESS)
return FALSE;
try
{
BootEncObj = new BootEncryption (NULL);
BootEncStatus = BootEncObj->GetStatus();
}
catch (Exception &)
{
BootEncStatus.DriveMounted = FALSE;
}
SERVICE_TABLE_ENTRY serviceTable[2];
serviceTable[0].lpServiceName = TC_SYSTEM_FAVORITES_SERVICE_NAME;
serviceTable[0].lpServiceProc = SystemFavoritesServiceMain;
@ -9428,8 +9545,11 @@ static BOOL StartSystemFavoritesService ()
BOOL result = StartServiceCtrlDispatcher (serviceTable);
if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD))
WipeCache (NULL, TRUE);
if (BootEncObj != NULL)
{
delete BootEncObj;
BootEncObj = NULL;
}
return result;
}
@ -10919,7 +11039,8 @@ error:
void SetDriverConfigurationFlag (uint32 flag, BOOL state)
{
BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
if (BootEncObj)
BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
}
@ -11380,6 +11501,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE;
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
BOOL bBlockSysEncTrimEnabled = (driverConfig & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)? TRUE : FALSE;
BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
BOOL bIsHiddenOS = IsHiddenOSRunning ();
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
@ -11422,6 +11544,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled? BST_CHECKED : BST_UNCHECKED);
if (bIsHiddenOS)
{
// we always block TRIM command on hidden OS regardless of the configuration
@ -11542,10 +11666,12 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled);
if (!IsHiddenOSRunning ()) /* we don't need to update TRIM config for hidden OS since it's always blocked */
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_BLOCK_SYS_TRIM, bBlockSysEncTrimEnabled);
}
@ -11588,6 +11714,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), FALSE);
}
break;
case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
{
Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
}
break;
}
return 0;

30
src/Mount/Mount.rc
View File

@ -285,7 +285,7 @@ BEGIN
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
END
IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 182
IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 194
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@ -295,18 +295,20 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,61
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,75
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,339,10
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,16,83,340,10
CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,98,340,10
GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,116,355,36
PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,129,173,14
PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,129,173,14
PUSHBUTTON "Cancel",IDCANCEL,313,158,50,14
DEFPUSHBUTTON "OK",IDOK,255,158,50,14
GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,131,355,36
PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,144,173,14
PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,144,173,14
PUSHBUTTON "Cancel",IDCANCEL,313,170,50,14
DEFPUSHBUTTON "OK",IDOK,255,170,50,14
CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10
END
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 265
@ -393,7 +395,7 @@ BEGIN
CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10
END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 297
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 310
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@ -413,12 +415,14 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,251,340,10
PUSHBUTTON "Cancel",IDCANCEL,314,273,50,14
DEFPUSHBUTTON "OK",IDOK,257,273,50,14
PUSHBUTTON "Cancel",IDCANCEL,314,286,50,14
DEFPUSHBUTTON "OK",IDOK,257,286,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,39,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,9,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,92
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,105
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,72,337,73
CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,265,340,10
END
/////////////////////////////////////////////////////////////////////////////
@ -494,7 +498,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 368
TOPMARGIN, 7
BOTTOMMARGIN, 172
BOTTOMMARGIN, 184
END
IDD_PERFORMANCE_SETTINGS, DIALOG
@ -526,7 +530,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 364
TOPMARGIN, 7
BOTTOMMARGIN, 287
BOTTOMMARGIN, 300
END
END
#endif // APSTUDIO_INVOKED

3
src/Mount/Resource.h
View File

@ -191,6 +191,7 @@
#define IDC_BLOCK_SYSENC_TRIM 1168
#define IDC_ALLOW_WINDOWS_DEFRAG 1169
#define IDC_LOWER_BOX 1170
#define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@ -267,7 +268,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40069
#define _APS_NEXT_CONTROL_VALUE 1171
#define _APS_NEXT_CONTROL_VALUE 1172
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif