Windows: Implement feature that enables clearing of encryption keys when a new device is inserted. Better implementation for update of EFI bootloader without usage of drive letters (this can fix random issues encountered during Windows upgrade).
This commit is contained in:
parent
69cb0bea81
commit
d3e7ed96f3
|
@ -416,5 +416,6 @@ typedef struct
|
|||
#define VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM 0x80
|
||||
#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100
|
||||
#define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200
|
||||
#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400
|
||||
|
||||
#endif /* _WIN32 */
|
||||
|
|
|
@ -994,10 +994,16 @@ namespace VeraCrypt
|
|||
|
||||
Device::Device (wstring path, bool readOnly)
|
||||
{
|
||||
FileOpen = false;
|
||||
Elevated = false;
|
||||
wstring effectivePath;
|
||||
FileOpen = false;
|
||||
Elevated = false;
|
||||
|
||||
Handle = CreateFile ((wstring (L"\\\\.\\") + path).c_str(),
|
||||
if (path.find(L"\\\\?\\") == 0)
|
||||
effectivePath = path;
|
||||
else
|
||||
effectivePath = wstring (L"\\\\.\\") + path;
|
||||
|
||||
Handle = CreateFile (effectivePath.c_str(),
|
||||
readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE,
|
||||
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING,
|
||||
FILE_FLAG_RANDOM_ACCESS | FILE_FLAG_WRITE_THROUGH, NULL);
|
||||
|
@ -1978,8 +1984,7 @@ namespace VeraCrypt
|
|||
}
|
||||
else
|
||||
{
|
||||
finally_do ({ EfiBootInst.DismountBootPartition(); });
|
||||
EfiBootInst.MountBootPartition(0);
|
||||
EfiBootInst.PrepareBootPartition();
|
||||
|
||||
if (! (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM))
|
||||
pim = -1;
|
||||
|
@ -2492,8 +2497,6 @@ namespace VeraCrypt
|
|||
}
|
||||
|
||||
EfiBoot::EfiBoot() {
|
||||
ZeroMemory(EfiBootPartPath, sizeof(EfiBootPartPath));
|
||||
ZeroMemory (BootVolumePath, sizeof (BootVolumePath));
|
||||
ZeroMemory (&sdn, sizeof (sdn));
|
||||
ZeroMemory (&partInfo, sizeof (partInfo));
|
||||
m_bMounted = false;
|
||||
|
@ -2521,34 +2524,21 @@ namespace VeraCrypt
|
|||
}
|
||||
|
||||
PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
|
||||
memcpy (BootVolumePath, pStr->Buffer, min (pStr->Length, (sizeof (BootVolumePath) - 2)));
|
||||
BootVolumePath = pStr->Buffer;
|
||||
|
||||
EfiBootPartPath = L"\\\\?";
|
||||
EfiBootPartPath += &pStr->Buffer[7];
|
||||
|
||||
bBootVolumePathSelected = true;
|
||||
}
|
||||
|
||||
void EfiBoot::SelectBootVolume(WCHAR* bootVolumePath) {
|
||||
wstring str;
|
||||
str = bootVolumePath;
|
||||
memcpy (BootVolumePath, &str[0], min (str.length() * 2, (sizeof (BootVolumePath) - 2)));
|
||||
bBootVolumePathSelected = true;
|
||||
}
|
||||
|
||||
void EfiBoot::MountBootPartition(WCHAR letter) {
|
||||
void EfiBoot::PrepareBootPartition() {
|
||||
if (!bBootVolumePathSelected) {
|
||||
SelectBootVolumeESP();
|
||||
}
|
||||
|
||||
if (!letter) {
|
||||
if (!GetFreeDriveLetter(&EfiBootPartPath[0])) {
|
||||
throw ErrorException(L"No free letter to mount EFI boot partition", SRC_POS);
|
||||
}
|
||||
} else {
|
||||
EfiBootPartPath[0] = letter;
|
||||
}
|
||||
EfiBootPartPath[1] = ':';
|
||||
EfiBootPartPath[2] = 0;
|
||||
throw_sys_if(!DefineDosDevice(DDD_RAW_TARGET_PATH, EfiBootPartPath, BootVolumePath));
|
||||
|
||||
Device dev(EfiBootPartPath, TRUE);
|
||||
std::wstring devicePath = L"\\\\?\\GLOBALROOT";
|
||||
devicePath += BootVolumePath;
|
||||
Device dev(devicePath.c_str(), TRUE);
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -2556,7 +2546,6 @@ namespace VeraCrypt
|
|||
}
|
||||
catch (...)
|
||||
{
|
||||
DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
|
||||
throw;
|
||||
}
|
||||
|
||||
|
@ -2566,20 +2555,9 @@ namespace VeraCrypt
|
|||
dev.Close();
|
||||
if (!bSuccess)
|
||||
{
|
||||
DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
|
||||
SetLastError (dwLastError);
|
||||
throw SystemException(SRC_POS);
|
||||
}
|
||||
|
||||
m_bMounted = true;
|
||||
}
|
||||
|
||||
void EfiBoot::DismountBootPartition() {
|
||||
if (m_bMounted)
|
||||
{
|
||||
DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
|
||||
m_bMounted = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
bool EfiBoot::IsEfiBoot() {
|
||||
|
@ -3085,8 +3063,7 @@ namespace VeraCrypt
|
|||
if (!DcsInfoImg)
|
||||
throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
|
||||
|
||||
finally_do ({ EfiBootInst.DismountBootPartition(); });
|
||||
EfiBootInst.MountBootPartition(0);
|
||||
EfiBootInst.PrepareBootPartition();
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -4110,9 +4087,7 @@ namespace VeraCrypt
|
|||
const char* g_szMsBootString = "bootmgfw.pdb";
|
||||
bool bModifiedMsBoot = true;
|
||||
|
||||
finally_do ({ EfiBootInst.DismountBootPartition(); });
|
||||
|
||||
EfiBootInst.MountBootPartition(0);
|
||||
EfiBootInst.PrepareBootPartition();
|
||||
|
||||
EfiBootInst.GetFileSize(szStdMsBootloader, loaderSize);
|
||||
bootLoaderBuf.resize ((size_t) loaderSize);
|
||||
|
@ -4233,9 +4208,7 @@ namespace VeraCrypt
|
|||
}
|
||||
}
|
||||
|
||||
finally_do ({ EfiBootInst.DismountBootPartition(); });
|
||||
|
||||
EfiBootInst.MountBootPartition(0);
|
||||
EfiBootInst.PrepareBootPartition();
|
||||
|
||||
EfiBootInst.DeleteStartExec();
|
||||
EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed
|
||||
|
@ -4735,8 +4708,7 @@ namespace VeraCrypt
|
|||
}
|
||||
else
|
||||
{
|
||||
finally_do ({ EfiBootInst.DismountBootPartition(); });
|
||||
EfiBootInst.MountBootPartition(0);
|
||||
EfiBootInst.PrepareBootPartition();
|
||||
memcpy (pSdn, EfiBootInst.GetStorageDeviceNumber(), sizeof (STORAGE_DEVICE_NUMBER));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -199,8 +199,7 @@ namespace VeraCrypt
|
|||
public:
|
||||
EfiBoot();
|
||||
|
||||
void MountBootPartition(WCHAR letter);
|
||||
void DismountBootPartition();
|
||||
void PrepareBootPartition();
|
||||
bool IsEfiBoot();
|
||||
|
||||
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
|
||||
|
@ -219,17 +218,16 @@ namespace VeraCrypt
|
|||
BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
|
||||
BOOL DelDir(const wchar_t* name);
|
||||
void SelectBootVolumeESP();
|
||||
void SelectBootVolume(WCHAR* bootVolumePath);
|
||||
PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
|
||||
|
||||
protected:
|
||||
bool m_bMounted;
|
||||
WCHAR EfiBootPartPath[3];
|
||||
std::wstring EfiBootPartPath;
|
||||
STORAGE_DEVICE_NUMBER sdn;
|
||||
PARTITION_INFORMATION_EX partInfo;
|
||||
WCHAR tempBuf[1024];
|
||||
bool bBootVolumePathSelected;
|
||||
WCHAR BootVolumePath[MAX_PATH];
|
||||
std::wstring BootVolumePath;
|
||||
};
|
||||
|
||||
class BootEncryption
|
||||
|
|
|
@ -1429,6 +1429,8 @@
|
|||
<entry lang="en" key="CONFIRM_ALLOW_WINDOWS_DEFRAG">WARNING: Defragmenting non-system partitions/drives may leak metadata about their content or cause issues with hidden volumes they may contain.\n\nContinue?</entry>
|
||||
<entry lang="en" key="VIRTUAL_DEVICE">Virtual Device</entry>
|
||||
<entry lang="en" key="MOUNTED_VOLUME_NOT_ASSOCIATED">The selected mounted volume is not associated with its drive letter in Windows and so it can not be opened in Windows Explorer.</entry>
|
||||
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
|
||||
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
|
||||
</localization>
|
||||
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
|
||||
<xs:element name="VeraCrypt">
|
||||
|
|
|
@ -4346,6 +4346,13 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
|
|||
|
||||
if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)
|
||||
BlockSystemTrimCommand = TRUE;
|
||||
|
||||
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION if it is set */
|
||||
if (flags & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)
|
||||
{
|
||||
flags ^= VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION;
|
||||
WriteRegistryConfigFlags (flags);
|
||||
}
|
||||
}
|
||||
|
||||
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
|
||||
|
|
|
@ -51,6 +51,8 @@
|
|||
#include "../Setup/SelfExtract.h"
|
||||
|
||||
#include <Strsafe.h>
|
||||
#include <InitGuid.h>
|
||||
#include <devguid.h>
|
||||
|
||||
#import <msxml6.dll> no_auto_exclude
|
||||
|
||||
|
@ -9296,6 +9298,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
|
|||
|
||||
static SERVICE_STATUS SystemFavoritesServiceStatus;
|
||||
static SERVICE_STATUS_HANDLE SystemFavoritesServiceStatusHandle;
|
||||
static HANDLE SystemFavoriteServiceStopEvent = NULL;
|
||||
static HDEVNOTIFY SystemFavoriteServiceNotify = NULL;
|
||||
|
||||
DEFINE_GUID(OCL_GUID_DEVCLASS_SOFTWARECOMPONENT, 0x5c4c3332, 0x344d, 0x483c, 0x87, 0x39, 0x25, 0x9e, 0x93, 0x4c, 0x9c, 0xc8);
|
||||
|
||||
static void SystemFavoritesServiceLogMessage (const wstring &errorMessage, WORD wType)
|
||||
{
|
||||
|
@ -9336,12 +9342,84 @@ static void SystemFavoritesServiceSetStatus (DWORD status, DWORD waitHint = 0)
|
|||
}
|
||||
|
||||
|
||||
static VOID WINAPI SystemFavoritesServiceCtrlHandler (DWORD control)
|
||||
static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
|
||||
DWORD dwEventType,
|
||||
LPVOID lpEventData,
|
||||
LPVOID lpContext)
|
||||
{
|
||||
if (control == SERVICE_CONTROL_STOP)
|
||||
switch (dwControl)
|
||||
{
|
||||
case SERVICE_CONTROL_PRESHUTDOWN:
|
||||
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
|
||||
else
|
||||
|
||||
if (BootEncObj)
|
||||
{
|
||||
try
|
||||
{
|
||||
BootEncryption::UpdateSetupConfigFile (true);
|
||||
// re-install our bootloader again in case the update process has removed it.
|
||||
BootEncryption bootEnc (NULL, true);
|
||||
bootEnc.InstallBootLoader (true);
|
||||
}
|
||||
catch (...)
|
||||
{
|
||||
}
|
||||
}
|
||||
|
||||
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */
|
||||
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, FALSE);
|
||||
|
||||
SetEvent (SystemFavoriteServiceStopEvent);
|
||||
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
|
||||
|
||||
break;
|
||||
case SERVICE_CONTROL_STOP:
|
||||
SetEvent (SystemFavoriteServiceStopEvent);
|
||||
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
|
||||
break;
|
||||
case SERVICE_CONTROL_DEVICEEVENT:
|
||||
if (DBT_DEVICEARRIVAL == dwEventType)
|
||||
{
|
||||
DEV_BROADCAST_HDR* pHdr = (DEV_BROADCAST_HDR *) lpEventData;
|
||||
if (pHdr->dbch_devicetype != DBT_DEVTYP_VOLUME && pHdr->dbch_devicetype != DBT_DEVTYP_HANDLE)
|
||||
{
|
||||
SystemFavoritesServiceLogInfo (L"SERVICE_CONTROL_DEVICEEVENT - DBT_DEVICEARRIVAL received");
|
||||
|
||||
if (ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)
|
||||
{
|
||||
BOOL bClearKeys = TRUE;
|
||||
if (pHdr->dbch_devicetype == DBT_DEVTYP_DEVICEINTERFACE)
|
||||
{
|
||||
DEV_BROADCAST_DEVICEINTERFACE* pInf = (DEV_BROADCAST_DEVICEINTERFACE*) pHdr;
|
||||
|
||||
if (IsEqualGUID (pInf->dbcc_classguid, OCL_GUID_DEVCLASS_SOFTWARECOMPONENT)
|
||||
|| IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUME)
|
||||
|| IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUMESNAPSHOT)
|
||||
)
|
||||
{
|
||||
bClearKeys = FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if (bClearKeys)
|
||||
{
|
||||
DWORD cbBytesReturned = 0;
|
||||
BOOL bResult = DeviceIoControl (hDriver, VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS, NULL, 0, NULL, 0, &cbBytesReturned, NULL);
|
||||
if (bResult)
|
||||
SystemFavoritesServiceLogInfo (L"New device insertion detected - encryption keys cleared");
|
||||
else
|
||||
SystemFavoritesServiceLogInfo (L"New device insertion detected - failed to clear encryption keys");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
default:
|
||||
SystemFavoritesServiceSetStatus (SystemFavoritesServiceStatus.dwCurrentState);
|
||||
break;
|
||||
}
|
||||
|
||||
return NO_ERROR;
|
||||
}
|
||||
|
||||
static LONG WINAPI SystemFavoritesServiceExceptionHandler (EXCEPTION_POINTERS *ep)
|
||||
|
@ -9363,13 +9441,27 @@ static void SystemFavoritesServiceInvalidParameterHandler (const wchar_t *expres
|
|||
static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
DEV_BROADCAST_DEVICEINTERFACE hdr;
|
||||
memset (&SystemFavoritesServiceStatus, 0, sizeof (SystemFavoritesServiceStatus));
|
||||
SystemFavoritesServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
|
||||
SystemFavoritesServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
|
||||
if (IsOSAtLeast (WIN_VISTA) && BootEncObj && BootEncStatus.DriveMounted && BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT)
|
||||
SystemFavoritesServiceStatus.dwControlsAccepted |= SERVICE_ACCEPT_PRESHUTDOWN;
|
||||
|
||||
SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandler (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler);
|
||||
ZeroMemory (&hdr, sizeof(hdr));
|
||||
hdr.dbcc_size = sizeof (hdr);
|
||||
hdr.dbcc_devicetype = DBT_DEVTYP_DEVICEINTERFACE;
|
||||
|
||||
SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandlerEx (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler, NULL);
|
||||
if (!SystemFavoritesServiceStatusHandle)
|
||||
return;
|
||||
|
||||
SystemFavoriteServiceStopEvent = CreateEvent (NULL, FALSE, FALSE, NULL);
|
||||
if (!SystemFavoriteServiceStopEvent)
|
||||
return;
|
||||
|
||||
SystemFavoriteServiceNotify = RegisterDeviceNotification (SystemFavoritesServiceStatusHandle, &hdr,DEVICE_NOTIFY_SERVICE_HANDLE | DEVICE_NOTIFY_ALL_INTERFACE_CLASSES);
|
||||
|
||||
InitGlobalLocks ();
|
||||
|
||||
SetUnhandledExceptionFilter (SystemFavoritesServiceExceptionHandler);
|
||||
|
@ -9400,7 +9492,22 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
|
|||
|
||||
FinalizeGlobalLocks ();
|
||||
|
||||
if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD))
|
||||
WipeCache (NULL, TRUE);
|
||||
|
||||
SystemFavoritesServiceSetStatus (SERVICE_RUNNING);
|
||||
|
||||
WaitForSingleObject (SystemFavoriteServiceStopEvent, INFINITE);
|
||||
|
||||
if (SystemFavoriteServiceNotify)
|
||||
{
|
||||
UnregisterDeviceNotification (SystemFavoriteServiceNotify);
|
||||
SystemFavoriteServiceNotify = NULL;
|
||||
}
|
||||
|
||||
CloseHandle (SystemFavoriteServiceStopEvent);
|
||||
SystemFavoriteServiceStopEvent = NULL;
|
||||
|
||||
SystemFavoritesServiceSetStatus (SERVICE_STOPPED);
|
||||
}
|
||||
|
||||
|
@ -9419,6 +9526,16 @@ static BOOL StartSystemFavoritesService ()
|
|||
if (DriverAttach() != ERR_SUCCESS)
|
||||
return FALSE;
|
||||
|
||||
try
|
||||
{
|
||||
BootEncObj = new BootEncryption (NULL);
|
||||
BootEncStatus = BootEncObj->GetStatus();
|
||||
}
|
||||
catch (Exception &)
|
||||
{
|
||||
BootEncStatus.DriveMounted = FALSE;
|
||||
}
|
||||
|
||||
SERVICE_TABLE_ENTRY serviceTable[2];
|
||||
serviceTable[0].lpServiceName = TC_SYSTEM_FAVORITES_SERVICE_NAME;
|
||||
serviceTable[0].lpServiceProc = SystemFavoritesServiceMain;
|
||||
|
@ -9428,8 +9545,11 @@ static BOOL StartSystemFavoritesService ()
|
|||
|
||||
BOOL result = StartServiceCtrlDispatcher (serviceTable);
|
||||
|
||||
if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD))
|
||||
WipeCache (NULL, TRUE);
|
||||
if (BootEncObj != NULL)
|
||||
{
|
||||
delete BootEncObj;
|
||||
BootEncObj = NULL;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
@ -10919,7 +11039,8 @@ error:
|
|||
|
||||
void SetDriverConfigurationFlag (uint32 flag, BOOL state)
|
||||
{
|
||||
BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
|
||||
if (BootEncObj)
|
||||
BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
|
||||
}
|
||||
|
||||
|
||||
|
@ -11380,6 +11501,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
|
|||
BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE;
|
||||
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
|
||||
BOOL bBlockSysEncTrimEnabled = (driverConfig & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)? TRUE : FALSE;
|
||||
BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
|
||||
BOOL bIsHiddenOS = IsHiddenOSRunning ();
|
||||
|
||||
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
|
||||
|
@ -11422,6 +11544,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
|
|||
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
|
||||
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled);
|
||||
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED);
|
||||
CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled? BST_CHECKED : BST_UNCHECKED);
|
||||
|
||||
if (bIsHiddenOS)
|
||||
{
|
||||
// we always block TRIM command on hidden OS regardless of the configuration
|
||||
|
@ -11542,10 +11666,12 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
|
|||
BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
|
||||
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
|
||||
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
|
||||
BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
|
||||
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
|
||||
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
|
||||
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
|
||||
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
|
||||
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled);
|
||||
if (!IsHiddenOSRunning ()) /* we don't need to update TRIM config for hidden OS since it's always blocked */
|
||||
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_BLOCK_SYS_TRIM, bBlockSysEncTrimEnabled);
|
||||
}
|
||||
|
@ -11588,6 +11714,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
|
|||
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), FALSE);
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
|
||||
if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
|
||||
{
|
||||
Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
|
|
|
@ -285,7 +285,7 @@ BEGIN
|
|||
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
|
||||
END
|
||||
|
||||
IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 182
|
||||
IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 194
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
CAPTION "VeraCrypt - System Encryption Settings"
|
||||
FONT 8, "MS Shell Dlg", 400, 0, 0x1
|
||||
|
@ -295,18 +295,20 @@ BEGIN
|
|||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
|
||||
CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9
|
||||
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,61
|
||||
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,75
|
||||
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,339,10
|
||||
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
|
||||
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,16,83,340,10
|
||||
CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,98,340,10
|
||||
GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,116,355,36
|
||||
PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,129,173,14
|
||||
PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,129,173,14
|
||||
PUSHBUTTON "Cancel",IDCANCEL,313,158,50,14
|
||||
DEFPUSHBUTTON "OK",IDOK,255,158,50,14
|
||||
GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,131,355,36
|
||||
PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,144,173,14
|
||||
PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,144,173,14
|
||||
PUSHBUTTON "Cancel",IDCANCEL,313,170,50,14
|
||||
DEFPUSHBUTTON "OK",IDOK,255,170,50,14
|
||||
CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10
|
||||
END
|
||||
|
||||
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 265
|
||||
|
@ -393,7 +395,7 @@ BEGIN
|
|||
CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10
|
||||
END
|
||||
|
||||
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 297
|
||||
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 310
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
CAPTION "VeraCrypt - System Encryption Settings"
|
||||
FONT 8, "MS Shell Dlg", 400, 0, 0x1
|
||||
|
@ -413,12 +415,14 @@ BEGIN
|
|||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
|
||||
CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,251,340,10
|
||||
PUSHBUTTON "Cancel",IDCANCEL,314,273,50,14
|
||||
DEFPUSHBUTTON "OK",IDOK,257,273,50,14
|
||||
PUSHBUTTON "Cancel",IDCANCEL,314,286,50,14
|
||||
DEFPUSHBUTTON "OK",IDOK,257,286,50,14
|
||||
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,39,337,8
|
||||
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,9,7,355,165
|
||||
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,92
|
||||
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,105
|
||||
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,72,337,73
|
||||
CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,265,340,10
|
||||
END
|
||||
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
|
@ -494,7 +498,7 @@ BEGIN
|
|||
LEFTMARGIN, 7
|
||||
RIGHTMARGIN, 368
|
||||
TOPMARGIN, 7
|
||||
BOTTOMMARGIN, 172
|
||||
BOTTOMMARGIN, 184
|
||||
END
|
||||
|
||||
IDD_PERFORMANCE_SETTINGS, DIALOG
|
||||
|
@ -526,7 +530,7 @@ BEGIN
|
|||
LEFTMARGIN, 7
|
||||
RIGHTMARGIN, 364
|
||||
TOPMARGIN, 7
|
||||
BOTTOMMARGIN, 287
|
||||
BOTTOMMARGIN, 300
|
||||
END
|
||||
END
|
||||
#endif // APSTUDIO_INVOKED
|
||||
|
|
|
@ -191,6 +191,7 @@
|
|||
#define IDC_BLOCK_SYSENC_TRIM 1168
|
||||
#define IDC_ALLOW_WINDOWS_DEFRAG 1169
|
||||
#define IDC_LOWER_BOX 1170
|
||||
#define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171
|
||||
#define IDM_HELP 40001
|
||||
#define IDM_ABOUT 40002
|
||||
#define IDM_UNMOUNT_VOLUME 40003
|
||||
|
@ -267,7 +268,7 @@
|
|||
#define _APS_NO_MFC 1
|
||||
#define _APS_NEXT_RESOURCE_VALUE 120
|
||||
#define _APS_NEXT_COMMAND_VALUE 40069
|
||||
#define _APS_NEXT_CONTROL_VALUE 1171
|
||||
#define _APS_NEXT_CONTROL_VALUE 1172
|
||||
#define _APS_NEXT_SYMED_VALUE 101
|
||||
#endif
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue