VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-02-07 14:24:56 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-02-08 00:50:03 (GMT)
commite5b9cee8681dc45340321f759079b344a3b2676c (patch)
tree7e4875ccf109ebd2d2a858ec0368f2d9d46e2a5a
parent6bb1f24ed571bccd4d1d247dafdc1dda6eaa3d8d (diff)
downloadVeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.zip
VeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.tar.gz
Windows: Add option to enable use of CPU RDRAND/RDSEED as source of entropy which is now disabled by default
-rw-r--r--Translations/Language.ar.xml1
-rw-r--r--Translations/Language.be.xml1
-rw-r--r--Translations/Language.bg.xml1
-rw-r--r--Translations/Language.ca.xml1
-rw-r--r--Translations/Language.cs.xml1
-rw-r--r--Translations/Language.da.xml1
-rw-r--r--Translations/Language.de.xml1
-rw-r--r--Translations/Language.el.xml1
-rw-r--r--Translations/Language.es.xml1
-rw-r--r--Translations/Language.eu.xml1
-rw-r--r--Translations/Language.fa.xml1
-rw-r--r--Translations/Language.fi.xml1
-rw-r--r--Translations/Language.fr.xml1
-rw-r--r--Translations/Language.hu.xml1
-rw-r--r--Translations/Language.id.xml1
-rw-r--r--Translations/Language.it.xml1
-rw-r--r--Translations/Language.ja.xml1
-rw-r--r--Translations/Language.ka.xml1
-rw-r--r--Translations/Language.ko.xml1
-rw-r--r--Translations/Language.lv.xml1
-rw-r--r--Translations/Language.my.xml1
-rw-r--r--Translations/Language.nl.xml1
-rw-r--r--Translations/Language.nn.xml1
-rw-r--r--Translations/Language.pl.xml1
-rw-r--r--Translations/Language.pt-br.xml1
-rw-r--r--Translations/Language.ro.xml1
-rw-r--r--Translations/Language.ru.xml1
-rw-r--r--Translations/Language.sk.xml1
-rw-r--r--Translations/Language.sl.xml1
-rw-r--r--Translations/Language.sv.xml1
-rw-r--r--Translations/Language.th.xml1
-rw-r--r--Translations/Language.tr.xml1
-rw-r--r--Translations/Language.uk.xml1
-rw-r--r--Translations/Language.uz.xml1
-rw-r--r--Translations/Language.vi.xml1
-rw-r--r--Translations/Language.zh-cn.xml1
-rw-r--r--Translations/Language.zh-hk.xml1
-rw-r--r--Translations/Language.zh-tw.xml1
-rw-r--r--src/Common/Apidrvr.h1
-rw-r--r--src/Common/Crypto.c26
-rw-r--r--src/Common/Crypto.h4
-rw-r--r--src/Common/Language.xml1
-rw-r--r--src/Common/Random.c12
-rw-r--r--src/Driver/DriveFilter.c7
-rw-r--r--src/Driver/Ntdriver.c1
-rw-r--r--src/Mount/Mount.c16
-rw-r--r--src/Mount/Mount.rc14
-rw-r--r--src/Mount/Resource.h3
48 files changed, 108 insertions, 15 deletions
diff --git a/Translations/Language.ar.xml b/Translations/Language.ar.xml
index 3d36226..cd82e78 100644
--- a/Translations/Language.ar.xml
+++ b/Translations/Language.ar.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.be.xml b/Translations/Language.be.xml
index 4966355..631ea30 100644
--- a/Translations/Language.be.xml
+++ b/Translations/Language.be.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.bg.xml b/Translations/Language.bg.xml
index 45c3645..1ff8a7c 100644
--- a/Translations/Language.bg.xml
+++ b/Translations/Language.bg.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ca.xml b/Translations/Language.ca.xml
index 59af488..3eeb6de 100644
--- a/Translations/Language.ca.xml
+++ b/Translations/Language.ca.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml
index ed9e8d0..1d65b99 100644
--- a/Translations/Language.cs.xml
+++ b/Translations/Language.cs.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.da.xml b/Translations/Language.da.xml
index 651eed9..dfa25f5 100644
--- a/Translations/Language.da.xml
+++ b/Translations/Language.da.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.de.xml b/Translations/Language.de.xml
index 88df73b..a43c0c1 100644
--- a/Translations/Language.de.xml
+++ b/Translations/Language.de.xml
@@ -1435,6 +1435,7 @@
<entry lang="de" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Verschlüsselungsschlüssel aus dem Speicher löschen, wenn ein neues Gerät eingesteckt wird</entry>
<entry lang="de" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">WICHTIGE HINWEISE:\n - Bitte beachten Sie, dass diese Option nach einem Herunterfahren/Neustart nicht erhalten bleibt, so dass Sie sie beim nächsten Start der Maschine erneut auswählen müssen.\n\n - Wenn diese Option aktiviert ist, wird der Rechner nach dem Anschließen eines neuen Geräts einfrieren und schließlich mit einem BSOD abstürzen, da Windows nach dem Löschen seiner Schlüssel aus dem Speicher nicht mehr auf die verschlüsselte Festplatte zugreifen kann.\n</entry>
<entry lang="de" key="STARTING">Wird gestartet</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<!-- XML-Schema -->
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
diff --git a/Translations/Language.el.xml b/Translations/Language.el.xml
index e98b331..de1f445 100644
--- a/Translations/Language.el.xml
+++ b/Translations/Language.el.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml
index 71559d5..e933930 100644
--- a/Translations/Language.es.xml
+++ b/Translations/Language.es.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="es" key="STARTING">Iniciando</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.eu.xml b/Translations/Language.eu.xml
index 29077dc..42c75ab 100644
--- a/Translations/Language.eu.xml
+++ b/Translations/Language.eu.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.fa.xml b/Translations/Language.fa.xml
index 8d1edda..ae4b71c 100644
--- a/Translations/Language.fa.xml
+++ b/Translations/Language.fa.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml
index 95e293a..9c92a03 100644
--- a/Translations/Language.fi.xml
+++ b/Translations/Language.fi.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml
index 344bb09..50b40cf 100644
--- a/Translations/Language.fr.xml
+++ b/Translations/Language.fr.xml
@@ -1432,6 +1432,7 @@
<entry lang="fr" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Effacer les clefs de chiffrement de la mémoire si un nouveau périphérique est connecté à la machine</entry>
<entry lang="fr" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT:\n - Cette option ne persiste pas après l'arrêt ou le redémarrage de la machine et donc il va falloir la sélectionner à nouveau au prochain démarrage.\n\n - Une fois cette option sélectionnée, dès qu'un nouveau périphérique est connecté, l'ordinateur va se figer et Windows s'arrêtera de fonctionner vu qu'il ne peut plus accéder au disque une fois que les clefs de chiffrement ont été effacées de la mémoire.\n</entry>
<entry lang="fr" key="STARTING">Exécution</entry>
+ <entry lang="fr" key="IDC_ENABLE_CPU_RNG">Utiliser le générateur de nombres aléatoires du processeur comme source additionnelle d'entropie</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.hu.xml b/Translations/Language.hu.xml
index 99ef18e..2013c4f 100644
--- a/Translations/Language.hu.xml
+++ b/Translations/Language.hu.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.id.xml b/Translations/Language.id.xml
index 030cd37..1ebca66 100644
--- a/Translations/Language.id.xml
+++ b/Translations/Language.id.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml
index 7220e69..2108319 100644
--- a/Translations/Language.it.xml
+++ b/Translations/Language.it.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="it" key="STARTING">Caricamento</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml
index 774d790..eb90a47 100644
--- a/Translations/Language.ja.xml
+++ b/Translations/Language.ja.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ka.xml b/Translations/Language.ka.xml
index 4290f64..ec99a8a 100644
--- a/Translations/Language.ka.xml
+++ b/Translations/Language.ka.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml
index 60ecbeb..3e8b871 100644
--- a/Translations/Language.ko.xml
+++ b/Translations/Language.ko.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.lv.xml b/Translations/Language.lv.xml
index a305545..1e63f13 100644
--- a/Translations/Language.lv.xml
+++ b/Translations/Language.lv.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.my.xml b/Translations/Language.my.xml
index 61da4ff..1aeea39 100644
--- a/Translations/Language.my.xml
+++ b/Translations/Language.my.xml
@@ -1434,6 +1434,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.nl.xml b/Translations/Language.nl.xml
index f6cdd94..0a7ac6d 100644
--- a/Translations/Language.nl.xml
+++ b/Translations/Language.nl.xml
@@ -1433,6 +1433,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.nn.xml b/Translations/Language.nn.xml
index 991342b..fb7f2a5 100644
--- a/Translations/Language.nn.xml
+++ b/Translations/Language.nn.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.pl.xml b/Translations/Language.pl.xml
index 1ceeb27..086261d 100644
--- a/Translations/Language.pl.xml
+++ b/Translations/Language.pl.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml
index f06c5d4..9c71be2 100644
--- a/Translations/Language.pt-br.xml
+++ b/Translations/Language.pt-br.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ro.xml b/Translations/Language.ro.xml
index 8773dcb..2485ea1 100644
--- a/Translations/Language.ro.xml
+++ b/Translations/Language.ro.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ru.xml b/Translations/Language.ru.xml
index 4be4211..136276f 100644
--- a/Translations/Language.ru.xml
+++ b/Translations/Language.ru.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.sk.xml b/Translations/Language.sk.xml
index 33d19db..959d958 100644
--- a/Translations/Language.sk.xml
+++ b/Translations/Language.sk.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml
index bda3100..eb3da19 100644
--- a/Translations/Language.sl.xml
+++ b/Translations/Language.sl.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.sv.xml b/Translations/Language.sv.xml
index be95875..46a3d1c 100644
--- a/Translations/Language.sv.xml
+++ b/Translations/Language.sv.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.th.xml b/Translations/Language.th.xml
index a81223b..eb4494d 100644
--- a/Translations/Language.th.xml
+++ b/Translations/Language.th.xml
@@ -1433,6 +1433,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml
index 5822db8..060d58f 100644
--- a/Translations/Language.tr.xml
+++ b/Translations/Language.tr.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.uk.xml b/Translations/Language.uk.xml
index 70ccac4..4a17dc5 100644
--- a/Translations/Language.uk.xml
+++ b/Translations/Language.uk.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.uz.xml b/Translations/Language.uz.xml
index df2c7d3..82d44c4 100644
--- a/Translations/Language.uz.xml
+++ b/Translations/Language.uz.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.vi.xml b/Translations/Language.vi.xml
index 28d263f..6035def 100644
--- a/Translations/Language.vi.xml
+++ b/Translations/Language.vi.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.zh-cn.xml b/Translations/Language.zh-cn.xml
index a38df4a..f82053e 100644
--- a/Translations/Language.zh-cn.xml
+++ b/Translations/Language.zh-cn.xml
@@ -1432,6 +1432,7 @@
<entry lang="zh-cn" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">如果插入了新设备, 则从内存中清除加密密钥</entry>
<entry lang="zh-cn" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">重要提示:\n - 请记住此选项在关机/重启后不再有效,因此你需要在下一次开机后再次选择这个选项。\n\n - 当此选项启用且有一个新设备接入后,由于在内存中清除密钥后无法访问加密磁盘,电脑将会死机且最终会蓝屏。\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.zh-hk.xml b/Translations/Language.zh-hk.xml
index 1f17f51..79e6d12 100644
--- a/Translations/Language.zh-hk.xml
+++ b/Translations/Language.zh-hk.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.zh-tw.xml b/Translations/Language.zh-tw.xml
index 5883748..df5b0bd 100644
--- a/Translations/Language.zh-tw.xml
+++ b/Translations/Language.zh-tw.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 0298e20..63de40a 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -417,5 +417,6 @@ typedef struct
#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100
#define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200
#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400
+#define VC_DRIVER_CONFIG_ENABLE_CPU_RNG 0x800
#endif /* _WIN32 */
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 299595b..a6f3ffb 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -1216,3 +1216,29 @@ BOOL IsHwEncryptionEnabled ()
}
#endif // !TC_WINDOWS_BOOT
+
+#ifndef TC_WINDOWS_BOOT
+
+static BOOL CpuRngDisabled = FALSE;
+
+BOOL IsCpuRngSupport ()
+{
+ if (HasRDSEED() || HasRDSEED())
+ return TRUE;
+ else
+ return FALSE;
+}
+
+void EnableCpuRng (BOOL enable)
+{
+ CpuRngDisabled = !enable;
+}
+
+BOOL IsCpuRngEnabled ()
+{
+ return !CpuRngDisabled;
+}
+
+
+#endif
+
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index a362f5d..f1b3597 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -385,6 +385,10 @@ BOOL IsAesHwCpuSupported ();
void EnableHwEncryption (BOOL enable);
BOOL IsHwEncryptionEnabled ();
+BOOL IsCpuRngSupport ();
+void EnableCpuRng (BOOL enable);
+BOOL IsCpuRngEnabled ();
+
#ifdef __cplusplus
}
#endif
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index 47d9976..f62421d 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Random.c b/src/Common/Random.c
index 12e9d9a..c8655b5 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -777,9 +777,10 @@ BOOL SlowPoll (void)
}
// use RDSEED or RDRAND from CPU as source of entropy if present
- if ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
+ if ( IsCpuRngEnabled() &&
+ ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
|| (HasRDRAND() && RDRAND_getBytes (buffer, sizeof (buffer)))
- )
+ ))
{
RandaddBuf (buffer, sizeof (buffer));
}
@@ -907,10 +908,11 @@ BOOL FastPoll (void)
return FALSE;
}
- // use RDSEED or RDRAND from CPU as source of entropy if present
- if ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
+ // use RDSEED or RDRAND from CPU as source of entropy if enabled
+ if ( IsCpuRngEnabled() &&
+ ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
|| (HasRDRAND() && RDRAND_getBytes (buffer, sizeof (buffer)))
- )
+ ))
{
RandaddBuf (buffer, sizeof (buffer));
}
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index a02ca3e..6228009 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -1535,10 +1535,11 @@ static VOID SetupThreadProc (PVOID threadArg)
KeQuerySystemTime( &iSeed );
WHIRLPOOL_init (&tctx);
WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
- // use RDSEED or RDRAND from CPU as source of entropy if present
- if ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
+ // use RDSEED or RDRAND from CPU as source of entropy if enabled
+ if ( IsCpuRngEnabled() &&
+ ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
|| (HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
- )
+ ))
{
WHIRLPOOL_add (digest, sizeof(digest), &tctx);
}
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 83c050a..7e3a08b 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -4382,6 +4382,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
}
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
+ EnableCpuRng ((flags & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE);
EnableExtendedIoctlSupport = (flags & TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL)? TRUE : FALSE;
AllowTrimCommand = (flags & VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM)? TRUE : FALSE;
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 1ada1b8..9873221 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -820,7 +820,10 @@ void LoadSettingsAndCheckModified (HWND hwndDlg, BOOL bOnlyCheckModified, BOOL*
{
char langid[6] = {0};
if (!bOnlyCheckModified)
+ {
EnableHwEncryption ((ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
+ EnableCpuRng ((ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE);
+ }
WipeAlgorithmId savedWipeAlgorithm = TC_WIPE_NONE;
@@ -11099,6 +11102,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
EnableWindow (GetDlgItem (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG), FALSE);
}
+ if (HasRDRAND() || HasRDSEED())
+ {
+ CheckDlgButton (hwndDlg, IDC_ENABLE_CPU_RNG, (driverConfig & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? BST_CHECKED : BST_UNCHECKED);
+ }
+ else
+ {
+ CheckDlgButton (hwndDlg, IDC_ENABLE_CPU_RNG, BST_UNCHECKED);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_CPU_RNG), FALSE);
+ }
+
SYSTEM_INFO sysInfo;
GetSystemInfo (&sysInfo);
@@ -11154,6 +11167,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
}
BOOL disableHW = !IsDlgButtonChecked (hwndDlg, IDC_ENABLE_HARDWARE_ENCRYPTION);
+ BOOL enableCpuRng = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_CPU_RNG);
BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT);
BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
@@ -11196,12 +11210,14 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM, allowTrimCommand);
if (IsOSAtLeast (WIN_8_1))
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG, allowWindowsDefrag);
+ SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_CPU_RNG, enableCpuRng);
DWORD bytesReturned;
if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
handleWin32Error (hwndDlg, SRC_POS);
EnableHwEncryption (!disableHW);
+ EnableCpuRng (enableCpuRng);
uint32 cpuFreeCount = 0;
if (IsDlgButtonChecked (hwndDlg, IDC_LIMIT_ENC_THREAD_POOL))
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index b817be6..c5a35b4 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -311,7 +311,7 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10
END
-IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 265
+IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 279
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - Performance Options"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -329,15 +329,17 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10
CONTROL "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10
- PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,244,59,14
- DEFPUSHBUTTON "OK",IDOK,257,244,50,14
- PUSHBUTTON "Cancel",IDCANCEL,314,244,50,14
+ PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,258,59,14
+ DEFPUSHBUTTON "OK",IDOK,257,258,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,314,258,50,14
LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
- GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,58
+ GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,72
CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10
+ CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10
END
IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368
@@ -506,7 +508,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 364
TOPMARGIN, 7
- BOTTOMMARGIN, 258
+ BOTTOMMARGIN, 272
END
IDD_FAVORITE_VOLUMES, DIALOG
diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h
index 0eaf357..fdc9f89 100644
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -192,6 +192,7 @@
#define IDC_ALLOW_WINDOWS_DEFRAG 1169
#define IDC_LOWER_BOX 1170
#define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171
+#define IDC_ENABLE_CPU_RNG 1172
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -268,7 +269,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40069
-#define _APS_NEXT_CONTROL_VALUE 1172
+#define _APS_NEXT_CONTROL_VALUE 1173
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif