VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-02-07 15:24:56 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-02-08 01:50:03 +0100
commite5b9cee8681dc45340321f759079b344a3b2676c (patch)
tree7e4875ccf109ebd2d2a858ec0368f2d9d46e2a5a
parent6bb1f24ed571bccd4d1d247dafdc1dda6eaa3d8d (diff)
downloadVeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.tar.gz
VeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.zip
Windows: Add option to enable use of CPU RDRAND/RDSEED as source of entropy which is now disabled by default
-rw-r--r--Translations/Language.ar.xml1
-rw-r--r--Translations/Language.be.xml1
-rw-r--r--Translations/Language.bg.xml1
-rw-r--r--Translations/Language.ca.xml1
-rw-r--r--Translations/Language.cs.xml1
-rw-r--r--Translations/Language.da.xml1
-rw-r--r--Translations/Language.de.xml1
-rw-r--r--Translations/Language.el.xml1
-rw-r--r--Translations/Language.es.xml1
-rw-r--r--Translations/Language.eu.xml1
-rw-r--r--Translations/Language.fa.xml1
-rw-r--r--Translations/Language.fi.xml1
-rw-r--r--Translations/Language.fr.xml1
-rw-r--r--Translations/Language.hu.xml1
-rw-r--r--Translations/Language.id.xml1
-rw-r--r--Translations/Language.it.xml1
-rw-r--r--Translations/Language.ja.xml1
-rw-r--r--Translations/Language.ka.xml1
-rw-r--r--Translations/Language.ko.xml1
-rw-r--r--Translations/Language.lv.xml1
-rw-r--r--Translations/Language.my.xml1
-rw-r--r--Translations/Language.nl.xml1
-rw-r--r--Translations/Language.nn.xml1
-rw-r--r--Translations/Language.pl.xml1
-rw-r--r--Translations/Language.pt-br.xml1
-rw-r--r--Translations/Language.ro.xml1
-rw-r--r--Translations/Language.ru.xml1
-rw-r--r--Translations/Language.sk.xml1
-rw-r--r--Translations/Language.sl.xml1
-rw-r--r--Translations/Language.sv.xml1
-rw-r--r--Translations/Language.th.xml1
-rw-r--r--Translations/Language.tr.xml1
-rw-r--r--Translations/Language.uk.xml1
-rw-r--r--Translations/Language.uz.xml1
-rw-r--r--Translations/Language.vi.xml1
-rw-r--r--Translations/Language.zh-cn.xml1
-rw-r--r--Translations/Language.zh-hk.xml1
-rw-r--r--Translations/Language.zh-tw.xml1
-rw-r--r--src/Common/Apidrvr.h1
-rw-r--r--src/Common/Crypto.c26
-rw-r--r--src/Common/Crypto.h4
-rw-r--r--src/Common/Language.xml1
-rw-r--r--src/Common/Random.c12
-rw-r--r--src/Driver/DriveFilter.c7
-rw-r--r--src/Driver/Ntdriver.c1
-rw-r--r--src/Mount/Mount.c16
-rw-r--r--src/Mount/Mount.rc14
-rw-r--r--src/Mount/Resource.h3
48 files changed, 108 insertions, 15 deletions
diff --git a/Translations/Language.ar.xml b/Translations/Language.ar.xml
index 3d362269..cd82e780 100644
--- a/Translations/Language.ar.xml
+++ b/Translations/Language.ar.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.be.xml b/Translations/Language.be.xml
index 4966355e..631ea303 100644
--- a/Translations/Language.be.xml
+++ b/Translations/Language.be.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.bg.xml b/Translations/Language.bg.xml
index 45c36453..1ff8a7c3 100644
--- a/Translations/Language.bg.xml
+++ b/Translations/Language.bg.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ca.xml b/Translations/Language.ca.xml
index 59af4882..3eeb6de4 100644
--- a/Translations/Language.ca.xml
+++ b/Translations/Language.ca.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml
index ed9e8d05..1d65b998 100644
--- a/Translations/Language.cs.xml
+++ b/Translations/Language.cs.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.da.xml b/Translations/Language.da.xml
index 651eed9b..dfa25f53 100644
--- a/Translations/Language.da.xml
+++ b/Translations/Language.da.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.de.xml b/Translations/Language.de.xml
index 88df73bb..a43c0c17 100644
--- a/Translations/Language.de.xml
+++ b/Translations/Language.de.xml
@@ -1435,6 +1435,7 @@
<entry lang="de" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Verschlüsselungsschlüssel aus dem Speicher löschen, wenn ein neues Gerät eingesteckt wird</entry>
<entry lang="de" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">WICHTIGE HINWEISE:\n - Bitte beachten Sie, dass diese Option nach einem Herunterfahren/Neustart nicht erhalten bleibt, so dass Sie sie beim nächsten Start der Maschine erneut auswählen müssen.\n\n - Wenn diese Option aktiviert ist, wird der Rechner nach dem Anschließen eines neuen Geräts einfrieren und schließlich mit einem BSOD abstürzen, da Windows nach dem Löschen seiner Schlüssel aus dem Speicher nicht mehr auf die verschlüsselte Festplatte zugreifen kann.\n</entry>
<entry lang="de" key="STARTING">Wird gestartet</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<!-- XML-Schema -->
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
diff --git a/Translations/Language.el.xml b/Translations/Language.el.xml
index e98b3313..de1f445c 100644
--- a/Translations/Language.el.xml
+++ b/Translations/Language.el.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml
index 71559d53..e9339308 100644
--- a/Translations/Language.es.xml
+++ b/Translations/Language.es.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="es" key="STARTING">Iniciando</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.eu.xml b/Translations/Language.eu.xml
index 29077dc8..42c75ab3 100644
--- a/Translations/Language.eu.xml
+++ b/Translations/Language.eu.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.fa.xml b/Translations/Language.fa.xml
index 8d1eddac..ae4b71ce 100644
--- a/Translations/Language.fa.xml
+++ b/Translations/Language.fa.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml
index 95e293a3..9c92a03f 100644
--- a/Translations/Language.fi.xml
+++ b/Translations/Language.fi.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml
index 344bb094..50b40cf3 100644
--- a/Translations/Language.fr.xml
+++ b/Translations/Language.fr.xml
@@ -1432,6 +1432,7 @@
<entry lang="fr" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Effacer les clefs de chiffrement de la mémoire si un nouveau périphérique est connecté à la machine</entry>
<entry lang="fr" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT:\n - Cette option ne persiste pas après l'arrêt ou le redémarrage de la machine et donc il va falloir la sélectionner à nouveau au prochain démarrage.\n\n - Une fois cette option sélectionnée, dès qu'un nouveau périphérique est connecté, l'ordinateur va se figer et Windows s'arrêtera de fonctionner vu qu'il ne peut plus accéder au disque une fois que les clefs de chiffrement ont été effacées de la mémoire.\n</entry>
<entry lang="fr" key="STARTING">Exécution</entry>
+ <entry lang="fr" key="IDC_ENABLE_CPU_RNG">Utiliser le générateur de nombres aléatoires du processeur comme source additionnelle d'entropie</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.hu.xml b/Translations/Language.hu.xml
index 99ef18e4..2013c4fe 100644
--- a/Translations/Language.hu.xml
+++ b/Translations/Language.hu.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.id.xml b/Translations/Language.id.xml
index 030cd375..1ebca665 100644
--- a/Translations/Language.id.xml
+++ b/Translations/Language.id.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml
index 7220e699..2108319c 100644
--- a/Translations/Language.it.xml
+++ b/Translations/Language.it.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="it" key="STARTING">Caricamento</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml
index 774d7907..eb90a477 100644
--- a/Translations/Language.ja.xml
+++ b/Translations/Language.ja.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ka.xml b/Translations/Language.ka.xml
index 4290f647..ec99a8ab 100644
--- a/Translations/Language.ka.xml
+++ b/Translations/Language.ka.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml
index 60ecbeb0..3e8b8717 100644
--- a/Translations/Language.ko.xml
+++ b/Translations/Language.ko.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.lv.xml b/Translations/Language.lv.xml
index a305545c..1e63f13d 100644
--- a/Translations/Language.lv.xml
+++ b/Translations/Language.lv.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.my.xml b/Translations/Language.my.xml
index 61da4ffe..1aeea39b 100644
--- a/Translations/Language.my.xml
+++ b/Translations/Language.my.xml
@@ -1434,6 +1434,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.nl.xml b/Translations/Language.nl.xml
index f6cdd94a..0a7ac6d9 100644
--- a/Translations/Language.nl.xml
+++ b/Translations/Language.nl.xml
@@ -1433,6 +1433,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.nn.xml b/Translations/Language.nn.xml
index 991342b9..fb7f2a52 100644
--- a/Translations/Language.nn.xml
+++ b/Translations/Language.nn.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.pl.xml b/Translations/Language.pl.xml
index 1ceeb27e..086261db 100644
--- a/Translations/Language.pl.xml
+++ b/Translations/Language.pl.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml
index f06c5d4f..9c71be22 100644
--- a/Translations/Language.pt-br.xml
+++ b/Translations/Language.pt-br.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ro.xml b/Translations/Language.ro.xml
index 8773dcbd..2485ea1e 100644
--- a/Translations/Language.ro.xml
+++ b/Translations/Language.ro.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.ru.xml b/Translations/Language.ru.xml
index 4be42116..136276fe 100644
--- a/Translations/Language.ru.xml
+++ b/Translations/Language.ru.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.sk.xml b/Translations/Language.sk.xml
index 33d19db3..959d958c 100644
--- a/Translations/Language.sk.xml
+++ b/Translations/Language.sk.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml
index bda31004..eb3da19d 100644
--- a/Translations/Language.sl.xml
+++ b/Translations/Language.sl.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.sv.xml b/Translations/Language.sv.xml
index be95875b..46a3d1ca 100644
--- a/Translations/Language.sv.xml
+++ b/Translations/Language.sv.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.th.xml b/Translations/Language.th.xml
index a81223b2..eb4494de 100644
--- a/Translations/Language.th.xml
+++ b/Translations/Language.th.xml
@@ -1433,6 +1433,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml
index 5822db8a..060d58f0 100644
--- a/Translations/Language.tr.xml
+++ b/Translations/Language.tr.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.uk.xml b/Translations/Language.uk.xml
index 70ccac49..4a17dc50 100644
--- a/Translations/Language.uk.xml
+++ b/Translations/Language.uk.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.uz.xml b/Translations/Language.uz.xml
index df2c7d36..82d44c4a 100644
--- a/Translations/Language.uz.xml
+++ b/Translations/Language.uz.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.vi.xml b/Translations/Language.vi.xml
index 28d263f0..6035defb 100644
--- a/Translations/Language.vi.xml
+++ b/Translations/Language.vi.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.zh-cn.xml b/Translations/Language.zh-cn.xml
index a38df4aa..f82053e1 100644
--- a/Translations/Language.zh-cn.xml
+++ b/Translations/Language.zh-cn.xml
@@ -1432,6 +1432,7 @@
<entry lang="zh-cn" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">如果插入了新设备, 则从内存中清除加密密钥</entry>
<entry lang="zh-cn" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">重要提示:\n - 请记住此选项在关机/重启后不再有效,因此你需要在下一次开机后再次选择这个选项。\n\n - 当此选项启用且有一个新设备接入后,由于在内存中清除密钥后无法访问加密磁盘,电脑将会死机且最终会蓝屏。\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.zh-hk.xml b/Translations/Language.zh-hk.xml
index 1f17f51a..79e6d12a 100644
--- a/Translations/Language.zh-hk.xml
+++ b/Translations/Language.zh-hk.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/Translations/Language.zh-tw.xml b/Translations/Language.zh-tw.xml
index 58837482..df5b0bd8 100644
--- a/Translations/Language.zh-tw.xml
+++ b/Translations/Language.zh-tw.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 0298e204..63de40ae 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -417,5 +417,6 @@ typedef struct
#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100
#define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200
#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400
+#define VC_DRIVER_CONFIG_ENABLE_CPU_RNG 0x800
#endif /* _WIN32 */
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 299595bd..a6f3ffb7 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -1216,3 +1216,29 @@ BOOL IsHwEncryptionEnabled ()
}
#endif // !TC_WINDOWS_BOOT
+
+#ifndef TC_WINDOWS_BOOT
+
+static BOOL CpuRngDisabled = FALSE;
+
+BOOL IsCpuRngSupport ()
+{
+ if (HasRDSEED() || HasRDSEED())
+ return TRUE;
+ else
+ return FALSE;
+}
+
+void EnableCpuRng (BOOL enable)
+{
+ CpuRngDisabled = !enable;
+}
+
+BOOL IsCpuRngEnabled ()
+{
+ return !CpuRngDisabled;
+}
+
+
+#endif
+
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index a362f5d1..f1b35977 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -385,6 +385,10 @@ BOOL IsAesHwCpuSupported ();
void EnableHwEncryption (BOOL enable);
BOOL IsHwEncryptionEnabled ();
+BOOL IsCpuRngSupport ();
+void EnableCpuRng (BOOL enable);
+BOOL IsCpuRngEnabled ();
+
#ifdef __cplusplus
}
#endif
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index 47d99764..f62421de 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1432,6 +1432,7 @@
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
+ <entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Random.c b/src/Common/Random.c
index 12e9d9af..c8655b56 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -777,9 +777,10 @@ BOOL SlowPoll (void)
}
// use RDSEED or RDRAND from CPU as source of entropy if present
- if ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
+ if ( IsCpuRngEnabled() &&
+ ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
|| (HasRDRAND() && RDRAND_getBytes (buffer, sizeof (buffer)))
- )
+ ))
{
RandaddBuf (buffer, sizeof (buffer));
}
@@ -907,10 +908,11 @@ BOOL FastPoll (void)
return FALSE;
}
- // use RDSEED or RDRAND from CPU as source of entropy if present
- if ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
+ // use RDSEED or RDRAND from CPU as source of entropy if enabled
+ if ( IsCpuRngEnabled() &&
+ ( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
|| (HasRDRAND() && RDRAND_getBytes (buffer, sizeof (buffer)))
- )
+ ))
{
RandaddBuf (buffer, sizeof (buffer));
}
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index a02ca3e5..6228009f 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -1535,10 +1535,11 @@ static VOID SetupThreadProc (PVOID threadArg)
KeQuerySystemTime( &iSeed );
WHIRLPOOL_init (&tctx);
WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
- // use RDSEED or RDRAND from CPU as source of entropy if present
- if ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
+ // use RDSEED or RDRAND from CPU as source of entropy if enabled
+ if ( IsCpuRngEnabled() &&
+ ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
|| (HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
- )
+ ))
{
WHIRLPOOL_add (digest, sizeof(digest), &tctx);
}
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 83c050a8..7e3a08bd 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -4382,6 +4382,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
}
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
+ EnableCpuRng ((flags & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE);
EnableExtendedIoctlSupport = (flags & TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL)? TRUE : FALSE;
AllowTrimCommand = (flags & VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM)? TRUE : FALSE;
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 1ada1b86..98732214 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -820,7 +820,10 @@ void LoadSettingsAndCheckModified (HWND hwndDlg, BOOL bOnlyCheckModified, BOOL*
{
char langid[6] = {0};
if (!bOnlyCheckModified)
+ {
EnableHwEncryption ((ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
+ EnableCpuRng ((ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE);
+ }
WipeAlgorithmId savedWipeAlgorithm = TC_WIPE_NONE;
@@ -11099,6 +11102,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
EnableWindow (GetDlgItem (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG), FALSE);
}
+ if (HasRDRAND() || HasRDSEED())
+ {
+ CheckDlgButton (hwndDlg, IDC_ENABLE_CPU_RNG, (driverConfig & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? BST_CHECKED : BST_UNCHECKED);
+ }
+ else
+ {
+ CheckDlgButton (hwndDlg, IDC_ENABLE_CPU_RNG, BST_UNCHECKED);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_CPU_RNG), FALSE);
+ }
+
SYSTEM_INFO sysInfo;
GetSystemInfo (&sysInfo);
@@ -11154,6 +11167,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
}
BOOL disableHW = !IsDlgButtonChecked (hwndDlg, IDC_ENABLE_HARDWARE_ENCRYPTION);
+ BOOL enableCpuRng = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_CPU_RNG);
BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT);
BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
@@ -11196,12 +11210,14 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM, allowTrimCommand);
if (IsOSAtLeast (WIN_8_1))
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG, allowWindowsDefrag);
+ SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_CPU_RNG, enableCpuRng);
DWORD bytesReturned;
if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
handleWin32Error (hwndDlg, SRC_POS);
EnableHwEncryption (!disableHW);
+ EnableCpuRng (enableCpuRng);
uint32 cpuFreeCount = 0;
if (IsDlgButtonChecked (hwndDlg, IDC_LIMIT_ENC_THREAD_POOL))
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index b817be6e..c5a35b46 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -311,7 +311,7 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10
END
-IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 265
+IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 279
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - Performance Options"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -329,15 +329,17 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10
CONTROL "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10
- PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,244,59,14
- DEFPUSHBUTTON "OK",IDOK,257,244,50,14
- PUSHBUTTON "Cancel",IDCANCEL,314,244,50,14
+ PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,258,59,14
+ DEFPUSHBUTTON "OK",IDOK,257,258,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,314,258,50,14
LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
- GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,58
+ GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,72
CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10
+ CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10
END
IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368
@@ -506,7 +508,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 364
TOPMARGIN, 7
- BOTTOMMARGIN, 258
+ BOTTOMMARGIN, 272
END
IDD_FAVORITE_VOLUMES, DIALOG
diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h
index 0eaf357a..fdc9f890 100644
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -192,6 +192,7 @@
#define IDC_ALLOW_WINDOWS_DEFRAG 1169
#define IDC_LOWER_BOX 1170
#define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171
+#define IDC_ENABLE_CPU_RNG 1172
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -268,7 +269,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40069
-#define _APS_NEXT_CONTROL_VALUE 1172
+#define _APS_NEXT_CONTROL_VALUE 1173
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif