Windows Security: Add new entry point in driver that allows emergency clearing of all encryption keys from memory. This entry point requires administrative privileges and it will caused BSDO when system encryption is active. It can be useful for example to applications that monitors physical access to the machine and which need to erase sensitive key material from RAM when unauthorized access is detected.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-01-09 00:25:06 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-01-09 00:30:12 +0100
commit: 652e989d238fff2ade0de5a33a0e307e233c06e0 (patch)
tree: 21ead198c765bc51b839748ca06c7cdecea663d7 /src/Driver/Ntdriver.c
parent: 7c2cf7889f96292d037c21c680b641f70a4d390f (diff)
download: VeraCrypt-652e989d238fff2ade0de5a33a0e307e233c06e0.tar.gz
VeraCrypt-652e989d238fff2ade0de5a33a0e307e233c06e0.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 780db9dc..47b2f8a5 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -2507,6 +2507,11 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		}
 		break;
 
+	case VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS:
+		EmergencyClearAllKeys (Irp, irpSp);
+		WipeCache();
+		break;
+
 	case TC_IOCTL_BOOT_ENCRYPTION_SETUP:
 		Irp->IoStatus.Status = StartBootEncryptionSetup (DeviceObject, Irp, irpSp);
 		Irp->IoStatus.Information = 0;
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-01-09 00:25:06 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-01-09 00:30:12 +0100
commit	652e989d238fff2ade0de5a33a0e307e233c06e0 (patch)
tree	21ead198c765bc51b839748ca06c7cdecea663d7 /src/Driver/Ntdriver.c
parent	7c2cf7889f96292d037c21c680b641f70a4d390f (diff)
download	VeraCrypt-652e989d238fff2ade0de5a33a0e307e233c06e0.tar.gz VeraCrypt-652e989d238fff2ade0de5a33a0e307e233c06e0.zip