Windows: Implement support for EFI system encryption in Windows GUI.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2016-08-09 23:26:15 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2016-08-15 01:09:13 +0200
commit: 07ee8c10691d05e4e290ecdaa634ad5311b3cbb1 (patch)
tree: 436fc236acefb75237622da0e4cf7f3f05f7f48b /src/Mount
parent: 246233c40262c5be2edfa916cf841dd4bce6598e (diff)
download: VeraCrypt-07ee8c10691d05e4e290ecdaa634ad5311b3cbb1.tar.gz
VeraCrypt-07ee8c10691d05e4e290ecdaa634ad5311b3cbb1.zip
6 files changed, 273 insertions, 87 deletions
diff --git a/src/Mount/MainCom.cpp b/src/Mount/MainCom.cpp
index 8f3927ad..6056697c 100644
--- a/src/Mount/MainCom.cpp
+++ b/src/Mount/MainCom.cpp
@@ -3,7 +3,7 @@
  Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
  by the TrueCrypt License 3.0.
 
- Modifications and additions to the original source code (contained in this file)
+ Modifications and additions to the original source code (contained in this file) 
  and all other portions of this file are Copyright (c) 2013-2016 IDRIX
  and are governed by the Apache License 2.0 the full text of which is
  contained in the file License.txt included in VeraCrypt binary and source
@@ -158,6 +158,46 @@ public:
 		return ::ChangePwd (volumePath, oldPassword, old_pkcs5, old_pim, truecryptMode, newPassword, pkcs5, pim, wipePassCount, (HWND) hWnd);
 	}
 
+	virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize)
+	{
+		return BaseCom::GetFileSize (filePath, pSize);
+	}
+
+	virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
+	{
+		return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output);
+	}
+
+	virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
+	{
+		return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg);
+	}
+
+	virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader ()
+	{
+		return BaseCom::BackupEfiSystemLoader ();
+	}
+
+	virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader ()
+	{
+		return BaseCom::RestoreEfiSystemLoader ();
+	}
+
+	virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn)
+	{
+		return BaseCom::GetEfiBootDeviceNumber (pSdn);
+	}
+
+	virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
+	{
+		return BaseCom::ReadEfiConfig (pContent, pcbRead);
+	}
+
+	virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
+	{
+		return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg);
+	}
+
 protected:
 	DWORD MessageThreadId;
 	LONG RefCount;
diff --git a/src/Mount/MainCom.idl b/src/Mount/MainCom.idl
index 9362fd42..9c3ef372 100644
--- a/src/Mount/MainCom.idl
+++ b/src/Mount/MainCom.idl
@@ -3,7 +3,7 @@
  Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
  by the TrueCrypt License 3.0.
 
- Modifications and additions to the original source code (contained in this file)
+ Modifications and additions to the original source code (contained in this file) 
  and all other portions of this file are Copyright (c) 2013-2016 IDRIX
  and are governed by the Apache License 2.0 the full text of which is
  contained in the file License.txt included in VeraCrypt binary and source
@@ -16,7 +16,7 @@ import "..\Common\Password.h";
 [
 	uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A),
 	helpstring("VeraCrypt Main UAC Support Library"),
-	version(2.7)	// Update ComSetup.cpp when changing version number
+	version(2.8)	// Update ComSetup.cpp when changing version number
 ]
 library TrueCryptMainCom
 {
@@ -44,6 +44,14 @@ library TrueCryptMainCom
 		int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
 		int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
 		int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, LONG_PTR hWnd);
+		DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize);
+		DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
+		DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
+		DWORD BackupEfiSystemLoader ();
+		DWORD RestoreEfiSystemLoader ();
+		DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
+		DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
+		DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
 	};
 
 	[
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 82fa4134..a7e6da51 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -346,6 +346,27 @@ static void InitMainDialog (HWND hwndDlg)
 		SetMenuItemInfoW (GetMenu (hwndDlg), i, TRUE,  &info);
 	}
 
+	{
+		BOOL bIsGPT = FALSE;
+		try
+		{
+			SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
+			bIsGPT = config.SystemPartition.IsGPT;
+		}
+		catch (Exception &)
+		{
+		}
+
+		// disable rescue disk operation for GPT system encryption
+		if (bIsGPT)
+		{
+			EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_HIDDEN_OS, MF_GRAYED);
+			EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_RESCUE_DISK, MF_GRAYED);
+			EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK, MF_GRAYED);
+			EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK_ISO, MF_GRAYED);
+		}
+	}
+
 	// Disable menu item for changing system header key derivation algorithm until it's implemented
 	EnableMenuItem (GetMenu (hwndDlg), IDM_CHANGE_SYS_HEADER_KEY_DERIV_ALGO, MF_GRAYED);
 
@@ -1081,9 +1102,11 @@ unsigned __int64 GetSysEncDeviceEncryptedPartSize (BOOL bSilent)
 
 static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
 {
+	SystemDriveConfiguration config;
 	try
 	{
 		BootEncStatus = BootEncObj->GetStatus();
+		config = BootEncObj->GetSystemDriveConfiguration();
 	}
 	catch (Exception &e)
 	{
@@ -1111,7 +1134,7 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
 	AppendMenu (popup, MF_SEPARATOR, 0, L"");
 	AppendMenuW (popup, MF_STRING, IDM_SYS_ENC_SETTINGS, GetString ("IDM_SYS_ENC_SETTINGS"));
 
-	if (!IsHiddenOSRunning())
+	if (!IsHiddenOSRunning() && !config.SystemPartition.IsGPT)
 	{
 		AppendMenu (popup, MF_SEPARATOR, 0, L"");
 		AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK"));
@@ -1314,7 +1337,7 @@ BOOL SelectItem (HWND hTree, wchar_t nLetter)
 }
 
 
-static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg)
+static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bElevation)
 {
 	wchar_t t[TC_MAX_PATH + 1024] = {L'"',0};
 	wchar_t *tmp;
@@ -1348,21 +1371,30 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg)
 
 		if (!FileExists(t))
 			Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg);	// Display a user-friendly error message and advise what to do
-
-		if (wcslen (arg) > 0)
-		{
-			StringCbCatW (t, sizeof(t), L" ");
-			StringCbCatW (t, sizeof(t), arg);
-		}
-
-		if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
-		{
-			handleWin32Error (hwndDlg, SRC_POS);
-		}
 		else
 		{
-			CloseHandle (pi.hProcess);
-			CloseHandle (pi.hThread);
+
+			if (bElevation && !IsAdmin() && IsUacSupported())
+			{
+				LaunchElevatedProcess (hwndDlg, t, arg);
+			}
+			else
+			{
+				if (wcslen (arg) > 0)
+				{
+					StringCbCatW (t, sizeof(t), L" ");
+					StringCbCatW (t, sizeof(t), arg);
+				}
+				if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
+				{
+					handleWin32Error (hwndDlg, SRC_POS);
+				}
+				else
+				{
+					CloseHandle (pi.hProcess);
+					CloseHandle (pi.hThread);
+				}
+			}
 		}
 	}
 }
@@ -2426,10 +2458,16 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
 			case IDC_PKCS5_PRF_ID:
 				if (bSysEncPwdChangeDlgMode)
 				{
-					int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
+					int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, 
 						SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
+					BOOL bIsGPT = FALSE;
+					try
+					{
+						bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
+					}
+					catch (...) {}
 
-					if (new_hash_algo_id != 0 && !HashForSystemEncryption(new_hash_algo_id))
+					if (new_hash_algo_id != 0 && !bIsGPT && !HashForSystemEncryption(new_hash_algo_id))
 					{
 						int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT;
 						Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg);
@@ -2761,9 +2799,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
 			int i, defaultPrfIndex = 0, nIndex = (int) SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION"));
 			SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0);
 
+			BOOL bIsGPT = FALSE;
+			try
+			{
+				bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
+			}
+			catch (...) {}
+
 			for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
 			{
-				if (HashForSystemEncryption(i))
+				if (bIsGPT || HashForSystemEncryption(i))
 				{
 					nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
 					SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);
@@ -5469,16 +5514,18 @@ static void ChangeSysEncPassword (HWND hwndDlg, BOOL bOnlyChangeKDF)
 // Initiates or resumes encryption of the system partition/drive
 static void EncryptSystemDevice (HWND hwndDlg)
 {
+	SystemDriveConfiguration config;
 	try
 	{
 		BootEncStatus = BootEncObj->GetStatus();
+		config = BootEncObj->GetSystemDriveConfiguration ();
 	}
 	catch (Exception &e)
 	{
 		e.Show (MainDlg);
 	}
 
-	if (!BootEncStatus.DriveEncrypted
+	if (!BootEncStatus.DriveEncrypted 
 		&& !BootEncStatus.DriveMounted
 		&& !SysEncryptionOrDecryptionRequired ())
 	{
@@ -5486,7 +5533,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
 
 		if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC))	// If no instance of the wizard is currently taking care of system encryption
 		{
-			LaunchVolCreationWizard (hwndDlg, L"/sysenc");
+			LaunchVolCreationWizard (hwndDlg, L"/sysenc", FALSE);
 		}
 		else
 			Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5500,7 +5547,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
 
 		if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC))	// If no instance of the wizard is currently taking care of system encryption
 		{
-			LaunchVolCreationWizard (hwndDlg, L"/sysenc");
+			LaunchVolCreationWizard (hwndDlg, L"/sysenc",FALSE);
 		}
 		else
 			Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5516,9 +5563,11 @@ static void EncryptSystemDevice (HWND hwndDlg)
 // Initiates decryption of the system partition/drive
 static void DecryptSystemDevice (HWND hwndDlg)
 {
+	SystemDriveConfiguration config;
 	try
 	{
 		BootEncStatus = BootEncObj->GetStatus();
+		config = BootEncObj->GetSystemDriveConfiguration ();
 	}
 	catch (Exception &e)
 	{
@@ -5579,8 +5628,8 @@ static void DecryptSystemDevice (HWND hwndDlg)
 			return;
 		}
 
-		CloseSysEncMutex ();
-		LaunchVolCreationWizard (hwndDlg, L"/dsysenc");
+		CloseSysEncMutex ();	
+		LaunchVolCreationWizard (hwndDlg, L"/dsysenc", FALSE);
 	}
 	else
 		Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5595,7 +5644,7 @@ static void CreateHiddenOS (HWND hwndDlg)
 	// such information, but will exit (displaying only an error meessage).
 	Info("HIDDEN_OS_PREINFO", hwndDlg);
 
-	LaunchVolCreationWizard (hwndDlg, L"/isysenc");
+	LaunchVolCreationWizard (hwndDlg, L"/isysenc", FALSE);
 }
 
 static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, BOOL bUseDriveListSel)
@@ -5706,7 +5755,7 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
 	if (AskWarnNoYes ("CONFIRM_DECRYPT_NON_SYS_DEVICE_CAUTION", hwndDlg) == IDNO)
 		return;
 
-	LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str ());
+	LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str (), FALSE);
 }
 
 // Blindly attempts (without any checks) to instruct the wizard to resume whatever system encryption process
@@ -5715,7 +5764,17 @@ static void ResumeInterruptedSysEncProcess (HWND hwndDlg)
 {
 	if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC))	// If no instance of the wizard is currently taking care of system encryption
 	{
-		LaunchVolCreationWizard (MainDlg, L"/csysenc");
+		SystemDriveConfiguration config;
+		try
+		{
+			config = BootEncObj->GetSystemDriveConfiguration ();
+		}
+		catch (Exception &e)
+		{
+			e.Show (MainDlg);
+		}
+
+		LaunchVolCreationWizard (MainDlg, L"/csysenc", FALSE);
 	}
 	else
 		Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5936,7 +5995,7 @@ static void ResumeInterruptedNonSysInplaceEncProcess (BOOL bDecrypt)
 	// IMPORTANT: This function must not check any config files! Otherwise, if a config file was lost or corrupt,
 	// the user would not be able resume encryption and the data on the volume would be inaccessible.
 
-	LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace");
+	LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace", FALSE);
 }
 
 BOOL SelectContainer (HWND hwndDlg)
@@ -5989,8 +6048,15 @@ static void WipeCache (HWND hwndDlg, BOOL silent)
 
 static void Benchmark (HWND hwndDlg)
 {
+	BOOL bIsGPT = FALSE;
+	try
+	{
+		bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
+	}
+	catch (...) {}
+
 	DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
-		(DLGPROC) BenchmarkDlgProc, (LPARAM) NULL);
+		(DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT);
 }
 
 
@@ -6741,9 +6807,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 						{
 							// The wizard was not launched during the system startup seq, or the user may have forgotten
 							// to resume the encryption/decryption process.
+							SystemDriveConfiguration config;
+							try
+							{
+								config = BootEncObj->GetSystemDriveConfiguration ();
+							}
+							catch (Exception &e)
+							{
+								e.Show (MainDlg);
+							}
 
-
-							LaunchVolCreationWizard (hwndDlg, L"/csysenc");
+							LaunchVolCreationWizard (hwndDlg, L"/csysenc", FALSE);
 						}
 					}
 				}
@@ -7723,7 +7797,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 
 		if (lw == IDC_CREATE_VOLUME || lw == IDM_CREATE_VOLUME || lw == IDM_VOLUME_WIZARD)
 		{
-			LaunchVolCreationWizard (hwndDlg, L"");
+			LaunchVolCreationWizard (hwndDlg, L"", FALSE);
 			return 1;
 		}
 
@@ -8013,7 +8087,14 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 
 		if (lw == IDM_SYSENC_SETTINGS || lw == IDM_SYS_ENC_SETTINGS)
 		{
-			DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0);
+			BOOL bIsGPT = FALSE;
+			try
+			{
+				bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
+			}
+			catch (...) {}
+
+			DialogBoxParamW (hInst, MAKEINTRESOURCEW (bIsGPT? IDD_EFI_SYSENC_SETTINGS : IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0);
 			return 1;
 		}
 
@@ -10423,23 +10504,26 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 				try
 				{
 					VOLUME_PROPERTIES_STRUCT prop;
+					BOOL bIsGPT = FALSE;
 					try
 					{
 						BootEncStatus = BootEncObj->GetStatus();
 						BootEncObj->GetVolumeProperties (&prop);
+						bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
 					}
 					catch (...)
 					{
-						BootEncStatus.DriveMounted = false;
+						BootEncStatus.DriveMounted = false;	
 					}
 
-					if (BootEncStatus.DriveMounted)
+					if (BootEncStatus.DriveMounted && !bIsGPT)
 					{
 						byte userConfig;
 						string customUserMessage;
 						uint16 bootLoaderVersion;
 
-						BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion);
+						if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
+							return 1;
 
 						if (bootLoaderVersion != VERSION_NUM)
 							Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@@ -10449,7 +10533,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 						else
 							userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION;
 
-						BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
+						BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
 					}
 
 					SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW);
@@ -10763,13 +10847,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 	{
 	case WM_INITDIALOG:
 		{
-			if (!BootEncObj->GetStatus().DriveMounted)
+			BootEncryptionStatus BootEncStatus = BootEncObj->GetStatus();
+			if (!BootEncStatus.DriveMounted)
 			{
 				Warning ("SYS_DRIVE_NOT_ENCRYPTED", hwndDlg);
 				EndDialog (hwndDlg, IDCANCEL);
 				return 1;
 			}
 
+			BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
 			try
 			{
 				LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS");
@@ -10777,27 +10863,38 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 				uint32 driverConfig = ReadDriverConfigurationFlags();
 				byte userConfig;
 				string customUserMessage;
-				uint16 bootLoaderVersion;
+				uint16 bootLoaderVersion = 0;
 				BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE;
 				BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
 
-				BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion);
+				if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
+				{
+					// operations canceled
+					EndDialog (hwndDlg, IDCANCEL);
+					return 1;
+				}
 
 				if (bootLoaderVersion != VERSION_NUM)
 					Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
 
-				SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
-				SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
+				if (bIsGPT)
+				{
+					CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH) ? BST_CHECKED : BST_UNCHECKED);
+				}
+				else
+				{
+					SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
+					SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
+					CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
+					CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
+					CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
+					SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
+				}
 
 				CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED);
-				CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
-				CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
 				CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
-				CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
 				EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled);
 				CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED);
-
-				SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
 			}
 			catch (Exception &e)
 			{
@@ -10819,6 +10916,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 		case IDOK:
 			{
 				VOLUME_PROPERTIES_STRUCT prop;
+				BOOL bIsGPT = FALSE;
 
 				if (!BootEncObj->GetStatus().DriveMounted)
 				{
@@ -10829,6 +10927,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 				try
 				{
 					BootEncObj->GetVolumeProperties (&prop);
+					bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
 				}
 				catch (Exception &e)
 				{
@@ -10837,13 +10936,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 					return 1;
 				}
 
-				char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1];
-				GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
+				char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1] = {0};
+				if (!bIsGPT)
+					GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
 
 				byte userConfig;
 				try
 				{
-					BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig);
+					if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
+						return 1;
 				}
 				catch (Exception &e)
 				{
@@ -10856,7 +10957,16 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 				else
 					userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
 
-				if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
+				if (bIsGPT)
+				{
+				if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
+					userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+				else
+					userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+				}
+				else
+				{
+					if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
 					userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
 				else
 					userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
@@ -10865,12 +10975,13 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 					userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
 				else
 					userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+				}
 
 				try
 				{
 					BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
 					BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
-					BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
+					BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
 					SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
 					SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
 					SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
diff --git a/src/Mount/Mount.h b/src/Mount/Mount.h
index 3a2a4056..4a50ef3c 100644
--- a/src/Mount/Mount.h
+++ b/src/Mount/Mount.h
@@ -1,11 +1,11 @@
 /*
  Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is 
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is 
  governed by the TrueCrypt License 3.0, also from the source code of
  Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses' 
+ Modifications and additions to the original source code (contained in this file) 
  and all other portions of this file are Copyright (c) 2013-2016 IDRIX
  and are governed by the Apache License 2.0 the full text of which is
  contained in the file License.txt included in VeraCrypt binary and source
@@ -99,7 +99,6 @@ static BOOL CheckMountList (HWND hwndDlg, BOOL bForceTaskBarUpdate);
 int GetCipherBlockSizeByDriveNo (int nDosDriveNo);
 int GetModeOfOperationByDriveNo (int nDosDriveNo);
 void ChangeMainWindowVisibility ();
-void LaunchVolCreationWizard (HWND hwndDlg);
 BOOL WholeSysDriveEncryption (BOOL bSilent);
 BOOL CheckSysEncMountWithoutPBA (HWND hwndDlg, const wchar_t *devicePath, BOOL quiet);
 BOOL TCBootLoaderOnInactiveSysEncDrive (wchar_t *szDevicePath);
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index 6aa544fa..cae65984 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -283,30 +283,23 @@ BEGIN
     LTEXT           "",IDT_PKCS11_LIB_HELP,16,63,286,65
 END
 
-IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
+IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 139
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "VeraCrypt - System Encryption Settings"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
-    CONTROL         "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
-    EDITTEXT        IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
     CONTROL         "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
-    CONTROL         "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
-    DEFPUSHBUTTON   "OK",IDOK,257,262,50,14
-    PUSHBUTTON      "Cancel",IDCANCEL,313,262,50,14
-    LTEXT           "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
-    GROUPBOX        "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
-    GROUPBOX        "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
-    LTEXT           "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
-    CONTROL         "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,79,339,10
+    DEFPUSHBUTTON   "OK",IDOK,257,115,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,313,115,50,14
+    GROUPBOX        "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,53
+    GROUPBOX        "Security Options",IDT_SECURITY_OPTIONS,8,64,355,44
     CONTROL         "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
-                    "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
+                    "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,94,340,10
     CONTROL         "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
+    CONTROL         "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9
 END
 
 IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248
@@ -386,6 +379,31 @@ BEGIN
     CONTROL         "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10
 END
 
+IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "VeraCrypt - System Encryption Settings"
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+    CONTROL         "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
+    EDITTEXT        IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
+    CONTROL         "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
+    CONTROL         "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
+    DEFPUSHBUTTON   "OK",IDOK,257,262,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,313,262,50,14
+    LTEXT           "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
+    GROUPBOX        "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
+    GROUPBOX        "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
+    LTEXT           "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
+    CONTROL         "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
+    CONTROL         "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
+                    "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
+    CONTROL         "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
+END
 
 /////////////////////////////////////////////////////////////////////////////
 //
@@ -393,7 +411,7 @@ END
 //
 
 #ifdef APSTUDIO_INVOKED
-GUIDELINES DESIGNINFO
+GUIDELINES DESIGNINFO 
 BEGIN
     IDD_PREFERENCES_DLG, DIALOG
     BEGIN
@@ -455,12 +473,12 @@ BEGIN
         BOTTOMMARGIN, 192
     END
 
-    IDD_SYSENC_SETTINGS, DIALOG
+    IDD_EFI_SYSENC_SETTINGS, DIALOG
     BEGIN
         LEFTMARGIN, 7
         RIGHTMARGIN, 363
         TOPMARGIN, 7
-        BOTTOMMARGIN, 276
+        BOTTOMMARGIN, 129
     END
 
     IDD_PERFORMANCE_SETTINGS, DIALOG
@@ -486,6 +504,14 @@ BEGIN
         TOPMARGIN, 7
         BOTTOMMARGIN, 58
     END
+
+    IDD_SYSENC_SETTINGS, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 363
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 276
+    END
 END
 #endif    // APSTUDIO_INVOKED
 
@@ -534,19 +560,19 @@ END
 // TEXTINCLUDE
 //
 
-1 TEXTINCLUDE
+1 TEXTINCLUDE 
 BEGIN
     "resource.h\0"
 END
 
-2 TEXTINCLUDE
+2 TEXTINCLUDE 
 BEGIN
     "#include ""afxres.h""\r\n"
     "#include ""..\\\\common\\\\resource.h""\r\n"
     "\0"
 END
 
-3 TEXTINCLUDE
+3 TEXTINCLUDE 
 BEGIN
     "#include ""..\\\\common\\\\common.rc""\r\n"
     "\0"
@@ -572,7 +598,7 @@ IDB_SYS_DRIVEICON_MASK  BITMAP                  "System_drive_icon_mask_96dpi.bm
 // Menu
 //
 
-IDR_MENU MENU
+IDR_MENU MENU 
 BEGIN
     POPUP "&Volumes"
     BEGIN
@@ -691,7 +717,7 @@ END
 // String Table
 //
 
-STRINGTABLE
+STRINGTABLE 
 BEGIN
     IDS_UACSTRING           "VeraCrypt"
 END
diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h
index 3d93d81f..12860915 100644
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -21,6 +21,7 @@
 #define IDD_SYSENC_SETTINGS             116
 #define IDD_FAVORITE_VOLUMES            117
 #define IDD_DEFAULT_MOUNT_PARAMETERS    118
+#define IDD_EFI_SYSENC_SETTINGS         119
 #define IDC_PREF_MOUNT_READONLY         1000
 #define IDC_PREF_MOUNT_REMOVABLE        1001
 #define IDC_VERIFY                      1002
@@ -179,8 +180,9 @@
 #define IDT_VOLUME_ID                   1157
 #define IDC_FAVORITE_VOLUME_ID          1158
 #define IDC_FAVORITE_USE_VOLUME_ID      1159
-#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT     1160
+#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
 #define IDC_HIDE_WAITING_DIALOG         1161
+#define IDC_DISABLE_BOOT_LOADER_HASH_PROMPT 1162
 #define IDM_HELP                        40001
 #define IDM_ABOUT                       40002
 #define IDM_UNMOUNT_VOLUME              40003
@@ -251,13 +253,13 @@
 #define IDM_VERIFY_RESCUE_DISK_ISO      40068
 
 // Next default values for new objects
-//
+// 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NO_MFC                     1
-#define _APS_NEXT_RESOURCE_VALUE        119
+#define _APS_NEXT_RESOURCE_VALUE        120
 #define _APS_NEXT_COMMAND_VALUE         40069
-#define _APS_NEXT_CONTROL_VALUE         1162
+#define _APS_NEXT_CONTROL_VALUE         1163
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2016-08-09 23:26:15 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2016-08-15 01:09:13 +0200
commit	07ee8c10691d05e4e290ecdaa634ad5311b3cbb1 (patch)
tree	436fc236acefb75237622da0e4cf7f3f05f7f48b /src/Mount
parent	246233c40262c5be2edfa916cf841dd4bce6598e (diff)
download	VeraCrypt-07ee8c10691d05e4e290ecdaa634ad5311b3cbb1.tar.gz VeraCrypt-07ee8c10691d05e4e290ecdaa634ad5311b3cbb1.zip