VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Common/Apidrvr.h2
-rw-r--r--src/Driver/DriveFilter.c1
-rw-r--r--src/Driver/Driver.rc4
-rw-r--r--src/Driver/Ntdriver.c14
-rw-r--r--src/Driver/Ntdriver.h1
5 files changed, 20 insertions, 2 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 36946e6c..2eddc3dd 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -420,6 +420,8 @@ typedef struct
#define VC_ENCRYPTION_ITEM_COUNT DRIVER_STR("VeraCryptEncryptionItemCount")
#define VC_ENCRYPTION_FRAGMENT_SIZE DRIVER_STR("VeraCryptEncryptionFragmentSize")
+#define VC_ERASE_KEYS_SHUTDOWN DRIVER_STR("VeraCryptEraseKeysShutdown")
+
// WARNING: Modifying the following values can introduce incompatibility with previous versions.
#define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD 0x1
#define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES 0x2
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index d3510052..0da212f6 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -988,6 +988,7 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte
// Dismount the system drive on shutdown on Windows 7 and later
if (DriverShuttingDown
+ && EraseKeysOnShutdown
&& IsOSAtLeast (WIN_7)
&& Extension->BootDrive
&& Extension->DriveMounted
diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc
index 3af073ce..ef233463 100644
--- a/src/Driver/Driver.rc
+++ b/src/Driver/Driver.rc
@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,25,6,1
- PRODUCTVERSION 1,25,6,1
+ FILEVERSION 1,25,8,0
+ PRODUCTVERSION 1,25,8,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 6f068a8f..e70c0463 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -135,6 +135,7 @@ BOOL CacheBootPim = FALSE;
BOOL NonAdminSystemFavoritesAccessDisabled = FALSE;
BOOL BlockSystemTrimCommand = FALSE;
BOOL AllowWindowsDefrag = FALSE;
+BOOL EraseKeysOnShutdown = TRUE; // by default, we erase encryption keys on system shutdown
static size_t EncryptionThreadPoolFreeCpuCountLimit = 0;
static BOOL SystemFavoriteVolumeDirty = FALSE;
static BOOL PagingFileCreationPrevented = FALSE;
@@ -4856,6 +4857,19 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
}
+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ERASE_KEYS_SHUTDOWN, &data)))
+ {
+ if (data->Type == REG_DWORD)
+ {
+ if (*((uint32 *) data->Data))
+ EraseKeysOnShutdown = TRUE;
+ else
+ EraseKeysOnShutdown = FALSE;
+ }
+
+ TCfree (data);
+ }
+
return status;
}
diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h
index b7e2d56e..3bbeb457 100644
--- a/src/Driver/Ntdriver.h
+++ b/src/Driver/Ntdriver.h
@@ -128,6 +128,7 @@ extern BOOL AllowWindowsDefrag;
extern int EncryptionIoRequestCount;
extern int EncryptionItemCount;
extern int EncryptionFragmentSize;
+extern BOOL EraseKeysOnShutdown;
/* Helper macro returning x seconds in units of 100 nanoseconds */
#define WAIT_SECONDS(x) ((x)*10000000)