VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Common/Apidrvr.h1
-rw-r--r--src/Common/BootEncryption.cpp74
-rw-r--r--src/Common/BootEncryption.h8
-rw-r--r--src/Common/Language.xml2
-rw-r--r--src/Driver/Ntdriver.c7
-rw-r--r--src/Mount/Mount.c148
-rw-r--r--src/Mount/Mount.rc30
-rw-r--r--src/Mount/Resource.h3
8 files changed, 196 insertions, 77 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 2d996d2c..0298e204 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -416,5 +416,6 @@ typedef struct
#define VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM 0x80
#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100
#define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200
+#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400
#endif /* _WIN32 */
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 4992e086..364f0869 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -994,10 +994,16 @@ namespace VeraCrypt
Device::Device (wstring path, bool readOnly)
{
- FileOpen = false;
- Elevated = false;
+ wstring effectivePath;
+ FileOpen = false;
+ Elevated = false;
+
+ if (path.find(L"\\\\?\\") == 0)
+ effectivePath = path;
+ else
+ effectivePath = wstring (L"\\\\.\\") + path;
- Handle = CreateFile ((wstring (L"\\\\.\\") + path).c_str(),
+ Handle = CreateFile (effectivePath.c_str(),
readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING,
FILE_FLAG_RANDOM_ACCESS | FILE_FLAG_WRITE_THROUGH, NULL);
@@ -1978,8 +1984,7 @@ namespace VeraCrypt
}
else
{
- finally_do ({ EfiBootInst.DismountBootPartition(); });
- EfiBootInst.MountBootPartition(0);
+ EfiBootInst.PrepareBootPartition();
if (! (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM))
pim = -1;
@@ -2492,8 +2497,6 @@ namespace VeraCrypt
}
EfiBoot::EfiBoot() {
- ZeroMemory(EfiBootPartPath, sizeof(EfiBootPartPath));
- ZeroMemory (BootVolumePath, sizeof (BootVolumePath));
ZeroMemory (&sdn, sizeof (sdn));
ZeroMemory (&partInfo, sizeof (partInfo));
m_bMounted = false;
@@ -2521,34 +2524,21 @@ namespace VeraCrypt
}
PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
- memcpy (BootVolumePath, pStr->Buffer, min (pStr->Length, (sizeof (BootVolumePath) - 2)));
- bBootVolumePathSelected = true;
- }
+ BootVolumePath = pStr->Buffer;
+
+ EfiBootPartPath = L"\\\\?";
+ EfiBootPartPath += &pStr->Buffer[7];
- void EfiBoot::SelectBootVolume(WCHAR* bootVolumePath) {
- wstring str;
- str = bootVolumePath;
- memcpy (BootVolumePath, &str[0], min (str.length() * 2, (sizeof (BootVolumePath) - 2)));
bBootVolumePathSelected = true;
}
- void EfiBoot::MountBootPartition(WCHAR letter) {
+ void EfiBoot::PrepareBootPartition() {
if (!bBootVolumePathSelected) {
SelectBootVolumeESP();
}
-
- if (!letter) {
- if (!GetFreeDriveLetter(&EfiBootPartPath[0])) {
- throw ErrorException(L"No free letter to mount EFI boot partition", SRC_POS);
- }
- } else {
- EfiBootPartPath[0] = letter;
- }
- EfiBootPartPath[1] = ':';
- EfiBootPartPath[2] = 0;
- throw_sys_if(!DefineDosDevice(DDD_RAW_TARGET_PATH, EfiBootPartPath, BootVolumePath));
-
- Device dev(EfiBootPartPath, TRUE);
+ std::wstring devicePath = L"\\\\?\\GLOBALROOT";
+ devicePath += BootVolumePath;
+ Device dev(devicePath.c_str(), TRUE);
try
{
@@ -2556,7 +2546,6 @@ namespace VeraCrypt
}
catch (...)
{
- DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
throw;
}
@@ -2566,20 +2555,9 @@ namespace VeraCrypt
dev.Close();
if (!bSuccess)
{
- DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
SetLastError (dwLastError);
throw SystemException(SRC_POS);
- }
-
- m_bMounted = true;
- }
-
- void EfiBoot::DismountBootPartition() {
- if (m_bMounted)
- {
- DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
- m_bMounted = false;
- }
+ }
}
bool EfiBoot::IsEfiBoot() {
@@ -3085,8 +3063,7 @@ namespace VeraCrypt
if (!DcsInfoImg)
throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
- finally_do ({ EfiBootInst.DismountBootPartition(); });
- EfiBootInst.MountBootPartition(0);
+ EfiBootInst.PrepareBootPartition();
try
{
@@ -4110,9 +4087,7 @@ namespace VeraCrypt
const char* g_szMsBootString = "bootmgfw.pdb";
bool bModifiedMsBoot = true;
- finally_do ({ EfiBootInst.DismountBootPartition(); });
-
- EfiBootInst.MountBootPartition(0);
+ EfiBootInst.PrepareBootPartition();
EfiBootInst.GetFileSize(szStdMsBootloader, loaderSize);
bootLoaderBuf.resize ((size_t) loaderSize);
@@ -4233,9 +4208,7 @@ namespace VeraCrypt
}
}
- finally_do ({ EfiBootInst.DismountBootPartition(); });
-
- EfiBootInst.MountBootPartition(0);
+ EfiBootInst.PrepareBootPartition();
EfiBootInst.DeleteStartExec();
EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed
@@ -4735,8 +4708,7 @@ namespace VeraCrypt
}
else
{
- finally_do ({ EfiBootInst.DismountBootPartition(); });
- EfiBootInst.MountBootPartition(0);
+ EfiBootInst.PrepareBootPartition();
memcpy (pSdn, EfiBootInst.GetStorageDeviceNumber(), sizeof (STORAGE_DEVICE_NUMBER));
}
}
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index 58cdd2e0..ea0e728c 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -199,8 +199,7 @@ namespace VeraCrypt
public:
EfiBoot();
- void MountBootPartition(WCHAR letter);
- void DismountBootPartition();
+ void PrepareBootPartition();
bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
@@ -219,17 +218,16 @@ namespace VeraCrypt
BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
BOOL DelDir(const wchar_t* name);
void SelectBootVolumeESP();
- void SelectBootVolume(WCHAR* bootVolumePath);
PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
protected:
bool m_bMounted;
- WCHAR EfiBootPartPath[3];
+ std::wstring EfiBootPartPath;
STORAGE_DEVICE_NUMBER sdn;
PARTITION_INFORMATION_EX partInfo;
WCHAR tempBuf[1024];
bool bBootVolumePathSelected;
- WCHAR BootVolumePath[MAX_PATH];
+ std::wstring BootVolumePath;
};
class BootEncryption
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index 5fc4ce7d..b2700e6d 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1429,6 +1429,8 @@
<entry lang="en" key="CONFIRM_ALLOW_WINDOWS_DEFRAG">WARNING: Defragmenting non-system partitions/drives may leak metadata about their content or cause issues with hidden volumes they may contain.\n\nContinue?</entry>
<entry lang="en" key="VIRTUAL_DEVICE">Virtual Device</entry>
<entry lang="en" key="MOUNTED_VOLUME_NOT_ASSOCIATED">The selected mounted volume is not associated with its drive letter in Windows and so it can not be opened in Windows Explorer.</entry>
+ <entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
+ <entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 47b2f8a5..282112fc 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -4346,6 +4346,13 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)
BlockSystemTrimCommand = TRUE;
+
+ /* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION if it is set */
+ if (flags & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)
+ {
+ flags ^= VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION;
+ WriteRegistryConfigFlags (flags);
+ }
}
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 574c3556..473372e1 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -51,6 +51,8 @@
#include "../Setup/SelfExtract.h"
#include <Strsafe.h>
+#include <InitGuid.h>
+#include <devguid.h>
#import <msxml6.dll> no_auto_exclude
@@ -9296,6 +9298,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
static SERVICE_STATUS SystemFavoritesServiceStatus;
static SERVICE_STATUS_HANDLE SystemFavoritesServiceStatusHandle;
+static HANDLE SystemFavoriteServiceStopEvent = NULL;
+static HDEVNOTIFY SystemFavoriteServiceNotify = NULL;
+
+DEFINE_GUID(OCL_GUID_DEVCLASS_SOFTWARECOMPONENT, 0x5c4c3332, 0x344d, 0x483c, 0x87, 0x39, 0x25, 0x9e, 0x93, 0x4c, 0x9c, 0xc8);
static void SystemFavoritesServiceLogMessage (const wstring &errorMessage, WORD wType)
{
@@ -9336,12 +9342,84 @@ static void SystemFavoritesServiceSetStatus (DWORD status, DWORD waitHint = 0)
}
-static VOID WINAPI SystemFavoritesServiceCtrlHandler (DWORD control)
+static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
+ DWORD dwEventType,
+ LPVOID lpEventData,
+ LPVOID lpContext)
{
- if (control == SERVICE_CONTROL_STOP)
+ switch (dwControl)
+ {
+ case SERVICE_CONTROL_PRESHUTDOWN:
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
- else
+
+ if (BootEncObj)
+ {
+ try
+ {
+ BootEncryption::UpdateSetupConfigFile (true);
+ // re-install our bootloader again in case the update process has removed it.
+ BootEncryption bootEnc (NULL, true);
+ bootEnc.InstallBootLoader (true);
+ }
+ catch (...)
+ {
+ }
+ }
+
+ /* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */
+ SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, FALSE);
+
+ SetEvent (SystemFavoriteServiceStopEvent);
+ SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
+
+ break;
+ case SERVICE_CONTROL_STOP:
+ SetEvent (SystemFavoriteServiceStopEvent);
+ SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
+ break;
+ case SERVICE_CONTROL_DEVICEEVENT:
+ if (DBT_DEVICEARRIVAL == dwEventType)
+ {
+ DEV_BROADCAST_HDR* pHdr = (DEV_BROADCAST_HDR *) lpEventData;
+ if (pHdr->dbch_devicetype != DBT_DEVTYP_VOLUME && pHdr->dbch_devicetype != DBT_DEVTYP_HANDLE)
+ {
+ SystemFavoritesServiceLogInfo (L"SERVICE_CONTROL_DEVICEEVENT - DBT_DEVICEARRIVAL received");
+
+ if (ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)
+ {
+ BOOL bClearKeys = TRUE;
+ if (pHdr->dbch_devicetype == DBT_DEVTYP_DEVICEINTERFACE)
+ {
+ DEV_BROADCAST_DEVICEINTERFACE* pInf = (DEV_BROADCAST_DEVICEINTERFACE*) pHdr;
+
+ if (IsEqualGUID (pInf->dbcc_classguid, OCL_GUID_DEVCLASS_SOFTWARECOMPONENT)
+ || IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUME)
+ || IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUMESNAPSHOT)
+ )
+ {
+ bClearKeys = FALSE;
+ }
+ }
+
+ if (bClearKeys)
+ {
+ DWORD cbBytesReturned = 0;
+ BOOL bResult = DeviceIoControl (hDriver, VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS, NULL, 0, NULL, 0, &cbBytesReturned, NULL);
+ if (bResult)
+ SystemFavoritesServiceLogInfo (L"New device insertion detected - encryption keys cleared");
+ else
+ SystemFavoritesServiceLogInfo (L"New device insertion detected - failed to clear encryption keys");
+ }
+ }
+ }
+ }
+ break;
+ default:
SystemFavoritesServiceSetStatus (SystemFavoritesServiceStatus.dwCurrentState);
+ break;
+ }
+
+ return NO_ERROR;
}
static LONG WINAPI SystemFavoritesServiceExceptionHandler (EXCEPTION_POINTERS *ep)
@@ -9363,13 +9441,27 @@ static void SystemFavoritesServiceInvalidParameterHandler (const wchar_t *expres
static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
{
BOOL status = FALSE;
+ DEV_BROADCAST_DEVICEINTERFACE hdr;
memset (&SystemFavoritesServiceStatus, 0, sizeof (SystemFavoritesServiceStatus));
SystemFavoritesServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
+ SystemFavoritesServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
+ if (IsOSAtLeast (WIN_VISTA) && BootEncObj && BootEncStatus.DriveMounted && BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT)
+ SystemFavoritesServiceStatus.dwControlsAccepted |= SERVICE_ACCEPT_PRESHUTDOWN;
+
+ ZeroMemory (&hdr, sizeof(hdr));
+ hdr.dbcc_size = sizeof (hdr);
+ hdr.dbcc_devicetype = DBT_DEVTYP_DEVICEINTERFACE;
- SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandler (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler);
+ SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandlerEx (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler, NULL);
if (!SystemFavoritesServiceStatusHandle)
return;
+ SystemFavoriteServiceStopEvent = CreateEvent (NULL, FALSE, FALSE, NULL);
+ if (!SystemFavoriteServiceStopEvent)
+ return;
+
+ SystemFavoriteServiceNotify = RegisterDeviceNotification (SystemFavoritesServiceStatusHandle, &hdr,DEVICE_NOTIFY_SERVICE_HANDLE | DEVICE_NOTIFY_ALL_INTERFACE_CLASSES);
+
InitGlobalLocks ();
SetUnhandledExceptionFilter (SystemFavoritesServiceExceptionHandler);
@@ -9400,7 +9492,22 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
FinalizeGlobalLocks ();
+ if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD))
+ WipeCache (NULL, TRUE);
+
SystemFavoritesServiceSetStatus (SERVICE_RUNNING);
+
+ WaitForSingleObject (SystemFavoriteServiceStopEvent, INFINITE);
+
+ if (SystemFavoriteServiceNotify)
+ {
+ UnregisterDeviceNotification (SystemFavoriteServiceNotify);
+ SystemFavoriteServiceNotify = NULL;
+ }
+
+ CloseHandle (SystemFavoriteServiceStopEvent);
+ SystemFavoriteServiceStopEvent = NULL;
+
SystemFavoritesServiceSetStatus (SERVICE_STOPPED);
}
@@ -9419,6 +9526,16 @@ static BOOL StartSystemFavoritesService ()
if (DriverAttach() != ERR_SUCCESS)
return FALSE;
+ try
+ {
+ BootEncObj = new BootEncryption (NULL);
+ BootEncStatus = BootEncObj->GetStatus();
+ }
+ catch (Exception &)
+ {
+ BootEncStatus.DriveMounted = FALSE;
+ }
+
SERVICE_TABLE_ENTRY serviceTable[2];
serviceTable[0].lpServiceName = TC_SYSTEM_FAVORITES_SERVICE_NAME;
serviceTable[0].lpServiceProc = SystemFavoritesServiceMain;
@@ -9428,8 +9545,11 @@ static BOOL StartSystemFavoritesService ()
BOOL result = StartServiceCtrlDispatcher (serviceTable);
- if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD))
- WipeCache (NULL, TRUE);
+ if (BootEncObj != NULL)
+ {
+ delete BootEncObj;
+ BootEncObj = NULL;
+ }
return result;
}
@@ -10919,7 +11039,8 @@ error:
void SetDriverConfigurationFlag (uint32 flag, BOOL state)
{
- BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
+ if (BootEncObj)
+ BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
}
@@ -11380,6 +11501,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE;
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
BOOL bBlockSysEncTrimEnabled = (driverConfig & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)? TRUE : FALSE;
+ BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
BOOL bIsHiddenOS = IsHiddenOSRunning ();
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
@@ -11422,6 +11544,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED);
+ CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled? BST_CHECKED : BST_UNCHECKED);
+
if (bIsHiddenOS)
{
// we always block TRIM command on hidden OS regardless of the configuration
@@ -11542,10 +11666,12 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
+ BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
+ SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled);
if (!IsHiddenOSRunning ()) /* we don't need to update TRIM config for hidden OS since it's always blocked */
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_BLOCK_SYS_TRIM, bBlockSysEncTrimEnabled);
}
@@ -11589,6 +11715,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
}
break;
+
+ case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
+ if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
+ {
+ Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
+ }
+
+ break;
}
return 0;
}
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index 3011b5d9..4a7fe101 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -285,7 +285,7 @@ BEGIN
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
END
-IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 182
+IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 194
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -295,18 +295,20 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9
- GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,61
+ GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,75
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,339,10
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,16,83,340,10
CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,98,340,10
- GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,116,355,36
- PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,129,173,14
- PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,129,173,14
- PUSHBUTTON "Cancel",IDCANCEL,313,158,50,14
- DEFPUSHBUTTON "OK",IDOK,255,158,50,14
+ GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,131,355,36
+ PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,144,173,14
+ PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,144,173,14
+ PUSHBUTTON "Cancel",IDCANCEL,313,170,50,14
+ DEFPUSHBUTTON "OK",IDOK,255,170,50,14
+ CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10
END
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 265
@@ -393,7 +395,7 @@ BEGIN
CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10
END
-IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 297
+IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 310
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -413,12 +415,14 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,251,340,10
- PUSHBUTTON "Cancel",IDCANCEL,314,273,50,14
- DEFPUSHBUTTON "OK",IDOK,257,273,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,314,286,50,14
+ DEFPUSHBUTTON "OK",IDOK,257,286,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,39,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,9,7,355,165
- GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,92
+ GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,105
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,72,337,73
+ CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,265,340,10
END
/////////////////////////////////////////////////////////////////////////////
@@ -494,7 +498,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 368
TOPMARGIN, 7
- BOTTOMMARGIN, 172
+ BOTTOMMARGIN, 184
END
IDD_PERFORMANCE_SETTINGS, DIALOG
@@ -526,7 +530,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 364
TOPMARGIN, 7
- BOTTOMMARGIN, 287
+ BOTTOMMARGIN, 300
END
END
#endif // APSTUDIO_INVOKED
diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h
index 48451638..0eaf357a 100644
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -191,6 +191,7 @@
#define IDC_BLOCK_SYSENC_TRIM 1168
#define IDC_ALLOW_WINDOWS_DEFRAG 1169
#define IDC_LOWER_BOX 1170
+#define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -267,7 +268,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40069
-#define _APS_NEXT_CONTROL_VALUE 1171
+#define _APS_NEXT_CONTROL_VALUE 1172
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
#n1225'>1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480