VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Mount/Mount.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Mount/Mount.c')
-rw-r--r--src/Mount/Mount.c562
1 files changed, 457 insertions, 105 deletions
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 5f96afb..07980c7 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -49,6 +49,7 @@
#include "../Platform/Finally.h"
#include "../Platform/ForEach.h"
#include "../Setup/SelfExtract.h"
+#include "../Common/EncryptionThreadPool.h"
#include <Strsafe.h>
#include <InitGuid.h>
@@ -64,6 +65,17 @@
typedef BOOL (WINAPI *WTSREGISTERSESSIONNOTIFICATION)(HWND, DWORD);
typedef BOOL (WINAPI *WTSUNREGISTERSESSIONNOTIFICATION)(HWND);
+#ifndef _HPOWERNOTIFY_DEF_
+#define _HPOWERNOTIFY_DEF_
+
+typedef PVOID HPOWERNOTIFY;
+typedef HPOWERNOTIFY *PHPOWERNOTIFY;
+
+#endif
+
+typedef HPOWERNOTIFY (WINAPI *REGISTERSUSPENDRESUMENOTIFICATION)(HANDLE hRecipient, DWORD Flags);
+typedef BOOL (WINAPI *UNREGISTERSUSPENDRESUMENOTIFICATION) (HPOWERNOTIFY Handle);
+
using namespace VeraCrypt;
enum timer_ids
@@ -158,14 +170,14 @@ MountOptions CmdMountOptions;
BOOL CmdMountOptionsValid = FALSE;
MountOptions mountOptions;
MountOptions defaultMountOptions;
-KeyFile *FirstCmdKeyFile;
+KeyFile *FirstCmdKeyFile = NULL;
HBITMAP hbmLogoBitmapRescaled = NULL;
wchar_t OrigKeyboardLayout [8+1] = L"00000409";
BOOL bKeyboardLayoutChanged = FALSE; /* TRUE if the keyboard layout was changed to the standard US keyboard layout (from any other layout). */
BOOL bKeybLayoutAltKeyWarningShown = FALSE; /* TRUE if the user has been informed that it is not possible to type characters by pressing keys while the right Alt key is held down. */
-static KeyFilesDlgParam hidVolProtKeyFilesParam;
+static KeyFilesDlgParam hidVolProtKeyFilesParam = {0};
static MOUNT_LIST_STRUCT LastKnownMountList = {0};
VOLUME_NOTIFICATIONS_LIST VolumeNotificationsList;
@@ -181,12 +193,20 @@ static int bPrebootPasswordDlgMode = FALSE;
static int NoCmdLineArgs;
static BOOL CmdLineVolumeSpecified;
static int LastDriveListVolumeColumnWidth;
+static BOOL ExitMailSlotSpecified = FALSE;
+static TCHAR ExitMailSlotName[MAX_PATH];
// WTS handling
static HMODULE hWtsLib = NULL;
static WTSREGISTERSESSIONNOTIFICATION fnWtsRegisterSessionNotification = NULL;
static WTSUNREGISTERSESSIONNOTIFICATION fnWtsUnRegisterSessionNotification = NULL;
-static void RegisterWtsNotification(HWND hWnd)
+// Used to opt-in to receive notification about power events.
+// This is mandatory to support Windows 10 Modern Standby and Windows 8.1 Connected Standby power model.
+// https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/prepare-software-for-modern-standby
+// https://docs.microsoft.com/en-us/windows/win32/w8cookbook/desktop-activity-moderator?redirectedfrom=MSDN
+static HPOWERNOTIFY g_hPowerNotify = NULL;
+
+static void RegisterWtsAndPowerNotification(HWND hWnd)
{
if (!hWtsLib)
{
@@ -213,9 +233,19 @@ static void RegisterWtsNotification(HWND hWnd)
}
}
}
+
+ if (IsOSAtLeast (WIN_8))
+ {
+ REGISTERSUSPENDRESUMENOTIFICATION fnRegisterSuspendResumeNotification = (REGISTERSUSPENDRESUMENOTIFICATION) GetProcAddress (GetModuleHandle (L"user32.dll"), "RegisterSuspendResumeNotification");
+ if (fnRegisterSuspendResumeNotification)
+ {
+ g_hPowerNotify = fnRegisterSuspendResumeNotification ((HANDLE) hWnd, DEVICE_NOTIFY_WINDOW_HANDLE);
+ }
+
+ }
}
-static void UnregisterWtsNotification(HWND hWnd)
+static void UnregisterWtsAndPowerNotification(HWND hWnd)
{
if (hWtsLib && fnWtsUnRegisterSessionNotification)
{
@@ -225,6 +255,14 @@ static void UnregisterWtsNotification(HWND hWnd)
fnWtsRegisterSessionNotification = NULL;
fnWtsUnRegisterSessionNotification = NULL;
}
+
+ if (IsOSAtLeast (WIN_8) && g_hPowerNotify)
+ {
+ UNREGISTERSUSPENDRESUMENOTIFICATION fnUnregisterSuspendResumeNotification = (UNREGISTERSUSPENDRESUMENOTIFICATION) GetProcAddress (GetModuleHandle (L"user32.dll"), "UnregisterSuspendResumeNotification");
+ if (fnUnregisterSuspendResumeNotification)
+ fnUnregisterSuspendResumeNotification (g_hPowerNotify);
+ g_hPowerNotify = NULL;
+ }
}
static std::vector<MSXML2::IXMLDOMNodePtr> GetReadChildNodes (MSXML2::IXMLDOMNodeListPtr childs)
@@ -375,6 +413,9 @@ static void localcleanup (void)
burn (&defaultMountOptions, sizeof (defaultMountOptions));
burn (szFileName, sizeof(szFileName));
+ KeyFileRemoveAll (&FirstCmdKeyFile);
+ KeyFileRemoveAll (&hidVolProtKeyFilesParam.FirstKeyFile);
+
/* Cleanup common code resources */
cleanup ();
@@ -430,7 +471,7 @@ void EndMainDlg (HWND hwndDlg)
KillTimer (hwndDlg, TIMER_ID_MAIN);
KillTimer (hwndDlg, TIMER_ID_UPDATE_DEVICE_LIST);
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
EndDialog (hwndDlg, 0);
}
}
@@ -512,8 +553,11 @@ static void InitMainDialog (HWND hwndDlg)
e.Show (NULL);
}
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ {
+ // initialize the list of devices available for mounting as early as possible
+ UpdateMountableHostDeviceList ();
+ }
if (Silent)
LoadDriveLetters (hwndDlg, NULL, 0);
@@ -2371,6 +2415,17 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
}
CheckCapsLock (hwndDlg, FALSE);
+
+ if (!bSecureDesktopOngoing)
+ {
+ PasswordEditDropTarget* pTarget = new PasswordEditDropTarget ();
+ if (pTarget->Register (hwndDlg))
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) pTarget);
+ }
+ else
+ delete pTarget;
+ }
return 0;
}
@@ -2836,6 +2891,19 @@ err:
return 1;
}
return 0;
+
+ case WM_NCDESTROY:
+ {
+ /* unregister drap-n-drop support */
+ PasswordEditDropTarget* pTarget = (PasswordEditDropTarget*) GetWindowLongPtr (hwndDlg, DWLP_USER);
+ if (pTarget)
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) 0);
+ pTarget->Revoke ();
+ pTarget->Release();
+ }
+ }
+ return 0;
}
return 0;
@@ -2968,7 +3036,21 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
SetWindowPos (hwndDlg, HWND_NOTOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE);
}
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
- SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+
+ /* Start the timer to check if we are foreground only if Secure Desktop is not used */
+ /* Implement Text drag-n-drop in order to support droping password from KeePass directly only if Secure Desktop is not used */
+ if (!bSecureDesktopOngoing)
+ {
+ SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+
+ PasswordEditDropTarget* pTarget = new PasswordEditDropTarget ();
+ if (pTarget->Register (hwndDlg))
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) pTarget);
+ }
+ else
+ delete pTarget;
+ }
}
return 0;
@@ -3011,11 +3093,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", hwndDlg);
- EndDialog (hwndDlg, IDCANCEL);
- return 1;
+ /* don't be too agressive on enforcing an English keyboard layout. E.g. on WindowsPE this call fails and
+ * then the user can only mount a system encrypted device using the command line by passing the password as a parameter
+ * (which might not be obvious for not so advanced users).
+ *
+ * Now, we informed the user that English keyboard is required, if it is not available the volume can just not be mounted.
+ * There should be no other drawback (as e.g., on the change password dialog, when you might change to a password which won't
+ * work on the pre-start environment.
+ */
}
-
- if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
+ else if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
{
Error ("CANNOT_SET_TIMER", hwndDlg);
EndDialog (hwndDlg, IDCANCEL);
@@ -3227,6 +3314,19 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
}
return 0;
+ case WM_NCDESTROY:
+ {
+ /* unregister drap-n-drop support */
+ PasswordEditDropTarget* pTarget = (PasswordEditDropTarget*) GetWindowLongPtr (hwndDlg, DWLP_USER);
+ if (pTarget)
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) 0);
+ pTarget->Revoke ();
+ pTarget->Release();
+ }
+ }
+ return 0;
+
case WM_CONTEXTMENU:
{
RECT buttonRect;
@@ -3640,6 +3740,17 @@ BOOL CALLBACK MountOptionsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
ToHyperlink (hwndDlg, IDC_LINK_HIDVOL_PROTECTION_INFO);
+ if (!bSecureDesktopOngoing)
+ {
+ PasswordEditDropTarget* pTarget = new PasswordEditDropTarget ();
+ if (pTarget->Register (hwndDlg))
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) pTarget);
+ }
+ else
+ delete pTarget;
+ }
+
}
return 0;
@@ -3797,6 +3908,19 @@ BOOL CALLBACK MountOptionsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
}
return 0;
+
+ case WM_NCDESTROY:
+ {
+ /* unregister drap-n-drop support */
+ PasswordEditDropTarget* pTarget = (PasswordEditDropTarget*) GetWindowLongPtr (hwndDlg, DWLP_USER);
+ if (pTarget)
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) 0);
+ pTarget->Revoke ();
+ pTarget->Release();
+ }
+ }
+ return 0;
}
return 0;
@@ -5048,7 +5172,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode || IsTrueCryptFileExtension (szFileName)? TRUE : FALSE;
int GuiPim = EffectiveVolumePim;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
@@ -5142,7 +5266,14 @@ static BOOL Dismount (HWND hwndDlg, int nDosDriveNo)
WaitCursor ();
if (nDosDriveNo == -2)
+ {
nDosDriveNo = (char) (HIWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) - L'A');
+ if (nDosDriveNo < 0 || nDosDriveNo >= 26)
+ {
+ NormalCursor ();
+ return FALSE;
+ }
+ }
if (bCloseDismountedWindows)
{
@@ -5156,9 +5287,6 @@ static BOOL Dismount (HWND hwndDlg, int nDosDriveNo)
if (bBeep)
MessageBeep (0xFFFFFFFF);
RefreshMainDlg (hwndDlg);
-
- if (nCurrentOS == WIN_2000 && RemoteSession && !IsAdmin ())
- LoadDriveLetters (hwndDlg, GetDlgItem (hwndDlg, IDC_DRIVELIST), 0);
}
NormalCursor ();
@@ -5333,9 +5461,6 @@ retry:
RefreshMainDlg (hwndDlg);
- if (nCurrentOS == WIN_2000 && RemoteSession && !IsAdmin ())
- LoadDriveLetters (hwndDlg, GetDlgItem (hwndDlg, IDC_DRIVELIST), 0);
-
NormalCursor();
if (unmount.nReturnCode != 0)
@@ -6069,8 +6194,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
return;
}
- WaitCursor();
-
// Make sure the user is not attempting to decrypt a partition on an entirely encrypted system drive.
if (IsNonSysPartitionOnSysDrive (scPath.c_str ()) == 1)
{
@@ -6088,8 +6211,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
{
// The system drive MAY be entirely encrypted (external access without PBA) and the potentially encrypted OS is not running
- NormalCursor ();
-
Warning ("CANT_DECRYPT_PARTITION_ON_ENTIRELY_ENCRYPTED_SYS_DRIVE_UNSURE", hwndDlg);
// We allow the user to continue as we don't know if the drive is really an encrypted system drive.
@@ -6771,6 +6892,41 @@ void DisplayDriveListContextMenu (HWND hwndDlg, LPARAM lParam)
}
}
+// broadcast signal to WAITFOR.EXE MailSlot to notify any waiting instance that we are exiting
+static void SignalExitCode (int exitCode)
+{
+ if (ExitMailSlotSpecified)
+ {
+ HANDLE hFile;
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ if ((hFile == INVALID_HANDLE_VALUE) && (GetLastError () == ERROR_FILE_NOT_FOUND))
+ {
+ // MailSlot not found, wait 1 second and try again in case we exited too quickly
+ Sleep (1000);
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ }
+ if (hFile != INVALID_HANDLE_VALUE)
+ {
+ char szMsg[64];
+ DWORD cbWritten;
+ StringCbPrintfA (szMsg, sizeof (szMsg), "VeraCrypt Exit %d", exitCode);
+ WriteFile(hFile, szMsg, (DWORD) (strlen (szMsg) +1), &cbWritten, (LPOVERLAPPED) NULL);
+ CloseHandle (hFile);
+ }
+ }
+}
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -6850,6 +7006,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
AbortProcess ("COMMAND_LINE_ERROR");
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -6975,7 +7137,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (FirstCmdKeyFile)
{
KeyFileRemoveAll (&FirstKeyFile);
- FirstKeyFile = FirstCmdKeyFile;
+ KeyFileCloneAll (FirstCmdKeyFile, &FirstKeyFile);
KeyFilesEnable = TRUE;
}
@@ -7111,7 +7273,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (Quit)
{
if (TaskBarIconMutex == NULL)
+ {
+ SignalExitCode (exitCode);
exit (exitCode);
+ }
MainWindowHidden = TRUE;
@@ -7123,6 +7288,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (TaskBarIconMutex)
TaskBarIconRemove (hwndDlg);
+ SignalExitCode (exitCode);
exit (exitCode);
}
else
@@ -7224,7 +7390,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
if (TaskBarIconMutex != NULL)
- RegisterWtsNotification(hwndDlg);
+ RegisterWtsAndPowerNotification(hwndDlg);
DoPostInstallTasks (hwndDlg);
ResetCurrentDirectory ();
}
@@ -7309,7 +7475,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
}
EndMainDlg (hwndDlg);
localcleanup ();
@@ -7336,7 +7502,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (wParam == TIMER_ID_UPDATE_DEVICE_LIST)
{
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ UpdateMountableHostDeviceList ();
}
else
{
@@ -7526,7 +7693,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
&& GetDriverRefCount () < 2)
{
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
EndMainDlg (hwndDlg);
}
}
@@ -7653,7 +7820,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
EnumWindows (CloseTCWindowsEnum, 0);
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
SendMessage (hwndDlg, WM_COMMAND, sel, 0);
}
}
@@ -7674,7 +7841,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
case TC_APPMSG_CLOSE_BKG_TASK:
if (TaskBarIconMutex != NULL)
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
return 1;
@@ -8350,12 +8517,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (bEnableBkgTask)
{
TaskBarIconAdd (hwndDlg);
- RegisterWtsNotification(hwndDlg);
+ RegisterWtsAndPowerNotification(hwndDlg);
}
else
{
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
if (MainWindowHidden)
EndMainDlg (hwndDlg);
}
@@ -8625,12 +8792,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
WaitCursor ();
- if (!(nCurrentOS == WIN_2000 && RemoteSession))
- {
- BroadcastDeviceChange (DBT_DEVICEREMOVECOMPLETE, 0, ~driveMap);
- Sleep (100);
- BroadcastDeviceChange (DBT_DEVICEARRIVAL, 0, driveMap);
- }
+
+ BroadcastDeviceChange (DBT_DEVICEREMOVECOMPLETE, 0, ~driveMap);
+ Sleep (100);
+ BroadcastDeviceChange (DBT_DEVICEARRIVAL, 0, driveMap);
LoadDriveLetters (hwndDlg, GetDlgItem (hwndDlg, IDC_DRIVELIST), 0);
@@ -8872,6 +9037,9 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionTryEmptyPassword,
OptionNoWaitDlg,
OptionSecureDesktop,
+ OptionDisableDeviceUpdate,
+ OptionEnableMemoryProtection,
+ OptionSignalExit,
};
argument args[]=
@@ -8900,6 +9068,9 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionTryEmptyPassword, L"/tryemptypass", NULL, FALSE },
{ OptionNoWaitDlg, L"/nowaitdlg", NULL, FALSE },
{ OptionSecureDesktop, L"/secureDesktop", NULL, FALSE },
+ { OptionDisableDeviceUpdate, L"/disableDeviceUpdate", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ { OptionSignalExit, L"/signalExit", NULL, FALSE },
};
argumentspec as;
@@ -8990,6 +9161,29 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
+ case OptionDisableDeviceUpdate:
+ {
+ DisablePeriodicDeviceListUpdate = TRUE;
+ }
+ break;
+
+ case OptionEnableMemoryProtection:
+ {
+ EnableMemoryProtection = TRUE;
+ }
+ break;
+
+ case OptionSignalExit:
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i,
+ nNoCommandLineArgs, tmpPath, ARRAYSIZE (tmpPath)))
+ {
+ StringCbPrintfW (ExitMailSlotName, sizeof (ExitMailSlotName), L"\\\\.\\mailslot\\WAITFOR.EXE\\%s", tmpPath);
+ ExitMailSlotSpecified = TRUE;
+ }
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ break;
+
case OptionCache:
{
wchar_t szTmp[16] = {0};
@@ -9409,25 +9603,31 @@ static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
case SERVICE_CONTROL_STOP:
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
- if (bSystemIsGPT)
+ if (!(BootEncObj->ReadServiceConfigurationFlags () & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
{
- uint32 serviceFlags = BootEncObj->ReadServiceConfigurationFlags ();
- if (!(serviceFlags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
+ try
{
- try
- {
- BootEncryption::UpdateSetupConfigFile (true);
- if (!BootEncStatus.HiddenSystem)
- {
- // re-install our bootloader again in case the update process has removed it.
- BootEncryption bootEnc (NULL, true);
- bootEnc.InstallBootLoader (true);
- }
- }
- catch (...)
+ BootEncryption::UpdateSetupConfigFile (true);
+ if (!BootEncStatus.HiddenSystem)
{
+ // re-install our bootloader again in case the update process has removed it.
+ bool bForceSetNextBoot = false;
+ bool bSetBootentry = true;
+ bool bForceFirstBootEntry = true;
+ uint32 flags = BootEncObj->ReadServiceConfigurationFlags ();
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)
+ bForceSetNextBoot = true;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY)
+ bSetBootentry = false;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY)
+ bForceFirstBootEntry = false;
+ BootEncryption bootEnc (NULL, true, bSetBootentry, bForceFirstBootEntry, bForceSetNextBoot);
+ bootEnc.InstallBootLoader (true);
}
}
+ catch (...)
+ {
+ }
}
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */
@@ -9529,8 +9729,6 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
SystemFavoritesServiceSetStatus (SERVICE_START_PENDING, 120000);
SystemFavoritesServiceLogInfo (wstring (L"Initializing list of host devices"));
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
SystemFavoritesServiceLogInfo (wstring (L"Starting System Favorites mounting process"));
@@ -9726,7 +9924,7 @@ BOOL TaskBarIconAdd (HWND hwnd)
ScreenDPI >= 120 ? 0 : 16,
(ScreenDPI >= 120 ? LR_DEFAULTSIZE : 0)
| LR_SHARED
- | (nCurrentOS != WIN_2000 ? LR_DEFAULTCOLOR : LR_VGACOLOR)); // Windows 2000 cannot display more than 16 fixed colors in notification tray
+ | LR_DEFAULTCOLOR);
StringCbCopyW (tnid.szTip, sizeof(tnid.szTip), L"VeraCrypt");
@@ -9778,7 +9976,7 @@ BOOL TaskBarIconChange (HWND hwnd, int iconId)
ScreenDPI >= 120 ? 0 : 16,
(ScreenDPI >= 120 ? LR_DEFAULTSIZE : 0)
| LR_SHARED
- | (nCurrentOS != WIN_2000 ? LR_DEFAULTCOLOR : LR_VGACOLOR)); // Windows 2000 cannot display more than 16 fixed colors in notification tray
+ | LR_DEFAULTCOLOR);
return Shell_NotifyIcon (NIM_MODIFY, &tnid);
}
@@ -10111,9 +10309,6 @@ BOOL MountFavoriteVolumes (HWND hwnd, BOOL systemFavorites, BOOL logOnMount, BOO
{
Sleep (5000);
- SystemFavoritesServiceLogInfo (wstring (L"Updating list of host devices"));
- UpdateMountableHostDeviceList ();
-
SystemFavoritesServiceLogInfo (wstring (L"Trying to mount skipped system favorites"));
// Update the service status to avoid being killed
@@ -10326,7 +10521,7 @@ static void HandleHotKey (HWND hwndDlg, WPARAM wParam)
MessageBeep (0xFFFFFFFF);
}
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
EndMainDlg (hwndDlg);
break;
@@ -10842,6 +11037,21 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access timestamp is not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time. */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
// Determine volume host size
if (bDevice)
@@ -10912,15 +11122,6 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
hostSize = fileSize.QuadPart;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time. */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
/* Read the volume header from the backup file */
char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
@@ -11109,6 +11310,11 @@ void SetDriverConfigurationFlag (uint32 flag, BOOL state)
BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
}
+void SetServiceConfigurationFlag (uint32 flag, BOOL state)
+{
+ if (BootEncObj)
+ BootEncObj->SetServiceConfigurationFlag (flag, state ? true : false);
+}
static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
@@ -11155,26 +11361,25 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE);
}
- SYSTEM_INFO sysInfo;
- GetSystemInfo (&sysInfo);
+ size_t cpuCount = GetCpuCount(NULL);
HWND freeCpuCombo = GetDlgItem (hwndDlg, IDC_ENCRYPTION_FREE_CPU_COUNT);
uint32 encryptionFreeCpuCount = ReadEncryptionThreadPoolFreeCpuCountLimit();
- if (encryptionFreeCpuCount > sysInfo.dwNumberOfProcessors - 1)
- encryptionFreeCpuCount = sysInfo.dwNumberOfProcessors - 1;
+ if (encryptionFreeCpuCount > (uint32) (cpuCount - 1))
+ encryptionFreeCpuCount = (uint32) (cpuCount - 1);
- for (uint32 i = 1; i < sysInfo.dwNumberOfProcessors; ++i)
+ for (uint32 i = 1; i < cpuCount; ++i)
{
wstringstream s;
s << i;
AddComboPair (freeCpuCombo, s.str().c_str(), i);
}
- if (sysInfo.dwNumberOfProcessors < 2 || encryptionFreeCpuCount == 0)
+ if (cpuCount < 2 || encryptionFreeCpuCount == 0)
EnableWindow (freeCpuCombo, FALSE);
- if (sysInfo.dwNumberOfProcessors < 2)
+ if (cpuCount < 2)
EnableWindow (GetDlgItem (hwndDlg, IDC_LIMIT_ENC_THREAD_POOL), FALSE);
if (encryptionFreeCpuCount != 0)
@@ -11185,7 +11390,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
SetWindowTextW (GetDlgItem (hwndDlg, IDT_LIMIT_ENC_THREAD_POOL_NOTE), GetString("LIMIT_ENC_THREAD_POOL_NOTE"));
- SetDlgItemTextW (hwndDlg, IDC_HW_AES_SUPPORTED_BY_CPU, (wstring (L" ") + (GetString (is_aes_hw_cpu_supported() ? "UISTR_YES" : "UISTR_NO"))).c_str());
+ SetDlgItemTextW (hwndDlg, IDC_HW_AES_SUPPORTED_BY_CPU, (wstring (L" ") + (GetString (HasAESNI() ? "UISTR_YES" : "UISTR_NO"))).c_str());
ToHyperlink (hwndDlg, IDC_MORE_INFO_ON_HW_ACCELERATION);
ToHyperlink (hwndDlg, IDC_MORE_INFO_ON_THREAD_BASED_PARALLELIZATION);
@@ -11262,7 +11467,26 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
{
BOOL originalRamEncryptionEnabled = (driverConfig & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION)? TRUE : FALSE;
if (originalRamEncryptionEnabled != enableRamEncryption)
+ {
+ if (enableRamEncryption)
+ {
+ // Disable Hibernate and Fast Startup if they are enabled
+ BOOL bHibernateEnabled, bHiberbootEnabled;
+ if (GetHibernateStatus (bHibernateEnabled, bHiberbootEnabled))
+ {
+ if (bHibernateEnabled)
+ {
+ BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Control\\Power", L"HibernateEnabled", 0);
+ }
+
+ if (bHiberbootEnabled)
+ {
+ BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Power", L"HiberbootEnabled", 0);
+ }
+ }
+ }
rebootRequired = true;
+ }
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption);
}
@@ -11338,7 +11562,25 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
BOOL enableRamEncryption = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION);
if (originalRamEncryptionEnabled != enableRamEncryption)
+ {
+ if (enableRamEncryption)
+ {
+ // check if Hibernate or Fast Startup are enabled
+ BOOL bHibernateEnabled, bHiberbootEnabled;
+ if (GetHibernateStatus (bHibernateEnabled, bHiberbootEnabled))
+ {
+ if (bHibernateEnabled || bHiberbootEnabled)
+ {
+ if (AskWarnYesNo ("RAM_ENCRYPTION_DISABLE_HIBERNATE", hwndDlg) == IDNO)
+ {
+ CheckDlgButton (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION, BST_UNCHECKED);
+ return 1;
+ }
+ }
+ }
+ }
Warning ("SETTING_REQUIRES_REBOOT", hwndDlg);
+ }
}
return 1;
@@ -11592,6 +11834,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
WORD lw = LOWORD (wParam);
static std::string platforminfo;
+ static byte currentUserConfig;
+ static string currentCustomUserMessage;
switch (msg)
{
@@ -11609,6 +11853,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS");
uint32 driverConfig = ReadDriverConfigurationFlags();
+ uint32 serviceConfig = ReadServiceConfigurationFlags();
byte userConfig;
string customUserMessage;
uint16 bootLoaderVersion = 0;
@@ -11616,8 +11861,27 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
BOOL bBlockSysEncTrimEnabled = (driverConfig & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)? TRUE : FALSE;
BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
+ BOOL bAutoFixBootloader = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER)? FALSE : TRUE;
+ BOOL bForceVeraCryptNextBoot = FALSE;
+ BOOL bForceSetVeraCryptBootEntry = TRUE;
+ BOOL bForceVeraCryptFirstEntry = TRUE;
+ if (bSystemIsGPT)
+ {
+ bForceVeraCryptNextBoot = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)? TRUE : FALSE;
+ bForceSetVeraCryptBootEntry = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY)? FALSE : TRUE;
+ bForceVeraCryptFirstEntry = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY)? FALSE : TRUE;
+ }
+
BOOL bIsHiddenOS = IsHiddenOSRunning ();
+ if (bClearKeysEnabled)
+ {
+ // the clear keys option works only if the service is running
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ bClearKeysEnabled = false;
+ }
+
+
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
@@ -11625,6 +11889,10 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
+ // we store current configuration in order to be able to detect if user changed it or not after clicking OK
+ currentUserConfig = userConfig;
+ currentCustomUserMessage = customUserMessage;
+
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@@ -11668,6 +11936,25 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
}
else
CheckDlgButton (hwndDlg, IDC_BLOCK_SYSENC_TRIM, bBlockSysEncTrimEnabled ? BST_CHECKED : BST_UNCHECKED);
+
+ CheckDlgButton (hwndDlg, IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN, bAutoFixBootloader? BST_CHECKED : BST_UNCHECKED);
+ if (bSystemIsGPT)
+ {
+ if (!bAutoFixBootloader || bIsHiddenOS)
+ {
+ // we disable other options if updating bootloader is not allowed or if hidden OS us running
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY), FALSE);
+ }
+
+ if (!bIsHiddenOS)
+ {
+ CheckDlgButton (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT, bForceVeraCryptNextBoot? BST_CHECKED : BST_UNCHECKED);
+ CheckDlgButton (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY, bForceSetVeraCryptBootEntry? BST_CHECKED : BST_UNCHECKED);
+ CheckDlgButton (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY, bForceVeraCryptFirstEntry? BST_CHECKED : BST_UNCHECKED);
+ }
+ }
}
catch (Exception &e)
{
@@ -11694,13 +11981,19 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
try
{
- std::string dcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string currentDcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string dcsprop = currentDcsprop;
while (TextEditDialogBox(FALSE, hwndDlg, GetString ("BOOT_LOADER_CONFIGURATION_FILE"), dcsprop) == IDOK)
{
- if (validateDcsPropXml (dcsprop.c_str()))
+ const char* dcspropContent = dcsprop.c_str();
+ if (0 == strcmp(dcspropContent, currentDcsprop.c_str()))
+ {
+ break;
+ }
+ else if (validateDcsPropXml (dcspropContent))
{
- WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcsprop.c_str(), (DWORD) dcsprop.size(), true);
+ WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcspropContent, (DWORD) strlen (dcspropContent), true);
break;
}
else
@@ -11738,17 +12031,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (!bSystemIsGPT)
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
- byte userConfig;
- try
- {
- if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
- return 1;
- }
- catch (Exception &e)
- {
- e.Show (hwndDlg);
- return 1;
- }
+ byte userConfig = currentUserConfig;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
@@ -11757,22 +12040,22 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (bSystemIsGPT)
{
- if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
}
else
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
- userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
}
try
@@ -11781,13 +12064,53 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
- BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
+ BOOL bAutoFixBootloader = IsDlgButtonChecked (hwndDlg, IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN);
+ BOOL bForceVeraCryptNextBoot = FALSE;
+ BOOL bForceSetVeraCryptBootEntry = TRUE;
+ BOOL bForceVeraCryptFirstEntry = TRUE;
+ if (bSystemIsGPT)
+ {
+ bForceVeraCryptNextBoot = IsDlgButtonChecked (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT);
+ bForceSetVeraCryptBootEntry = IsDlgButtonChecked (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY);
+ bForceVeraCryptFirstEntry = IsDlgButtonChecked (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY);
+ }
+
+ if (bClearKeysEnabled && !BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure and quit
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+ return 1;
+ }
+
+ // only write boot configuration if something changed
+ if ((userConfig != currentUserConfig) || (!bSystemIsGPT && (customUserMessage != currentCustomUserMessage)))
+ BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled);
- if (!IsHiddenOSRunning ()) /* we don't need to update TRIM config for hidden OS since it's always blocked */
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER, bAutoFixBootloader? FALSE : TRUE);
+ if (!IsHiddenOSRunning ())
+ {
+ /* we don't need to update TRIM config for hidden OS since it's always blocked */
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_BLOCK_SYS_TRIM, bBlockSysEncTrimEnabled);
+
+ if (bSystemIsGPT)
+ {
+ if (bAutoFixBootloader)
+ {
+ /* we update bootloader settings only if the autofix option is enabled */
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT, bForceVeraCryptNextBoot);
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY, bForceSetVeraCryptBootEntry? FALSE : TRUE);
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY, bForceVeraCryptFirstEntry? FALSE : TRUE);
+ }
+ }
+ }
}
catch (Exception &e)
{
@@ -11833,10 +12156,39 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
{
- Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+
+ CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, BST_UNCHECKED);
+ }
+ else
+ Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
}
break;
+
+ case IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN:
+ if (bSystemIsGPT && !IsHiddenOSRunning ())
+ {
+ if (IsDlgButtonChecked (hwndDlg, IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN))
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT), TRUE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY), TRUE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY), TRUE);
+ }
+ else
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY), FALSE);
+ }
+ }
+ break;
}
return 0;
}