From d3e7ed96f3685d83dcc39a18574be1dd2cc8f2f6 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 12 Jan 2019 01:24:25 +0100 Subject: Windows: Implement feature that enables clearing of encryption keys when a new device is inserted. Better implementation for update of EFI bootloader without usage of drive letters (this can fix random issues encountered during Windows upgrade). --- src/Common/Apidrvr.h | 1 + src/Common/BootEncryption.cpp | 74 +++++++-------------- src/Common/BootEncryption.h | 8 +-- src/Common/Language.xml | 2 + src/Driver/Ntdriver.c | 7 ++ src/Mount/Mount.c | 148 ++++++++++++++++++++++++++++++++++++++++-- src/Mount/Mount.rc | 30 +++++---- src/Mount/Resource.h | 3 +- 8 files changed, 196 insertions(+), 77 deletions(-) diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 2d996d2c..0298e204 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -416,5 +416,6 @@ typedef struct #define VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM 0x80 #define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100 #define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200 +#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400 #endif /* _WIN32 */ diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 4992e086..364f0869 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -994,10 +994,16 @@ namespace VeraCrypt Device::Device (wstring path, bool readOnly) { - FileOpen = false; - Elevated = false; + wstring effectivePath; + FileOpen = false; + Elevated = false; + + if (path.find(L"\\\\?\\") == 0) + effectivePath = path; + else + effectivePath = wstring (L"\\\\.\\") + path; - Handle = CreateFile ((wstring (L"\\\\.\\") + path).c_str(), + Handle = CreateFile (effectivePath.c_str(), readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_RANDOM_ACCESS | FILE_FLAG_WRITE_THROUGH, NULL); @@ -1978,8 +1984,7 @@ namespace VeraCrypt } else { - finally_do ({ EfiBootInst.DismountBootPartition(); }); - EfiBootInst.MountBootPartition(0); + EfiBootInst.PrepareBootPartition(); if (! (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)) pim = -1; @@ -2492,8 +2497,6 @@ namespace VeraCrypt } EfiBoot::EfiBoot() { - ZeroMemory(EfiBootPartPath, sizeof(EfiBootPartPath)); - ZeroMemory (BootVolumePath, sizeof (BootVolumePath)); ZeroMemory (&sdn, sizeof (sdn)); ZeroMemory (&partInfo, sizeof (partInfo)); m_bMounted = false; @@ -2521,34 +2524,21 @@ namespace VeraCrypt } PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf; - memcpy (BootVolumePath, pStr->Buffer, min (pStr->Length, (sizeof (BootVolumePath) - 2))); - bBootVolumePathSelected = true; - } + BootVolumePath = pStr->Buffer; + + EfiBootPartPath = L"\\\\?"; + EfiBootPartPath += &pStr->Buffer[7]; - void EfiBoot::SelectBootVolume(WCHAR* bootVolumePath) { - wstring str; - str = bootVolumePath; - memcpy (BootVolumePath, &str[0], min (str.length() * 2, (sizeof (BootVolumePath) - 2))); bBootVolumePathSelected = true; } - void EfiBoot::MountBootPartition(WCHAR letter) { + void EfiBoot::PrepareBootPartition() { if (!bBootVolumePathSelected) { SelectBootVolumeESP(); } - - if (!letter) { - if (!GetFreeDriveLetter(&EfiBootPartPath[0])) { - throw ErrorException(L"No free letter to mount EFI boot partition", SRC_POS); - } - } else { - EfiBootPartPath[0] = letter; - } - EfiBootPartPath[1] = ':'; - EfiBootPartPath[2] = 0; - throw_sys_if(!DefineDosDevice(DDD_RAW_TARGET_PATH, EfiBootPartPath, BootVolumePath)); - - Device dev(EfiBootPartPath, TRUE); + std::wstring devicePath = L"\\\\?\\GLOBALROOT"; + devicePath += BootVolumePath; + Device dev(devicePath.c_str(), TRUE); try { @@ -2556,7 +2546,6 @@ namespace VeraCrypt } catch (...) { - DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL); throw; } @@ -2566,20 +2555,9 @@ namespace VeraCrypt dev.Close(); if (!bSuccess) { - DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL); SetLastError (dwLastError); throw SystemException(SRC_POS); - } - - m_bMounted = true; - } - - void EfiBoot::DismountBootPartition() { - if (m_bMounted) - { - DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL); - m_bMounted = false; - } + } } bool EfiBoot::IsEfiBoot() { @@ -3085,8 +3063,7 @@ namespace VeraCrypt if (!DcsInfoImg) throw ErrorException(L"Out of resource DcsInfo", SRC_POS); - finally_do ({ EfiBootInst.DismountBootPartition(); }); - EfiBootInst.MountBootPartition(0); + EfiBootInst.PrepareBootPartition(); try { @@ -4110,9 +4087,7 @@ namespace VeraCrypt const char* g_szMsBootString = "bootmgfw.pdb"; bool bModifiedMsBoot = true; - finally_do ({ EfiBootInst.DismountBootPartition(); }); - - EfiBootInst.MountBootPartition(0); + EfiBootInst.PrepareBootPartition(); EfiBootInst.GetFileSize(szStdMsBootloader, loaderSize); bootLoaderBuf.resize ((size_t) loaderSize); @@ -4233,9 +4208,7 @@ namespace VeraCrypt } } - finally_do ({ EfiBootInst.DismountBootPartition(); }); - - EfiBootInst.MountBootPartition(0); + EfiBootInst.PrepareBootPartition(); EfiBootInst.DeleteStartExec(); EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed @@ -4735,8 +4708,7 @@ namespace VeraCrypt } else { - finally_do ({ EfiBootInst.DismountBootPartition(); }); - EfiBootInst.MountBootPartition(0); + EfiBootInst.PrepareBootPartition(); memcpy (pSdn, EfiBootInst.GetStorageDeviceNumber(), sizeof (STORAGE_DEVICE_NUMBER)); } } diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index 58cdd2e0..ea0e728c 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -199,8 +199,7 @@ namespace VeraCrypt public: EfiBoot(); - void MountBootPartition(WCHAR letter); - void DismountBootPartition(); + void PrepareBootPartition(); bool IsEfiBoot(); void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL); @@ -219,17 +218,16 @@ namespace VeraCrypt BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg); BOOL DelDir(const wchar_t* name); void SelectBootVolumeESP(); - void SelectBootVolume(WCHAR* bootVolumePath); PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;} protected: bool m_bMounted; - WCHAR EfiBootPartPath[3]; + std::wstring EfiBootPartPath; STORAGE_DEVICE_NUMBER sdn; PARTITION_INFORMATION_EX partInfo; WCHAR tempBuf[1024]; bool bBootVolumePathSelected; - WCHAR BootVolumePath[MAX_PATH]; + std::wstring BootVolumePath; }; class BootEncryption diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 5fc4ce7d..b2700e6d 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1429,6 +1429,8 @@ WARNING: Defragmenting non-system partitions/drives may leak metadata about their content or cause issues with hidden volumes they may contain.\n\nContinue? Virtual Device The selected mounted volume is not associated with its drive letter in Windows and so it can not be opened in Windows Explorer. + Clear encryption keys from memory if a new device is inserted + IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 47b2f8a5..282112fc 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -4346,6 +4346,13 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM) BlockSystemTrimCommand = TRUE; + + /* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION if it is set */ + if (flags & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION) + { + flags ^= VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION; + WriteRegistryConfigFlags (flags); + } } EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE); diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 574c3556..473372e1 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -51,6 +51,8 @@ #include "../Setup/SelfExtract.h" #include +#include +#include #import no_auto_exclude @@ -9296,6 +9298,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) static SERVICE_STATUS SystemFavoritesServiceStatus; static SERVICE_STATUS_HANDLE SystemFavoritesServiceStatusHandle; +static HANDLE SystemFavoriteServiceStopEvent = NULL; +static HDEVNOTIFY SystemFavoriteServiceNotify = NULL; + +DEFINE_GUID(OCL_GUID_DEVCLASS_SOFTWARECOMPONENT, 0x5c4c3332, 0x344d, 0x483c, 0x87, 0x39, 0x25, 0x9e, 0x93, 0x4c, 0x9c, 0xc8); static void SystemFavoritesServiceLogMessage (const wstring &errorMessage, WORD wType) { @@ -9336,12 +9342,84 @@ static void SystemFavoritesServiceSetStatus (DWORD status, DWORD waitHint = 0) } -static VOID WINAPI SystemFavoritesServiceCtrlHandler (DWORD control) +static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl, + DWORD dwEventType, + LPVOID lpEventData, + LPVOID lpContext) { - if (control == SERVICE_CONTROL_STOP) + switch (dwControl) + { + case SERVICE_CONTROL_PRESHUTDOWN: SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING); - else + + if (BootEncObj) + { + try + { + BootEncryption::UpdateSetupConfigFile (true); + // re-install our bootloader again in case the update process has removed it. + BootEncryption bootEnc (NULL, true); + bootEnc.InstallBootLoader (true); + } + catch (...) + { + } + } + + /* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */ + SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, FALSE); + + SetEvent (SystemFavoriteServiceStopEvent); + SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING); + + break; + case SERVICE_CONTROL_STOP: + SetEvent (SystemFavoriteServiceStopEvent); + SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING); + break; + case SERVICE_CONTROL_DEVICEEVENT: + if (DBT_DEVICEARRIVAL == dwEventType) + { + DEV_BROADCAST_HDR* pHdr = (DEV_BROADCAST_HDR *) lpEventData; + if (pHdr->dbch_devicetype != DBT_DEVTYP_VOLUME && pHdr->dbch_devicetype != DBT_DEVTYP_HANDLE) + { + SystemFavoritesServiceLogInfo (L"SERVICE_CONTROL_DEVICEEVENT - DBT_DEVICEARRIVAL received"); + + if (ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION) + { + BOOL bClearKeys = TRUE; + if (pHdr->dbch_devicetype == DBT_DEVTYP_DEVICEINTERFACE) + { + DEV_BROADCAST_DEVICEINTERFACE* pInf = (DEV_BROADCAST_DEVICEINTERFACE*) pHdr; + + if (IsEqualGUID (pInf->dbcc_classguid, OCL_GUID_DEVCLASS_SOFTWARECOMPONENT) + || IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUME) + || IsEqualGUID (pInf->dbcc_classguid, GUID_DEVCLASS_VOLUMESNAPSHOT) + ) + { + bClearKeys = FALSE; + } + } + + if (bClearKeys) + { + DWORD cbBytesReturned = 0; + BOOL bResult = DeviceIoControl (hDriver, VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS, NULL, 0, NULL, 0, &cbBytesReturned, NULL); + if (bResult) + SystemFavoritesServiceLogInfo (L"New device insertion detected - encryption keys cleared"); + else + SystemFavoritesServiceLogInfo (L"New device insertion detected - failed to clear encryption keys"); + } + } + } + } + break; + default: SystemFavoritesServiceSetStatus (SystemFavoritesServiceStatus.dwCurrentState); + break; + } + + return NO_ERROR; } static LONG WINAPI SystemFavoritesServiceExceptionHandler (EXCEPTION_POINTERS *ep) @@ -9363,13 +9441,27 @@ static void SystemFavoritesServiceInvalidParameterHandler (const wchar_t *expres static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv) { BOOL status = FALSE; + DEV_BROADCAST_DEVICEINTERFACE hdr; memset (&SystemFavoritesServiceStatus, 0, sizeof (SystemFavoritesServiceStatus)); SystemFavoritesServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS; + SystemFavoritesServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP; + if (IsOSAtLeast (WIN_VISTA) && BootEncObj && BootEncStatus.DriveMounted && BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT) + SystemFavoritesServiceStatus.dwControlsAccepted |= SERVICE_ACCEPT_PRESHUTDOWN; + + ZeroMemory (&hdr, sizeof(hdr)); + hdr.dbcc_size = sizeof (hdr); + hdr.dbcc_devicetype = DBT_DEVTYP_DEVICEINTERFACE; - SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandler (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler); + SystemFavoritesServiceStatusHandle = RegisterServiceCtrlHandlerEx (TC_SYSTEM_FAVORITES_SERVICE_NAME, SystemFavoritesServiceCtrlHandler, NULL); if (!SystemFavoritesServiceStatusHandle) return; + SystemFavoriteServiceStopEvent = CreateEvent (NULL, FALSE, FALSE, NULL); + if (!SystemFavoriteServiceStopEvent) + return; + + SystemFavoriteServiceNotify = RegisterDeviceNotification (SystemFavoritesServiceStatusHandle, &hdr,DEVICE_NOTIFY_SERVICE_HANDLE | DEVICE_NOTIFY_ALL_INTERFACE_CLASSES); + InitGlobalLocks (); SetUnhandledExceptionFilter (SystemFavoritesServiceExceptionHandler); @@ -9400,7 +9492,22 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv) FinalizeGlobalLocks (); + if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)) + WipeCache (NULL, TRUE); + SystemFavoritesServiceSetStatus (SERVICE_RUNNING); + + WaitForSingleObject (SystemFavoriteServiceStopEvent, INFINITE); + + if (SystemFavoriteServiceNotify) + { + UnregisterDeviceNotification (SystemFavoriteServiceNotify); + SystemFavoriteServiceNotify = NULL; + } + + CloseHandle (SystemFavoriteServiceStopEvent); + SystemFavoriteServiceStopEvent = NULL; + SystemFavoritesServiceSetStatus (SERVICE_STOPPED); } @@ -9419,6 +9526,16 @@ static BOOL StartSystemFavoritesService () if (DriverAttach() != ERR_SUCCESS) return FALSE; + try + { + BootEncObj = new BootEncryption (NULL); + BootEncStatus = BootEncObj->GetStatus(); + } + catch (Exception &) + { + BootEncStatus.DriveMounted = FALSE; + } + SERVICE_TABLE_ENTRY serviceTable[2]; serviceTable[0].lpServiceName = TC_SYSTEM_FAVORITES_SERVICE_NAME; serviceTable[0].lpServiceProc = SystemFavoritesServiceMain; @@ -9428,8 +9545,11 @@ static BOOL StartSystemFavoritesService () BOOL result = StartServiceCtrlDispatcher (serviceTable); - if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)) - WipeCache (NULL, TRUE); + if (BootEncObj != NULL) + { + delete BootEncObj; + BootEncObj = NULL; + } return result; } @@ -10919,7 +11039,8 @@ error: void SetDriverConfigurationFlag (uint32 flag, BOOL state) { - BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false); + if (BootEncObj) + BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false); } @@ -11380,6 +11501,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE; BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE; BOOL bBlockSysEncTrimEnabled = (driverConfig & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)? TRUE : FALSE; + BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE; BOOL bIsHiddenOS = IsHiddenOSRunning (); if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion)) @@ -11422,6 +11544,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED); EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED); + CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled? BST_CHECKED : BST_UNCHECKED); + if (bIsHiddenOS) { // we always block TRIM command on hidden OS regardless of the configuration @@ -11542,10 +11666,12 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD); BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM); BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM); + BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION); BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION)); + SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled); if (!IsHiddenOSRunning ()) /* we don't need to update TRIM config for hidden OS since it's always blocked */ SetDriverConfigurationFlag (VC_DRIVER_CONFIG_BLOCK_SYS_TRIM, bBlockSysEncTrimEnabled); } @@ -11588,6 +11714,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), FALSE); } + break; + + case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION: + if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)) + { + Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg); + } + break; } return 0; diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index 3011b5d9..4a7fe101 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -285,7 +285,7 @@ BEGIN LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65 END -IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 182 +IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 194 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - System Encryption Settings" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -295,18 +295,20 @@ BEGIN "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9 - GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,61 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,75 CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,339,10 CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,16,83,340,10 CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,98,340,10 - GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,116,355,36 - PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,129,173,14 - PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,129,173,14 - PUSHBUTTON "Cancel",IDCANCEL,313,158,50,14 - DEFPUSHBUTTON "OK",IDOK,255,158,50,14 + GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,131,355,36 + PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,144,173,14 + PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,144,173,14 + PUSHBUTTON "Cancel",IDCANCEL,313,170,50,14 + DEFPUSHBUTTON "OK",IDOK,255,170,50,14 + CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10 END IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 265 @@ -393,7 +395,7 @@ BEGIN CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10 END -IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 297 +IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 310 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - System Encryption Settings" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -413,12 +415,14 @@ BEGIN "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10 CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,251,340,10 - PUSHBUTTON "Cancel",IDCANCEL,314,273,50,14 - DEFPUSHBUTTON "OK",IDOK,257,273,50,14 + PUSHBUTTON "Cancel",IDCANCEL,314,286,50,14 + DEFPUSHBUTTON "OK",IDOK,257,286,50,14 LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,39,337,8 GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,9,7,355,165 - GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,92 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,105 LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,72,337,73 + CONTROL "Clear encryption keys from memory if a new device is inserted",IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,265,340,10 END ///////////////////////////////////////////////////////////////////////////// @@ -494,7 +498,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 368 TOPMARGIN, 7 - BOTTOMMARGIN, 172 + BOTTOMMARGIN, 184 END IDD_PERFORMANCE_SETTINGS, DIALOG @@ -526,7 +530,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 364 TOPMARGIN, 7 - BOTTOMMARGIN, 287 + BOTTOMMARGIN, 300 END END #endif // APSTUDIO_INVOKED diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h index 48451638..0eaf357a 100644 --- a/src/Mount/Resource.h +++ b/src/Mount/Resource.h @@ -191,6 +191,7 @@ #define IDC_BLOCK_SYSENC_TRIM 1168 #define IDC_ALLOW_WINDOWS_DEFRAG 1169 #define IDC_LOWER_BOX 1170 +#define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171 #define IDM_HELP 40001 #define IDM_ABOUT 40002 #define IDM_UNMOUNT_VOLUME 40003 @@ -267,7 +268,7 @@ #define _APS_NO_MFC 1 #define _APS_NEXT_RESOURCE_VALUE 120 #define _APS_NEXT_COMMAND_VALUE 40069 -#define _APS_NEXT_CONTROL_VALUE 1171 +#define _APS_NEXT_CONTROL_VALUE 1172 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif -- cgit v1.2.3