From d907627f7e4844547545b9ff189208cec9eee426 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 5 Mar 2018 19:29:08 +0100 Subject: Windows: Add option to block TRIM command on system encryption SSD drives. --- Translations/Language.ar.xml | 1 + Translations/Language.be.xml | 1 + Translations/Language.bg.xml | 1 + Translations/Language.ca.xml | 1 + Translations/Language.cs.xml | 1 + Translations/Language.da.xml | 1 + Translations/Language.de.xml | 1 + Translations/Language.el.xml | 1 + Translations/Language.es.xml | 1 + Translations/Language.et.xml | 1 + Translations/Language.eu.xml | 1 + Translations/Language.fa.xml | 1 + Translations/Language.fi.xml | 1 + Translations/Language.fr.xml | 1 + Translations/Language.hu.xml | 1 + Translations/Language.id.xml | 1 + Translations/Language.it.xml | 1 + Translations/Language.ja.xml | 1 + Translations/Language.ka.xml | 1 + Translations/Language.ko.xml | 1 + Translations/Language.lv.xml | 1 + Translations/Language.my.xml | 1 + Translations/Language.nl.xml | 1 + Translations/Language.nn.xml | 1 + Translations/Language.pl.xml | 1 + Translations/Language.pt-br.xml | 1 + Translations/Language.ro.xml | 1 + Translations/Language.ru.xml | 1 + Translations/Language.sk.xml | 1 + Translations/Language.sl.xml | 1 + Translations/Language.sv.xml | 1 + Translations/Language.th.xml | 1 + Translations/Language.tr.xml | 1 + Translations/Language.uk.xml | 1 + Translations/Language.uz.xml | 1 + Translations/Language.vi.xml | 1 + Translations/Language.zh-cn.xml | 1 + Translations/Language.zh-hk.xml | 1 + Translations/Language.zh-tw.xml | 1 + src/Common/Apidrvr.h | 1 + src/Common/Language.xml | 1 + src/Driver/DriveFilter.c | 43 +++++++++++++++++++++++++++++++ src/Driver/Ntdriver.c | 4 +++ src/Driver/Ntdriver.h | 2 +- src/Mount/Mount.c | 4 +++ src/Mount/Mount.rc | 56 ++++++++++++++++++++++------------------- src/Mount/Resource.h | 3 ++- 47 files changed, 125 insertions(+), 28 deletions(-) diff --git a/Translations/Language.ar.xml b/Translations/Language.ar.xml index 06f86e51..c4b4de6b 100644 --- a/Translations/Language.ar.xml +++ b/Translations/Language.ar.xml @@ -1423,6 +1423,7 @@ خيارات متقدمة It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.be.xml b/Translations/Language.be.xml index 2ab42196..d3215707 100644 --- a/Translations/Language.be.xml +++ b/Translations/Language.be.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.bg.xml b/Translations/Language.bg.xml index 783c1d96..b3ec0771 100644 --- a/Translations/Language.bg.xml +++ b/Translations/Language.bg.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.ca.xml b/Translations/Language.ca.xml index ef376c33..b29186d4 100644 --- a/Translations/Language.ca.xml +++ b/Translations/Language.ca.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml index 769a3589..b4a6f56b 100644 --- a/Translations/Language.cs.xml +++ b/Translations/Language.cs.xml @@ -1423,6 +1423,7 @@ Pokročilé možnosti Doporučujeme vytvořit si nový záchranný disk Veracryptu (již bude obsahovat novou verzi VeraCrypt Boot Loader). Učiníte tak pomocí nabídky 'Systém' > 'Vytvořit záchranný disk'.\nChcete to provést nyní? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.da.xml b/Translations/Language.da.xml index 78889012..c29c3f6f 100644 --- a/Translations/Language.da.xml +++ b/Translations/Language.da.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.de.xml b/Translations/Language.de.xml index 26783f69..1e6b92e6 100644 --- a/Translations/Language.de.xml +++ b/Translations/Language.de.xml @@ -1423,6 +1423,7 @@ Erweiterte Optionen Es wird dringend empfohlen, dass Sie einen neuen VeraCrypt-Rettungsdatenträger (der die neue Version des VeraCrypt-Bootloaders enthalten wird) erstellen, indem Sie 'System' > 'Rettungsdatenträger erstellen' auswählen.\nMöchten Sie es jetzt erledigen? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.el.xml b/Translations/Language.el.xml index 636fb9c6..2bb46117 100644 --- a/Translations/Language.el.xml +++ b/Translations/Language.el.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml index dbfd4648..40888d30 100644 --- a/Translations/Language.es.xml +++ b/Translations/Language.es.xml @@ -1423,6 +1423,7 @@ Opciones Avanzadas Se recomienda encarecidamente que cree un nuevo Disco de Rescate de VeraCrypt (el cual tendrá la nueva versión de Cargador de Arranque de VeraCrypt) seleccionando 'Sistema' > 'Crear Disco de Rescate'.\n¿Quiere proceder a ello ahora? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.et.xml b/Translations/Language.et.xml index 01c13c35..799ed4c7 100644 --- a/Translations/Language.et.xml +++ b/Translations/Language.et.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.eu.xml b/Translations/Language.eu.xml index 75adcd5e..68a4880a 100644 --- a/Translations/Language.eu.xml +++ b/Translations/Language.eu.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.fa.xml b/Translations/Language.fa.xml index 63268044..0220d46e 100644 --- a/Translations/Language.fa.xml +++ b/Translations/Language.fa.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml index 5073b544..0dbf3298 100644 --- a/Translations/Language.fi.xml +++ b/Translations/Language.fi.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml index 65c29f79..14b57e54 100644 --- a/Translations/Language.fr.xml +++ b/Translations/Language.fr.xml @@ -1423,6 +1423,7 @@ Options Avancées It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Autoriser la commande TRIM sur les disques SSD non système + Bloquer la commande TRIM sur la partition/disque système diff --git a/Translations/Language.hu.xml b/Translations/Language.hu.xml index facf8741..e5fafb77 100644 --- a/Translations/Language.hu.xml +++ b/Translations/Language.hu.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.id.xml b/Translations/Language.id.xml index 9083d1d3..2b858321 100644 --- a/Translations/Language.id.xml +++ b/Translations/Language.id.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml index bcd31a73..e8bdec19 100644 --- a/Translations/Language.it.xml +++ b/Translations/Language.it.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml index 69ecad64..de3bb14c 100644 --- a/Translations/Language.ja.xml +++ b/Translations/Language.ja.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.ka.xml b/Translations/Language.ka.xml index 3bd740f1..f5884b3a 100644 --- a/Translations/Language.ka.xml +++ b/Translations/Language.ka.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml index bca41ccb..2601b2d6 100644 --- a/Translations/Language.ko.xml +++ b/Translations/Language.ko.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.lv.xml b/Translations/Language.lv.xml index 0133a479..43a91bc8 100644 --- a/Translations/Language.lv.xml +++ b/Translations/Language.lv.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.my.xml b/Translations/Language.my.xml index ce6c3770..8a420fa7 100644 --- a/Translations/Language.my.xml +++ b/Translations/Language.my.xml @@ -1425,6 +1425,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.nl.xml b/Translations/Language.nl.xml index d74a72c9..80bbaf15 100644 --- a/Translations/Language.nl.xml +++ b/Translations/Language.nl.xml @@ -1424,6 +1424,7 @@ Geavanceerde opties It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.nn.xml b/Translations/Language.nn.xml index de684cba..bb215ea5 100644 --- a/Translations/Language.nn.xml +++ b/Translations/Language.nn.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.pl.xml b/Translations/Language.pl.xml index 98133d42..e5e1aa0a 100644 --- a/Translations/Language.pl.xml +++ b/Translations/Language.pl.xml @@ -1423,6 +1423,7 @@ Opcje zaawansowane Zdecydowanie zaleca się utworzenie nowej płyty ratunkowej VeraCrypt (która zawierać będzie nową wersję programu rozruchowego VeraCrypt) poprzez wybranie 'System' > 'Utwórz płytę ratunkową'.\nCzy chcesz to teraz zrobić? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml index 8298c0d3..7762346b 100644 --- a/Translations/Language.pt-br.xml +++ b/Translations/Language.pt-br.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.ro.xml b/Translations/Language.ro.xml index 852a61b3..ce3e50eb 100644 --- a/Translations/Language.ro.xml +++ b/Translations/Language.ro.xml @@ -1423,6 +1423,7 @@ Opțiuni avansate Este recomandată crearea unui Disc de recuperare Veracrypt nou (ce va conține noua versiune a încărcătorului Veracrypt) selectând 'Sistem' > 'Creare disc de recuperare'.\nDoriți crearea lui acum ? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.ru.xml b/Translations/Language.ru.xml index 8c58bc6a..229ff19f 100644 --- a/Translations/Language.ru.xml +++ b/Translations/Language.ru.xml @@ -1423,6 +1423,7 @@ Расширенные настройки It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.sk.xml b/Translations/Language.sk.xml index 0c6566c4..c179ba49 100644 --- a/Translations/Language.sk.xml +++ b/Translations/Language.sk.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml index 36daa9f2..d847313d 100644 --- a/Translations/Language.sl.xml +++ b/Translations/Language.sl.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.sv.xml b/Translations/Language.sv.xml index 27e1b199..8b797ae8 100644 --- a/Translations/Language.sv.xml +++ b/Translations/Language.sv.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.th.xml b/Translations/Language.th.xml index dc2911e0..7aaafcbd 100644 --- a/Translations/Language.th.xml +++ b/Translations/Language.th.xml @@ -1424,6 +1424,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml index 86824b03..adbe1ac2 100644 --- a/Translations/Language.tr.xml +++ b/Translations/Language.tr.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.uk.xml b/Translations/Language.uk.xml index ff8ca61c..2924fa84 100644 --- a/Translations/Language.uk.xml +++ b/Translations/Language.uk.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.uz.xml b/Translations/Language.uz.xml index e9d6e7ca..45e1388b 100644 --- a/Translations/Language.uz.xml +++ b/Translations/Language.uz.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.vi.xml b/Translations/Language.vi.xml index cbd4fe87..135151a6 100644 --- a/Translations/Language.vi.xml +++ b/Translations/Language.vi.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.zh-cn.xml b/Translations/Language.zh-cn.xml index 004eca34..4d550e99 100644 --- a/Translations/Language.zh-cn.xml +++ b/Translations/Language.zh-cn.xml @@ -1423,6 +1423,7 @@ 高级选项 强烈建议您创建一个新的 VeraCrypt 修复盘 (该磁盘将包含新版本的 VeraCrypt 引导加载程序),方法是选择 '系统' > '创建修复盘'。\n您现在要创建吗? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.zh-hk.xml b/Translations/Language.zh-hk.xml index 603964a8..b7b056e9 100644 --- a/Translations/Language.zh-hk.xml +++ b/Translations/Language.zh-hk.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/Translations/Language.zh-tw.xml b/Translations/Language.zh-tw.xml index b855e8c3..925ef75e 100644 --- a/Translations/Language.zh-tw.xml +++ b/Translations/Language.zh-tw.xml @@ -1423,6 +1423,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index fda2d946..1230fc43 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -411,5 +411,6 @@ typedef struct #define TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION 0x20 #define TC_DRIVER_CONFIG_CACHE_BOOT_PIM 0x40 #define VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM 0x80 +#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100 #endif /* _WIN32 */ diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 38457c49..cf7cfa82 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1424,6 +1424,7 @@ Advanced Options It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now? Allow TRIM operation for non-system SSD partition/drive + Block TRIM command on system partition/drive diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 08bebe18..bb7083ce 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -941,6 +941,46 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte return status; } +static NTSTATUS DispatchControl (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilterExtension *Extension, PIO_STACK_LOCATION irpSp) +{ + BOOL bBlockTrim = BlockSystemTrimCommand || IsHiddenSystemRunning(); + NTSTATUS status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp); + if (!NT_SUCCESS (status)) + return TCCompleteIrp (Irp, status, 0); + + switch (irpSp->Parameters.DeviceIoControl.IoControlCode) + { + case IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES: + Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES\n"); + if (bBlockTrim) + { + PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp); + DWORD inputLength = irpSp->Parameters.DeviceIoControl.InputBufferLength; + if (inputLength >= sizeof (DEVICE_MANAGE_DATA_SET_ATTRIBUTES)) + { + PDEVICE_MANAGE_DATA_SET_ATTRIBUTES pInputAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) Irp->AssociatedIrp.SystemBuffer; + DEVICE_DATA_MANAGEMENT_SET_ACTION action = pInputAttrs->Action; + if (action == DeviceDsmAction_Trim) + { + Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_Trim.\n"); + + if (bBlockTrim) + { + Dump ("DriverFilter-DispatchControl:: TRIM command blocked.\n"); + IoReleaseRemoveLock (&Extension->Queue.RemoveLock, Irp); + return TCCompleteDiskIrp (Irp, STATUS_SUCCESS, 0); + } + } + } + } + break; + } + + status = PassIrp (Extension->LowerDeviceObject, Irp); + IoReleaseRemoveLock (&Extension->Queue.RemoveLock, Irp); + return status; +} + NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp) { @@ -970,6 +1010,9 @@ NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp) case IRP_MJ_POWER: return DispatchPower (DeviceObject, Irp, Extension, irpSp); + + case IRP_MJ_DEVICE_CONTROL: + return DispatchControl (DeviceObject, Irp, Extension, irpSp); } status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp); diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index ce2f01ce..fca2ca42 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -128,6 +128,7 @@ BOOL VolumeClassFilterRegistered = FALSE; BOOL CacheBootPassword = FALSE; BOOL CacheBootPim = FALSE; BOOL NonAdminSystemFavoritesAccessDisabled = FALSE; +BOOL BlockSystemTrimCommand = FALSE; static size_t EncryptionThreadPoolFreeCpuCountLimit = 0; static BOOL SystemFavoriteVolumeDirty = FALSE; static BOOL PagingFileCreationPrevented = FALSE; @@ -4220,6 +4221,9 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) if (flags & TC_DRIVER_CONFIG_CACHE_BOOT_PIM) CacheBootPim = TRUE; + + if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM) + BlockSystemTrimCommand = TRUE; } EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE); diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h index 50a98d03..8403f212 100644 --- a/src/Driver/Ntdriver.h +++ b/src/Driver/Ntdriver.h @@ -122,7 +122,7 @@ extern ULONG OsMinorVersion; extern BOOL VolumeClassFilterRegistered; extern BOOL CacheBootPassword; extern BOOL CacheBootPim; - +extern BOOL BlockSystemTrimCommand; /* Helper macro returning x seconds in units of 100 nanoseconds */ #define WAIT_SECONDS(x) ((x)*10000000) diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 61ce4f77..ac9ef105 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -11109,6 +11109,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA uint16 bootLoaderVersion = 0; BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE; BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE; + BOOL bBlockSysEncTrimEnabled = (driverConfig & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)? TRUE : FALSE; if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion)) { @@ -11150,6 +11151,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED); EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED); + CheckDlgButton (hwndDlg, IDC_BLOCK_SYSENC_TRIM, bBlockSysEncTrimEnabled ? BST_CHECKED : BST_UNCHECKED); } catch (Exception &e) { @@ -11261,10 +11263,12 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA { BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD); BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM); + BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM); BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION)); + SetDriverConfigurationFlag (VC_DRIVER_CONFIG_BLOCK_SYS_TRIM, bBlockSysEncTrimEnabled); } catch (Exception &e) { diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index 9024b0d6..9eae9dac 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -285,26 +285,28 @@ BEGIN LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65 END -IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 374, 165 +IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 375, 182 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - System Encryption Settings" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN - CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,339,10 - DEFPUSHBUTTON "OK",IDOK,255,141,50,14 - PUSHBUTTON "Cancel",IDCANCEL,313,141,50,14 GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,45 - GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,44 - CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, - "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,16,83,340,10 CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9 - PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,112,173,14 - PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,112,173,14 - GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,99,355,36 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,7,53,355,61 + CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,339,10 + CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, + "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,16,83,340,10 + CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,98,340,10 + GROUPBOX "Advanced Options",IDT_ADVANCED_OPTIONS,7,116,355,36 + PUSHBUTTON "Edit Boot Loader Configuration",IDC_EDIT_DCSPROP,10,129,173,14 + PUSHBUTTON "Display EFI Platform Information",IDC_SHOW_PLATFORMINFO,187,129,173,14 + PUSHBUTTON "Cancel",IDCANCEL,313,158,50,14 + DEFPUSHBUTTON "OK",IDOK,255,158,50,14 END IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 253 @@ -389,7 +391,7 @@ BEGIN CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10 END -IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286 +IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 371, 297 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - System Encryption Settings" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -397,22 +399,24 @@ BEGIN CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,50,216,14,ES_AUTOHSCROLL + CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,157,339,9 CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10 + CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, + "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10 CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10 - DEFPUSHBUTTON "OK",IDOK,257,262,50,14 - PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14 - LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,39,337,8 - GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165 - GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75 - LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,72,337,73 CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10 - CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, - "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10 - CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,157,339,9 + CONTROL "Block TRIM command on system partition/drive",IDC_BLOCK_SYSENC_TRIM, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,251,340,10 + PUSHBUTTON "Cancel",IDCANCEL,314,273,50,14 + DEFPUSHBUTTON "OK",IDOK,257,273,50,14 + LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,39,337,8 + GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,9,7,355,165 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,9,177,355,92 + LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,72,337,73 END ///////////////////////////////////////////////////////////////////////////// @@ -486,9 +490,9 @@ BEGIN IDD_EFI_SYSENC_SETTINGS, DIALOG BEGIN LEFTMARGIN, 7 - RIGHTMARGIN, 367 + RIGHTMARGIN, 368 TOPMARGIN, 7 - BOTTOMMARGIN, 155 + BOTTOMMARGIN, 172 END IDD_PERFORMANCE_SETTINGS, DIALOG @@ -518,9 +522,9 @@ BEGIN IDD_SYSENC_SETTINGS, DIALOG BEGIN LEFTMARGIN, 7 - RIGHTMARGIN, 363 + RIGHTMARGIN, 364 TOPMARGIN, 7 - BOTTOMMARGIN, 276 + BOTTOMMARGIN, 287 END END #endif // APSTUDIO_INVOKED diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h index 2cefbdad..94d57108 100644 --- a/src/Mount/Resource.h +++ b/src/Mount/Resource.h @@ -188,6 +188,7 @@ #define IDC_EDIT_DCSPROP 1165 #define IDT_ADVANCED_OPTIONS 1166 #define IDC_ALLOW_TRIM_NONSYS_SSD 1167 +#define IDC_BLOCK_SYSENC_TRIM 1168 #define IDM_HELP 40001 #define IDM_ABOUT 40002 #define IDM_UNMOUNT_VOLUME 40003 @@ -264,7 +265,7 @@ #define _APS_NO_MFC 1 #define _APS_NEXT_RESOURCE_VALUE 120 #define _APS_NEXT_COMMAND_VALUE 40069 -#define _APS_NEXT_CONTROL_VALUE 1168 +#define _APS_NEXT_CONTROL_VALUE 1169 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif -- cgit v1.2.3