From c51a209879107a0331c293087122e1c6e884b32d Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 6 Feb 2022 09:34:32 +0100
Subject: Windows: Add registry setting to disable erasing encryption keys on
 Windows shutdown/reboot. This helps solve BSOD during shutdown/reboot on some
 machines.

Under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt", create a REG_DWORD value named "VeraCryptEraseKeysShutdown" and set its value to 0.
---
 src/Driver/Ntdriver.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/Driver/Ntdriver.c')

diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 6f068a8f..e70c0463 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -135,6 +135,7 @@ BOOL CacheBootPim = FALSE;
 BOOL NonAdminSystemFavoritesAccessDisabled = FALSE;
 BOOL BlockSystemTrimCommand = FALSE;
 BOOL AllowWindowsDefrag = FALSE;
+BOOL EraseKeysOnShutdown = TRUE; // by default, we erase encryption keys on system shutdown
 static size_t EncryptionThreadPoolFreeCpuCountLimit = 0;
 static BOOL SystemFavoriteVolumeDirty = FALSE;
 static BOOL PagingFileCreationPrevented = FALSE;
@@ -4856,6 +4857,19 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
 		
 	}
 
+	if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ERASE_KEYS_SHUTDOWN, &data)))
+	{
+		if (data->Type == REG_DWORD)
+		{
+			if (*((uint32 *) data->Data))
+				EraseKeysOnShutdown = TRUE;
+			else
+				EraseKeysOnShutdown = FALSE;
+		}
+
+		TCfree (data);
+	}
+
 
 	return status;
 }
-- 
cgit v1.2.3