From 7c2cf7889f96292d037c21c680b641f70a4d390f Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 9 Jan 2019 00:15:51 +0100 Subject: Windows Driver: erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks --- src/Driver/DriveFilter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/Driver') diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index bb7083ce..2daf1f52 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -917,8 +917,9 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES); } -#if 0 // Dismount of the system drive is disabled until there is a way to do it without causing system errors (see the documentation for more info) + // Dismount the system drive on shutdown on Windows 7 and later if (DriverShuttingDown + && IsOSAtLeast (WIN_7) && Extension->BootDrive && Extension->DriveMounted && irpSp->MinorFunction == IRP_MN_SET_POWER @@ -926,7 +927,6 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte { DismountDrive (Extension, TRUE); } -#endif // 0 PoStartNextPowerIrp (Irp); -- cgit v1.2.3