From 9a6fc789eb2ee9213c9373146a3efa708300de87 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 7 Oct 2015 04:35:03 +0200 Subject: Windows: Add option to disable detection of "Evil Maid" attacks. This is helpful for users who have software running the modifies the bootloader, like FLEXnet. --- src/Mount/Mount.c | 10 ++++++++-- src/Mount/Mount.rc | 13 ++++++++----- src/Mount/Resource.h | 3 ++- 3 files changed, 18 insertions(+), 8 deletions(-) (limited to 'src/Mount') diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index ddf03faf..30be6f0d 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -6206,18 +6206,22 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { if (IsHiddenOSRunning()) { + uint32 driverConfig = ReadDriverConfigurationFlags(); if (BootEncObj->GetInstalledBootLoaderVersion() != VERSION_NUM) Warning ("UPDATE_TC_IN_HIDDEN_OS_TOO", hwndDlg); - if (!BootEncObj->CheckBootloaderFingerprint ()) + if ( !(driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) + && !BootEncObj->CheckBootloaderFingerprint ()) Warning ("BOOT_LOADER_FINGERPRINT_CHECK_FAILED", hwndDlg); } else if (SysDriveOrPartitionFullyEncrypted (TRUE)) { + uint32 driverConfig = ReadDriverConfigurationFlags(); if (BootEncObj->GetInstalledBootLoaderVersion() != VERSION_NUM) { Warning ("BOOT_LOADER_VERSION_DIFFERENT_FROM_DRIVER_VERSION", hwndDlg); } - if (!BootEncObj->CheckBootloaderFingerprint ()) + if ( !(driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) + && !BootEncObj->CheckBootloaderFingerprint ()) Warning ("BOOT_LOADER_FINGERPRINT_CHECK_FAILED", hwndDlg); } } @@ -10424,6 +10428,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED); CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD) ? BST_CHECKED : BST_UNCHECKED); + CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED); SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP")); } @@ -10480,6 +10485,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA { BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD)); + SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION)); } catch (Exception &e) { diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index b7c77180..8f44c4a2 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -275,7 +275,7 @@ BEGIN LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65 END -IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 242 +IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 261 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - System Encryption Settings" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -287,12 +287,14 @@ BEGIN "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,178,339,10 CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,193,340,10 - DEFPUSHBUTTON "OK",IDOK,257,220,50,14 - PUSHBUTTON "Cancel",IDCANCEL,313,220,50,14 + DEFPUSHBUTTON "OK",IDOK,257,233,50,14 + PUSHBUTTON "Cancel",IDCANCEL,313,233,50,14 LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,41,337,8 GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,150 - GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,163,355,49 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,163,355,62 LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,74,337,73 + CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,208,340,10 END IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248 @@ -442,6 +444,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 363 TOPMARGIN, 7 + BOTTOMMARGIN, 247 END IDD_PERFORMANCE_SETTINGS, DIALOG @@ -588,7 +591,7 @@ BEGIN MENUITEM SEPARATOR MENUITEM "Create Rescue Disk...", IDM_CREATE_RESCUE_DISK MENUITEM "Verify Rescue Disk", IDM_VERIFY_RESCUE_DISK - MENUITEM "Verify Rescue Disk ISO Image",IDM_VERIFY_RESCUE_DISK_ISO + MENUITEM "Verify Rescue Disk ISO Image", IDM_VERIFY_RESCUE_DISK_ISO MENUITEM SEPARATOR MENUITEM "Mount Without Pre-Boot &Authentication...", IDM_MOUNT_SYSENC_PART_WITHOUT_PBA MENUITEM SEPARATOR diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h index 8301b2dc..8f718b1d 100644 --- a/src/Mount/Resource.h +++ b/src/Mount/Resource.h @@ -172,6 +172,7 @@ #define IDC_COPY_EXPANDER 1148 #define IDT_DRIVER_OPTIONS 1149 #define IDC_ENABLE_EXTENDED_IOCTL_SUPPORT 1150 +#define IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION 1151 #define IDM_HELP 40001 #define IDM_ABOUT 40002 #define IDM_UNMOUNT_VOLUME 40003 @@ -248,7 +249,7 @@ #define _APS_NO_MFC 1 #define _APS_NEXT_RESOURCE_VALUE 119 #define _APS_NEXT_COMMAND_VALUE 40069 -#define _APS_NEXT_CONTROL_VALUE 1151 +#define _APS_NEXT_CONTROL_VALUE 1152 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif -- cgit v1.2.3