From ff3cbf5672fe7599f025cf3f9f4ebe1db83a2e51 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Thu, 2 Sep 2021 00:10:43 +0200
Subject: Windows MSI: block MSI installation if System Encryption is enabled
 until we find a workaround for MSI service inability to access EFI
 environment variables (GetFirmwareEnvironmentVariable return empty values)

---
 src/SetupDLL/Setup.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/SetupDLL')

diff --git a/src/SetupDLL/Setup.c b/src/SetupDLL/Setup.c
index cc537d23..15725554 100644
--- a/src/SetupDLL/Setup.c
+++ b/src/SetupDLL/Setup.c
@@ -1511,6 +1511,11 @@ BOOL DoDriverUnload_Dll (MSIHANDLE hInstaller, HWND hwnd)
 			BootEncryption bootEnc (hwnd);
 			if (bootEnc.GetDriverServiceStartType() == SERVICE_BOOT_START)
 			{
+				MSILogAndShow(hInstaller, MSI_ERROR_LEVEL, L"VeraCrypt MSI installation is currently not compatible with Windows System Encryption");
+				bOK = FALSE;
+				goto end;
+
+				/************* TODO: find a workaround to the fact that MSI service cannot access EFI environment variable
 				try
 				{
 					// Check hidden OS update consistency
@@ -1554,6 +1559,7 @@ BOOL DoDriverUnload_Dll (MSIHANDLE hInstaller, HWND hwnd)
 					SystemEncryptionUpdate = TRUE;
 					PortableMode = FALSE;
 				}
+				*****************************************/
 			}
 		}
 		catch (...)	{ }
-- 
cgit v1.2.3