mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 11:08:02 -06:00
Windows: Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
This commit is contained in:
Mounir IDRASSI
@@ -17,7 +17,7 @@
|
||||
#include "BootDefs.h"
|
||||
|
||||
// The user will be advised to upgrade the rescue disk if upgrading from the following or any previous version
|
||||
#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0116
|
||||
#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0117
|
||||
|
||||
#define TC_BOOT_LOADER_AREA_SIZE (TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS)
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ Partition EncryptedVirtualPartition;
|
||||
Partition ActivePartition;
|
||||
Partition PartitionFollowingActive;
|
||||
bool ExtraBootPartitionPresent = false;
|
||||
uint64 HiddenVolumeStartUnitNo;
|
||||
uint64 PimValueOrHiddenVolumeStartUnitNo; // reuse this variable for stored PIM value to reduce memory usage
|
||||
uint64 HiddenVolumeStartSector;
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT_RESCUE_DISK_MODE
|
||||
@@ -68,6 +68,14 @@ void ReadBootSectorUserConfiguration ()
|
||||
DisableScreenOutput();
|
||||
}
|
||||
|
||||
if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
|
||||
{
|
||||
PimValueOrHiddenVolumeStartUnitNo.LowPart = 0;
|
||||
memcpy (&PimValueOrHiddenVolumeStartUnitNo.LowPart, SectorBuffer + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
|
||||
}
|
||||
else
|
||||
PimValueOrHiddenVolumeStartUnitNo.LowPart = -1;
|
||||
|
||||
OuterVolumeBackupHeaderCrc = *(uint32 *) (SectorBuffer + TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET);
|
||||
|
||||
ret:
|
||||
|
||||
@@ -36,7 +36,7 @@ extern Partition EncryptedVirtualPartition;
|
||||
extern Partition ActivePartition;
|
||||
extern Partition PartitionFollowingActive;
|
||||
extern bool ExtraBootPartitionPresent;
|
||||
extern uint64 HiddenVolumeStartUnitNo;
|
||||
extern uint64 PimValueOrHiddenVolumeStartUnitNo; // reuse this variable for stored PIM value to reduce memory usage
|
||||
extern uint64 HiddenVolumeStartSector;
|
||||
|
||||
|
||||
|
||||
@@ -74,6 +74,9 @@
|
||||
#define TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE 4
|
||||
#define TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET (TC__BOOT_SECTOR_USER_MESSAGE_OFFSET - TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE)
|
||||
|
||||
#define TC__BOOT_SECTOR_PIM_VALUE_SIZE 2
|
||||
#define TC__BOOT_SECTOR_PIM_VALUE_OFFSET (TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET - TC__BOOT_SECTOR_PIM_VALUE_SIZE)
|
||||
|
||||
#define TC__BOOT_LOADER_DECOMPRESSOR_START_SECTOR 2
|
||||
#define TC__BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT 4
|
||||
#define TC__BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE 32768
|
||||
@@ -100,6 +103,7 @@
|
||||
#define TC__BOOT_USER_CFG_FLAG_SILENT_MODE TC_HEX (01)
|
||||
#define TC__BOOT_USER_CFG_FLAG_DISABLE_ESC TC_HEX (02)
|
||||
#define TC__BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION TC_HEX (04)
|
||||
#define TC__BOOT_USER_CFG_FLAG_DISABLE_PIM TC_HEX (08)
|
||||
|
||||
// The following items are treated as a 2-bit value (apply TC_BOOT_CFG_MASK_HIDDEN_OS_CREATION_PHASE to obtain the value)
|
||||
#define TC__HIDDEN_OS_CREATION_PHASE_NONE 0
|
||||
@@ -163,6 +167,8 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED
|
||||
#define TC_BOOT_SECTOR_USER_MESSAGE_OFFSET TC__BOOT_SECTOR_USER_MESSAGE_OFFSET
|
||||
#define TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE
|
||||
#define TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET TC__BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET
|
||||
#define TC_BOOT_SECTOR_PIM_VALUE_SIZE TC__BOOT_SECTOR_PIM_VALUE_SIZE
|
||||
#define TC_BOOT_SECTOR_PIM_VALUE_OFFSET TC__BOOT_SECTOR_PIM_VALUE_OFFSET
|
||||
#define TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH TC__BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH
|
||||
#define TC_BOOT_SECTOR_VERSION_OFFSET TC__BOOT_SECTOR_VERSION_OFFSET
|
||||
#define TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET TC__BOOT_SECTOR_LOADER_LENGTH_OFFSET
|
||||
@@ -186,6 +192,7 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED
|
||||
#define TC_BOOT_USER_CFG_FLAG_SILENT_MODE TC__BOOT_USER_CFG_FLAG_SILENT_MODE
|
||||
#define TC_BOOT_USER_CFG_FLAG_DISABLE_ESC TC__BOOT_USER_CFG_FLAG_DISABLE_ESC
|
||||
#define TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION TC__BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION
|
||||
#define TC_BOOT_USER_CFG_FLAG_DISABLE_PIM TC__BOOT_USER_CFG_FLAG_DISABLE_PIM
|
||||
#define TC_HIDDEN_OS_CREATION_PHASE_NONE TC__HIDDEN_OS_CREATION_PHASE_NONE
|
||||
#define TC_HIDDEN_OS_CREATION_PHASE_CLONING TC__HIDDEN_OS_CREATION_PHASE_CLONING
|
||||
#define TC_HIDDEN_OS_CREATION_PHASE_WIPING TC__HIDDEN_OS_CREATION_PHASE_WIPING
|
||||
|
||||
@@ -48,7 +48,7 @@ BiosResult ReadEncryptedSectors (uint16 destSegment, uint16 destOffset, byte dri
|
||||
{
|
||||
// Convert sector number to data unit number of the hidden volume
|
||||
sector -= HiddenVolumeStartSector;
|
||||
sector += HiddenVolumeStartUnitNo;
|
||||
sector += PimValueOrHiddenVolumeStartUnitNo;
|
||||
}
|
||||
|
||||
if (drive == EncryptedVirtualPartition.Drive)
|
||||
@@ -96,7 +96,7 @@ BiosResult WriteEncryptedSectors (uint16 sourceSegment, uint16 sourceOffset, byt
|
||||
writeOffset = HiddenVolumeStartSector;
|
||||
writeOffset -= EncryptedVirtualPartition.StartSector;
|
||||
dataUnitNo -= EncryptedVirtualPartition.StartSector;
|
||||
dataUnitNo += HiddenVolumeStartUnitNo;
|
||||
dataUnitNo += PimValueOrHiddenVolumeStartUnitNo;
|
||||
}
|
||||
|
||||
while (sectorCount-- > 0)
|
||||
|
||||
@@ -231,71 +231,83 @@ static byte AskPassword (Password &password, int& pim)
|
||||
PrintCharAtCursor (asciiCode);
|
||||
}
|
||||
|
||||
pos = 0;
|
||||
Print ("PIM: ");
|
||||
|
||||
while (true)
|
||||
#ifndef TC_WINDOWS_BOOT_RESCUE_DISK_MODE
|
||||
if (PimValueOrHiddenVolumeStartUnitNo.LowPart != -1)
|
||||
{
|
||||
asciiCode = GetKeyboardChar (&scanCode);
|
||||
pim = (int) PimValueOrHiddenVolumeStartUnitNo.LowPart;
|
||||
// reset stored PIM value to allow requesting PIM next time in case the stored value is wrong
|
||||
PimValueOrHiddenVolumeStartUnitNo.LowPart = -1;
|
||||
return TC_BIOS_KEY_ENTER;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
pos = 0;
|
||||
Print ("PIM: ");
|
||||
|
||||
switch (scanCode)
|
||||
while (true)
|
||||
{
|
||||
case TC_BIOS_KEY_ENTER:
|
||||
Print ("\rPIM: ");
|
||||
pos =0;
|
||||
while (pos < MAX_PIM)
|
||||
asciiCode = GetKeyboardChar (&scanCode);
|
||||
|
||||
switch (scanCode)
|
||||
{
|
||||
PrintChar ('*');
|
||||
pos++;
|
||||
}
|
||||
case TC_BIOS_KEY_ENTER:
|
||||
Print ("\rPIM: ");
|
||||
pos =0;
|
||||
while (pos < MAX_PIM)
|
||||
{
|
||||
PrintChar ('*');
|
||||
pos++;
|
||||
}
|
||||
|
||||
ClearBiosKeystrokeBuffer();
|
||||
PrintEndl();
|
||||
|
||||
return TC_BIOS_KEY_ENTER;
|
||||
|
||||
case TC_BIOS_KEY_BACKSPACE:
|
||||
if (pos > 0)
|
||||
{
|
||||
if (pos < MAX_PIM)
|
||||
PrintBackspace();
|
||||
else
|
||||
PrintCharAtCursor (' ');
|
||||
|
||||
--pos;
|
||||
pim /= 10;
|
||||
}
|
||||
continue;
|
||||
|
||||
case TC_BIOS_KEY_F5:
|
||||
hidePassword ^= 0x01;
|
||||
continue;
|
||||
|
||||
default:
|
||||
if (scanCode == TC_BIOS_KEY_ESC || IsMenuKey (scanCode))
|
||||
{
|
||||
burn (password.Text, sizeof (password.Text));
|
||||
ClearBiosKeystrokeBuffer();
|
||||
|
||||
PrintEndl();
|
||||
return scanCode;
|
||||
|
||||
return TC_BIOS_KEY_ENTER;
|
||||
|
||||
case TC_BIOS_KEY_BACKSPACE:
|
||||
if (pos > 0)
|
||||
{
|
||||
if (pos < MAX_PIM)
|
||||
PrintBackspace();
|
||||
else
|
||||
PrintCharAtCursor (' ');
|
||||
|
||||
--pos;
|
||||
pim /= 10;
|
||||
}
|
||||
continue;
|
||||
|
||||
case TC_BIOS_KEY_F5:
|
||||
hidePassword ^= 0x01;
|
||||
continue;
|
||||
|
||||
default:
|
||||
if (scanCode == TC_BIOS_KEY_ESC || IsMenuKey (scanCode))
|
||||
{
|
||||
burn (password.Text, sizeof (password.Text));
|
||||
ClearBiosKeystrokeBuffer();
|
||||
|
||||
PrintEndl();
|
||||
return scanCode;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!IsDigit (asciiCode) || pos == MAX_PIM)
|
||||
{
|
||||
Beep();
|
||||
continue;
|
||||
}
|
||||
if (!IsDigit (asciiCode) || pos == MAX_PIM)
|
||||
{
|
||||
Beep();
|
||||
continue;
|
||||
}
|
||||
|
||||
pim = 10*pim + (asciiCode - '0');
|
||||
pos++;
|
||||
|
||||
if (hidePassword) asciiCode = '*';
|
||||
if (pos < MAX_PIM)
|
||||
PrintChar (asciiCode);
|
||||
else
|
||||
PrintCharAtCursor (asciiCode);
|
||||
pim = 10*pim + (asciiCode - '0');
|
||||
pos++;
|
||||
|
||||
if (hidePassword) asciiCode = '*';
|
||||
if (pos < MAX_PIM)
|
||||
PrintChar (asciiCode);
|
||||
else
|
||||
PrintCharAtCursor (asciiCode);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -468,7 +480,7 @@ static bool MountVolume (byte drive, byte &exitKey, bool skipNormal, bool skipHi
|
||||
|
||||
EncryptedVirtualPartition.StartSector = BootCryptoInfo->EncryptedAreaStart >> TC_LB_SIZE_BIT_SHIFT_DIVISOR;
|
||||
|
||||
HiddenVolumeStartUnitNo = EncryptedVirtualPartition.StartSector;
|
||||
PimValueOrHiddenVolumeStartUnitNo = EncryptedVirtualPartition.StartSector;
|
||||
HiddenVolumeStartSector = PartitionFollowingActive.StartSector;
|
||||
HiddenVolumeStartSector += EncryptedVirtualPartition.StartSector;
|
||||
|
||||
@@ -749,7 +761,7 @@ static bool CopySystemPartitionToHiddenVolume (byte drive, byte &exitKey)
|
||||
{
|
||||
CopyMemory (TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, SectorBuffer, TC_LB_SIZE);
|
||||
|
||||
uint64 s = HiddenVolumeStartUnitNo + sectorOffset + i;
|
||||
uint64 s = PimValueOrHiddenVolumeStartUnitNo + sectorOffset + i;
|
||||
EncryptDataUnits (SectorBuffer, &s, 1, BootCryptoInfo);
|
||||
|
||||
CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, TC_LB_SIZE);
|
||||
|
||||
Reference in New Issue
Block a user