Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-12 03:18:26 -06:00
Code Activity

Windows: Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.

Browse Source
This commit is contained in:
Mounir IDRASSI
2016-04-20 00:30:28 +02:00
parent bd9105794b
commit 1396269d57
14 changed files with 186 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Mount/Mount.c
View File

@@ -10359,9 +10359,11 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
try
{
VOLUME_PROPERTIES_STRUCT prop;
try
{
BootEncStatus = BootEncObj->GetStatus();
BootEncObj->GetVolumeProperties (&prop);
}
catch (...)
{
@@ -10384,7 +10386,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION;
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
}
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW);
@@ -10724,6 +10726,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
@@ -10752,12 +10755,25 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDOK:
{
VOLUME_PROPERTIES_STRUCT prop;
if (!BootEncObj->GetStatus().DriveMounted)
{
EndDialog (hwndDlg, IDCANCEL);
return 1;
}
try
{
BootEncObj->GetVolumeProperties (&prop);
}
catch (Exception &e)
{
e.Show (hwndDlg);
EndDialog (hwndDlg, IDCANCEL);
return 1;
}
char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1];
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
@@ -10772,6 +10788,11 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
else
@@ -10786,7 +10807,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
@@ -10801,6 +10822,13 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
case IDC_DISABLE_BOOT_LOADER_PIM_PROMPT:
if ((IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT))
&& AskWarnYesNo ("DISABLE_BOOT_LOADER_PIM_PROMPT", hwndDlg) == IDNO)
{
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, BST_UNCHECKED);
}
case IDC_DISABLE_BOOT_LOADER_OUTPUT:
if ((IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
&& AskWarnYesNo ("CUSTOM_BOOT_LOADER_MESSAGE_PROMPT", hwndDlg) == IDNO)

30
src/Mount/Mount.rc
View File

@@ -281,28 +281,30 @@ BEGIN
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 272
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,22,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,52,216,14,ES_AUTOHSCROLL
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,178,339,10
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,208,340,10
DEFPUSHBUTTON "OK",IDOK,257,244,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,244,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,41,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,150
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,163,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,74,337,73
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
DEFPUSHBUTTON "OK",IDOK,257,262,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,223,340,10
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,193,340,10
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
END
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248
@@ -456,7 +458,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 363
TOPMARGIN, 7
BOTTOMMARGIN, 258
BOTTOMMARGIN, 276
END
IDD_PERFORMANCE_SETTINGS, DIALOG

3
src/Mount/Resource.h
View File

@@ -179,6 +179,7 @@
#define IDT_VOLUME_ID 1157
#define IDC_FAVORITE_VOLUME_ID 1158
#define IDC_FAVORITE_USE_VOLUME_ID 1159
#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -255,7 +256,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 119
#define _APS_NEXT_COMMAND_VALUE 40069
#define _APS_NEXT_CONTROL_VALUE 1160
#define _APS_NEXT_CONTROL_VALUE 1161
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif