Linux/macOS: enable quick format for file containers

Allow normal file-hosted containers to use quick format in the Unix volume creation path by sizing the host file with ftruncate before backup headers are written. Enable the GUI checkbox for normal file containers and honor --quick in text mode. Update the Unix HTML documentation for the weaker deniability properties of sparse or unwritten host regions.
2026-05-21 21:30:48 -05:00 · 2026-05-21 16:17:52 +09:00
parent 1fd2fb06cd
commit 79bee911be
10 changed files with 67 additions and 12 deletions
@@ -253,7 +253,7 @@
 </tr>
 <tr>
 <td><em>--quick</em></td>
-<td>Enable quick formatting when creating a volume. This option must not be used when creating an outer volume.</td>
+<td>Enable quick formatting when creating a normal file-hosted or device-hosted volume. Do not use this option when creating an outer volume. In text mode, VeraCrypt cannot infer that a normal volume is intended to become an outer volume. For file containers, Quick Format may create sparse or unwritten host regions. Allocation behavior depends on host filesystem sparse-file support, and later writes can fail if the host filesystem runs out of space.</td>
 </tr>
 <tr>
 <td><em>--random-source=FILE</em></td>
@@ -326,7 +326,7 @@
 <h4>Hidden Volume Creation in Text Mode</h4>
 <p>Inexperienced users should use the graphical user interface to create a hidden volume. When using the text user interface, the following procedure must be followed:</p>
 <ol>
-<li>Create an outer volume with no filesystem.</li>
+<li>Create an outer volume with no filesystem and without <em>--quick</em>.</li>
 <li>Create a hidden volume within the outer volume.</li>
 <li>Mount the outer volume using hidden volume protection.</li>
 <li>Create a filesystem on the virtual device of the outer volume.</li>
@@ -56,10 +56,11 @@ Note that the output of a hash function is <em>never </em>used directly as an en
 <p>This allows you to select the encryption algorithm with which your new volume will be encrypted. Note that the encryption algorithm cannot be changed after the volume is created. For more information, please see the chapter
 <a href="Encryption%20Algorithms.html"><em>Encryption Algorithms</em></a>.</p>
 <h3 id="QuickFormat">Quick Format</h3>
+<p>If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked.</p>
 <p>If unchecked, each sector of the new volume will be formatted. This means that the new volume will be
 <em>entirely </em>filled with random data. Quick format is much faster but may be less secure because until the whole volume has been filled with files, it may be possible to tell how much data it contains (if the space was not filled with random data beforehand).
- If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked. Note that Quick Format can only be enabled when encrypting partitions/devices, except on Windows where it is also available when creating file containers.</p>
-<p>Important: When encrypting a partition/device within which you intend to create a hidden volume afterwards, leave this option unchecked.</p>
+ For file containers, the host filesystem may create sparse or unwritten regions, which can reveal unused areas and reduce plausible deniability. Host allocation behavior depends on filesystem sparse-file support. On filesystems without sparse-file support, creating the container may allocate most or all of its space immediately or fail if there is not enough host space. The encrypted filesystem may also report more free space than the host filesystem can actually provide. If host space runs out, later writes may fail or corrupt the encrypted filesystem. Quick Format is available for normal file containers and when encrypting partitions/devices.</p>
+<p>Important: When creating an outer volume within which you intend to create a hidden volume afterwards, do not use Quick Format.</p>
 <h3 id="dynamic">Dynamic</h3>
 <p>Dynamic VeraCrypt container is a pre-allocated NTFS sparse file whose physical size (actual disk space used) grows as new data is added to it. Note that the physical size of the container (actual disk space that the container uses) will not decrease when
 files are deleted on the VeraCrypt volume. The physical size of the container can only
@@ -48,6 +48,11 @@
 	<li>Translator note: the previous Linux ntfs3 preference strings were replaced by generic in-kernel NTFS driver strings and should be retranslated.</li>
 	</ul>
 </li>
+<li><strong>Linux and macOS:</strong>
+	<ul>
+	<li>Enable Quick Format for normal file containers. The container is sized with <code>ftruncate()</code>, so the host filesystem may keep regions unwritten or sparse until data is written to them.</li>
+	</ul>
+</li>
 </ul>

 <p><strong style="text-align:left">1.26.27</strong> (September 20<sup>th</sup>, 2025):</p>
@@ -253,7 +253,17 @@ namespace VeraCrypt
 				(options->Path.IsDevice() || options->Type == VolumeType::Hidden) ? File::OpenReadWrite : File::CreateReadWrite,
 				File::ShareNone);

-			HostSize = VolumeFile->Length();
+			if (!options->Path.IsDevice() && options->Type == VolumeType::Normal)
+			{
+				HostSize = options->Size;
+
+				if (options->Quick)
+					VolumeFile->SetLength (options->Size);
+			}
+			else
+			{
+				HostSize = VolumeFile->Length();
+			}
 		}

 		try
@@ -391,6 +391,7 @@ namespace VeraCrypt
 		DisplayKeyInfo (false),
 		LargeFilesSupport (false),
 		QuickFormatEnabled (false),
+		QuickFormatEnabledByWizard (false),
 		SelectedFilesystemClusterSize (0),
 		SelectedFilesystemType (VolumeCreationOptions::FilesystemType::FAT),
 		SelectedVolumeHostType (VolumeHostType::File),
@@ -446,6 +447,7 @@ namespace VeraCrypt
 				OuterVolume = false;
 				LargeFilesSupport = false;
 				QuickFormatEnabled = false;
+				QuickFormatEnabledByWizard = false;
 				Pim = 0;

 				SingleChoiceWizardPage <VolumeHostType::Enum> *page = new SingleChoiceWizardPage <VolumeHostType::Enum> (GetPageParent(), wxEmptyString, true);
@@ -595,15 +597,29 @@ namespace VeraCrypt
 			{
 				shared_ptr <VolumeLayout> layout ((OuterVolume || SelectedVolumeType != VolumeType::Hidden)? (VolumeLayout*) new VolumeLayoutV2Normal() : (VolumeLayout*) new VolumeLayoutV2Hidden());
 				uint64 filesystemSize = layout->GetMaxDataSize (VolumeSize);
+				bool hiddenVolumeItself = !OuterVolume && SelectedVolumeType == VolumeType::Hidden;
+				bool normalFileContainer = !OuterVolume && SelectedVolumeType == VolumeType::Normal && SelectedVolumeHostType == VolumeHostType::File;
+				bool existingDeviceSupportedCase = SelectedVolumePath.IsDevice() && !hiddenVolumeItself;
+				bool quickFormatSupported = existingDeviceSupportedCase || normalFileContainer;

 				VolumeFormatOptionsWizardPage *page = new VolumeFormatOptionsWizardPage (GetPageParent(), filesystemSize, SectorSize,
-					SelectedVolumePath.IsDevice() && (OuterVolume || SelectedVolumeType != VolumeType::Hidden), OuterVolume, LargeFilesSupport);
+					quickFormatSupported, OuterVolume, LargeFilesSupport);

 				page->SetPageTitle (LangString["FORMAT_TITLE"]);
 				page->SetFilesystemType (SelectedFilesystemType);

-				if (!OuterVolume && SelectedVolumeType == VolumeType::Hidden)
+				if (hiddenVolumeItself)
+				{
 					QuickFormatEnabled = true;
+					QuickFormatEnabledByWizard = true;
+				}
+				else
+				{
+					if (!quickFormatSupported || QuickFormatEnabledByWizard)
+						QuickFormatEnabled = false;
+
+					QuickFormatEnabledByWizard = false;
+				}
 				page->SetQuickFormat (QuickFormatEnabled);

 				return page;
@@ -1332,6 +1348,7 @@ namespace VeraCrypt

 				SelectedFilesystemType = page->GetFilesystemType();
 				QuickFormatEnabled = page->IsQuickFormatEnabled();
+				QuickFormatEnabledByWizard = !OuterVolume && SelectedVolumeType == VolumeType::Hidden;

 				if (SelectedFilesystemType != VolumeCreationOptions::FilesystemType::None
 					&& SelectedFilesystemType != VolumeCreationOptions::FilesystemType::FAT)
@@ -76,6 +76,7 @@ namespace VeraCrypt
 		shared_ptr <VolumeInfo> MountedOuterVolume;
 		bool OuterVolume;
 		bool QuickFormatEnabled;
+		bool QuickFormatEnabledByWizard;
 		shared_ptr <EncryptionAlgorithm> SelectedEncryptionAlgorithm;
 		uint32 SelectedFilesystemClusterSize;
 		VolumeCreationOptions::FilesystemType::Enum SelectedFilesystemType;
@@ -766,8 +766,6 @@ namespace VeraCrypt
 				}
 			}

-			options->Quick = false;
-
 			uint32 sectorSizeRem = options->Size % options->SectorSize;
 			if (sectorSizeRem != 0)
 				options->Size += options->SectorSize - sectorSizeRem;
@@ -964,6 +962,18 @@ namespace VeraCrypt
 			throw_err (_("Specified volume size is too small to be used with Btrfs filesystem."));
 		}

+		if (options->Quick && options->Type == VolumeType::Normal)
+		{
+			if (Preferences.NonInteractive)
+			{
+				ShowWarning (_("Quick Format is enabled. Do not use --quick for an outer volume intended to contain a hidden volume. It skips writing random data to unused volume space, reducing plausible deniability. For file containers, actual disk savings depend on host filesystem sparse-file support, and later writes can fail if host space runs out."));
+			}
+			else if (!AskYesNo (LangString["WARN_QUICK_FORMAT"], false, true))
+			{
+				throw UserAbort (SRC_POS);
+			}
+		}
+
 		// Password
 		if (!options->Password && !Preferences.NonInteractive)
 		{
@@ -1219,7 +1219,7 @@ const FileManager fileManagers[] = {
 					" Inexperienced users should use the graphical user interface to create a hidden\n"
 					" volume. When using the text user interface, the following procedure must be\n"
 					" followed to create a hidden volume:\n"
-					"  1) Create an outer volume with no filesystem.\n"
+					"  1) Create an outer volume with no filesystem and without --quick.\n"
 					"  2) Create a hidden volume within the outer volume.\n"
 					"  3) Mount the outer volume using hidden volume protection.\n"
 					"  4) Create a filesystem on the virtual device of the outer volume.\n"
@@ -1428,8 +1428,12 @@ const FileManager fileManagers[] = {
 					" See also options -p and --protect-hidden.\n"
 					"\n"
 					"--quick\n"
-					" Do not encrypt free space when creating a device-hosted volume. This option\n"
-					" must not be used when creating an outer volume.\n"
+					" Do not encrypt free space when creating a normal file-hosted or\n"
+					" device-hosted volume. This option must not be used when creating an outer\n"
+					" volume; text mode cannot infer that a normal volume will later be\n"
+					" used as an outer volume. For file containers, Quick Format may create sparse\n"
+					" or unwritten host regions; actual disk savings depend on host filesystem\n"
+					" sparse-file support, and later writes can fail if host space runs out.\n"
 					"\n"
 					"--random-source=FILE\n"
 					" Use FILE as a source of random data (e.g., when creating a volume) instead\n"
@@ -87,6 +87,7 @@ namespace VeraCrypt
 		uint64 ReadAt (const BufferPtr &buffer, uint64 position) const;
 		void SeekAt (uint64 position) const;
 		void SeekEnd (int ofset) const;
+		void SetLength (uint64 length) const;
 		void Write (const ConstBufferPtr &buffer) const;
 		void Write (const ConstBufferPtr &buffer, size_t length) const { Write (buffer.GetRange (0, length)); }
 		void WriteAt (const ConstBufferPtr &buffer, uint64 position) const;
@@ -385,6 +385,12 @@ namespace VeraCrypt
 		throw_sys_sub_if (lseek (FileHandle, offset, SEEK_END) == -1, wstring (Path));
 	}

+	void File::SetLength (uint64 length) const
+	{
+		if_debug (ValidateState());
+		throw_sys_sub_if (ftruncate (FileHandle, length) == -1, wstring (Path));
+	}
+
 	void File::Write (const ConstBufferPtr &buffer) const
 	{
 		if_debug (ValidateState());