Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-09 22:36:59 -05:00
Code Activity

Windows: support new Microsoft EFI CA bootloaders

Browse Source 
Embed both Microsoft UEFI CA 2011 and 2023 signed DCS EFI sets and select the 2023 set only when the firmware db trusts the required 2023 third-party CAs.

Fall back to the 2011 EFI set when firmware db state cannot be determined, preserving pre-existing compatibility behavior and recording the reason in HKLM diagnostics.

Refresh installed ESP modules during PostOOBE repair, keep backups before replacing existing DCS modules, and use the selected EFI set when creating rescue media.

Record the selected EFI bootloader resource set and selection reason in HKLM, allow larger firmware db variables on systems with many Secure Boot certificates, and remove diagnostic registry keys on uninstall.

Fix MSI SetupDLL COM typelib version constants so unregister targets the current Main and Format COM typelib versions.

References: https://github.com/veracrypt/VeraCrypt/issues/1655
This commit is contained in:
Mounir IDRASSI
2026-05-19 13:46:44 +09:00
parent 4f71883ac1
commit aaffec8b5c
19 changed files with 730 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Mount/MainCom.cpp
+5
View File
@@ -193,6 +193,11 @@ public:
return BaseCom::GetSecureBootConfig (pSecureBootEnabled, pVeraCryptKeysLoaded);
}
virtual DWORD STDMETHODCALLTYPE GetEfiBootLoaderSigningSupport (BOOL* pMicrosoft2023UefiCAsSupported)
{
return BaseCom::GetEfiBootLoaderSigningSupport (pMicrosoft2023UefiCAsSupported);
}
virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg);
src/Mount/MainCom.idl
+2 -1
View File
@@ -16,7 +16,7 @@ import "..\Common\Password.h";
[
uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A),
helpstring("VeraCrypt Main UAC Support Library"),
version(2.13) // Update ComSetup.cpp when changing version number
version(2.14) // Update ComSetup.cpp when changing version number
]
library TrueCryptMainCom
{
@@ -55,6 +55,7 @@ library TrueCryptMainCom
DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
DWORD NotifyService (DWORD dwNotifyCode);
DWORD FastFileResize (BSTR filePath, __int64 fileSize);
DWORD GetEfiBootLoaderSigningSupport (BOOL* pMicrosoft2023UefiCAsSupported);
};
[