Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 19:08:26 -06:00
Code Activity

Windows: Implement support for mounting partially encrypted system partitions

Browse Source 
For now, we force ReadOnly mounting for such partitions.
This commit is contained in:
Mounir IDRASSI
2023-08-13 22:50:37 +02:00
parent 8c7962bda7
commit f84d235cf1
7 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Driver/EncryptedIoQueue.c
View File

@@ -797,7 +797,7 @@ static VOID MainThreadProc (PVOID threadArg)
request->OrigDataBufferFragment = dataBuffer;
request->Length = dataFragmentLength;
if (queue->IsFilterDevice)
if (queue->IsFilterDevice || queue->bSupportPartialEncryption)
{
if (queue->EncryptedAreaStart == -1 || queue->EncryptedAreaEnd == -1)
{

1
src/Driver/EncryptedIoQueue.h
View File

@@ -49,6 +49,7 @@ typedef struct
// File-handle-based IO
HANDLE HostFileHandle;
BOOL bSupportPartialEncryption;
int64 VirtualDeviceLength;
SECURITY_CLIENT_CONTEXT *SecurityClientContext;

15
src/Driver/Ntdriver.c
View File

@@ -3156,6 +3156,21 @@ VOID VolumeThreadProc (PVOID Context)
Extension->Queue.HostFileHandle = Extension->hDeviceFile;
Extension->Queue.VirtualDeviceLength = Extension->DiskLength;
Extension->Queue.MaxReadAheadOffset.QuadPart = Extension->HostLength;
if (bDevice && pThreadBlock->mount->bPartitionInInactiveSysEncScope
&& (!Extension->cryptoInfo->hiddenVolume)
&& (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value)
)
{
// Support partial encryption only in the case of system encryption
Extension->Queue.EncryptedAreaStart = 0;
Extension->Queue.EncryptedAreaEnd = Extension->cryptoInfo->EncryptedAreaLength.Value - 1;
if (Extension->Queue.CryptoInfo->EncryptedAreaLength.Value == 0)
{
Extension->Queue.EncryptedAreaStart = -1;
Extension->Queue.EncryptedAreaEnd = -1;
}
Extension->Queue.bSupportPartialEncryption = TRUE;
}
if (Extension->SecurityClientContextValid)
Extension->Queue.SecurityClientContext = &Extension->SecurityClientContext;

8
src/Driver/Ntvol.c
View File

@@ -88,6 +88,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
}
mount->VolumeMountedReadOnlyAfterDeviceWriteProtected = FALSE;
mount->VolumeMountedReadOnlyAfterPartialSysEnc = FALSE;
// If we are opening a device, query its size first
if (bRawDevice)
@@ -677,10 +678,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value)
{
// Partial encryption is not supported for volumes mounted as regular
mount->nReturnCode = ERR_ENCRYPTION_NOT_COMPLETED;
ntStatus = STATUS_SUCCESS;
goto error;
// mount as readonly in case of partial system encryption
Extension->bReadOnly = mount->bMountReadOnly = TRUE;
mount->VolumeMountedReadOnlyAfterPartialSysEnc = TRUE;
}
}
else if (Extension->cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC)