Embed both Microsoft UEFI CA 2011 and 2023 signed DCS EFI sets and select the 2023 set only when the firmware db trusts the required 2023 third-party CAs.
Fall back to the 2011 EFI set when firmware db state cannot be determined, preserving pre-existing compatibility behavior and recording the reason in HKLM diagnostics.
Refresh installed ESP modules during PostOOBE repair, keep backups before replacing existing DCS modules, and use the selected EFI set when creating rescue media.
Record the selected EFI bootloader resource set and selection reason in HKLM, allow larger firmware db variables on systems with many Secure Boot certificates, and remove diagnostic registry keys on uninstall.
Fix MSI SetupDLL COM typelib version constants so unregister targets the current Main and Format COM typelib versions.
References: https://github.com/veracrypt/VeraCrypt/issues/1655
Verify restored EFI Microsoft and fallback boot loader paths after system decryption.
Show clearer recovery guidance when EFI file restoration or NVRAM cleanup remains incomplete.
Add a GPT-only EFI boot loader repair menu action for already decrypted systems.
* Windows: Add input validation whitelists to elevated COM methods
* Windows: Add drive number validation to FormatNtfs and FormatFs COM methods
* Windows: Fix correctness regressions in elevated COM format and device path validation
* Windows: Revert unready COM input validation; keep FormatNtfs/FormatFs return fix
Now it is possible to enable IME during Secure Desktop using a setting in Preferences or using /enableIME switch.
This helps solve issues with some IME that causes VeraCrypt to freeze when selecting keyfile while VeraCrypt secure desktop is active.
See: https://sourceforge.net/p/veracrypt/discussion/general/thread/1e8b9aeacd
This update introduces a screen protection mechanism that leverages the Windows Display Affinity API to prevent screen capture, screen recording, and inclusion in the Windows 11 Recall feature. By default, all VeraCrypt windows, menus, and tooltips are protected. Users can enable or disable this feature through a new setting available in the application Preferences, as well as in the installer and MSI configurations.
This enhances user privacy by mitigating potential leaks of sensitive interface content.
Note: Due to a regression in Windows 11 affecting layered windows, ComboBox dropdowns cannot currently be protected by this mechanism.
Replaced hardcoded 0x56455241 ('VERA') with TC_HEADER_MAGIC for better readability and maintainability.
Also replaced 0x5645524142455854 with TC_BOOT_DRIVE_FILTER_EXTENSION_MAGIC and added 'ULL' suffix for 64-bit safety.
* refactor: use UNMOUNT instead of DISMOUNT in code
This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.
* refactor(ui): use unmount instead of dismount
This change updates the GUI text and replaces dismount with unmount.
* docs: update term dismount -> unmount
* refactor(cmdline): add unmount
This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.
* docs: mention that /dismount is deprecated
This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
Mounir IDRASSI
audriusbuika
Mounir IDRASSI
Bernard Ladenthin
Helmut K. C. Tessarek