8bfe53b20f
Windows: prevent unsupported EFI Secure Boot fallback
...
Detect whether the active firmware Secure Boot db trusts the Microsoft Corporation UEFI CA 2011 before selecting the 2011-signed EFI loader set.
Abort with a clear diagnostic when Secure Boot is enabled but neither the 2011 CA nor the required 2023 CA pair is trusted, and document the CA requirements.
Preserve positive CA detection when malformed db data appears only after a supported Microsoft CA set has already been found, while recording the parse error in diagnostics.
Refs #1778 .
2026-06-17 14:07:28 +09:00
d26be95861
Update copyright year to 2026
2026-06-09 09:56:25 +09:00
91a01826aa
Windows: fix EFI DcsProp rewrite handling
...
Ensure ESP file writes have true replace semantics even when the operation is delegated to the elevated COM helper. This prevents shorter edits of EFI\VeraCrypt\DcsProp from leaving stale bytes at the end of the file.
Also XML-escape decoded EFI boot configuration values before serializing them, preserving values containing characters such as <, > and & during EfiBootConf save/update paths.
Fixes #954 .
2026-05-31 00:12:06 +09:00
aaffec8b5c
Windows: support new Microsoft EFI CA bootloaders
...
Embed both Microsoft UEFI CA 2011 and 2023 signed DCS EFI sets and select the 2023 set only when the firmware db trusts the required 2023 third-party CAs.
Fall back to the 2011 EFI set when firmware db state cannot be determined, preserving pre-existing compatibility behavior and recording the reason in HKLM diagnostics.
Refresh installed ESP modules during PostOOBE repair, keep backups before replacing existing DCS modules, and use the selected EFI set when creating rescue media.
Record the selected EFI bootloader resource set and selection reason in HKLM, allow larger firmware db variables on systems with many Secure Boot certificates, and remove diagnostic registry keys on uninstall.
Fix MSI SetupDLL COM typelib version constants so unregister targets the current Main and Format COM typelib versions.
References: https://github.com/veracrypt/VeraCrypt/issues/1655
2026-05-20 14:07:47 +09:00
df4e755112
Windows: verify EFI loader restoration
...
Verify restored EFI Microsoft and fallback boot loader paths after system decryption.
Show clearer recovery guidance when EFI file restoration or NVRAM cleanup remains incomplete.
Add a GPT-only EFI boot loader repair menu action for already decrypted systems.
2026-04-26 16:47:04 +09:00
b673901503
Move copyright and links to "AM Crypo", amcrypto.jp and veracrypt.jp
2025-05-11 16:02:20 +09:00
1b35abb191
Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers.
2025-01-14 12:26:28 +01:00
455a4f2176
Avoid conflict with C++17 features std::byte by using uint8 type instead of byte
2024-06-12 12:30:04 +02:00
e8f83544ea
Windows: Fix false positive detection of new device insertion when clear keys option is enable
...
When this option is enabled, we first build the list of currently inserted devices then we start listening to insertion events.
When a device insertion occurs, we check if this device is on our list and if yes, we ignore its insertion.
We also ignore devices whose Device ID starts with "SWD\" and "ROOT\" since these are not real devices.
2023-08-05 00:45:39 +02:00
5383190518
Windows: Block upgrade of VeraCrypt is the system is encrypted using RIPEMD-160 or GOST89 since they are not supported anymore.
2022-03-21 01:18:27 +01:00
9b88625d97
Windows: Make MSI installer compatible with System Encryption by leveraging VeraCrypt service capabilities
2022-02-01 23:32:55 +01:00
a21b2270e8
Windows: Implement TESTSIGNING build configuration that allows running under Windows Vista,7, 8 and 8.1.
2021-12-04 23:59:01 +01:00
9741c9209d
Windows: Add new registry flags for SystemFavoritesService to control updating of EFI BIOS boot menu on shutdown. This will help better manage multi-boot scenarios where we should not mess up with boot order (e.g. grub2 case)
2019-11-22 00:11:55 +01:00
2722b46530
Windows: code refactoring and convert NTSTATUS error code to WIN32 equivalent before displaying error message.
2019-10-27 02:04:51 +02:00
89e2547851
Windows: Make EFI System Encryption PostOOBE code more robust to failure to access "\\\\?\\GLOBALROOT" disk namespace
2019-10-27 02:04:43 +02:00
ca46cf928a
Windows: Update EFI NVRAM variable only if changed or doesn't exist and add configuration to force setting EFI BootNext to veraCrypt bootloader before each shutdown
2019-10-27 02:04:34 +02:00
9b394ddc49
Windows: Avoid unnecessary write operations when copying/modifying EFI bootloader files in order to avoid leaking modification timestamp
2019-10-20 22:17:12 +02:00
cca08e1ed5
Windows: Add checks that the System Favorites service is running. Warn user if he enabled option to clear RAM encryption keys and the service is stopped.
2019-10-20 22:16:57 +02:00
5b88a183ac
Windows: handle case of DcsProp configuration file for EFI system encryption contains wrong "ActionSuccess" entry that points towards bootmgfw.efi which is now our bootloader and not Microsoft one.
2019-10-18 00:56:39 +02:00
202caea3a9
Windows: enhancements to EFI system encryption, like handling of Multi-Boot and better compatibility with Windows Upgrade process.
2019-01-15 15:05:19 +01:00
d3e7ed96f3
Windows: Implement feature that enables clearing of encryption keys when a new device is inserted. Better implementation for update of EFI bootloader without usage of drive letters (this can fix random issues encountered during Windows upgrade).
2019-01-14 10:49:05 +01:00
98ff65045e
Windows: Support machines without "EFI\Boot" folder for EFI system encryption (e.g. Windows LTSB). Compatibility enhancements for EFI system encryption.
2018-05-03 08:25:22 +02:00
4f0d1c02bd
Windows: Don't start EFI system encryption process if SecureBoot is enabled and VeraCrypt-DCS custom keys were not loaded in the machine firmware.
2018-04-23 16:59:40 +02:00
17d9c1c6ec
Windows: Fix system encryption issues on machines that always force booting on Microsoft bootloader (e.g. HP).
2018-04-23 16:59:37 +02:00
3659ddd70c
Windows: enhance ReflectDrivers mechanism by persisting it across major Windows upgrades.
2018-04-23 16:59:36 +02:00
4519bb494e
Windows: implement compatibility for Windows 10 major updates using ReflectDrivers mechanism whose support started from Windows 10 version 1607.
2018-04-23 16:59:33 +02:00
3021745f67
Windows: better workaround for cases where ERROR_INVALID_PARAMETER is returned during system encryption which is due to 4096-bytes alignment of disk.
2017-07-20 23:23:18 +02:00
840756ead1
Windows: workaround for some cases where the system return ERROR_INVALID_PARAMETER when we try to write EFI bootloader files into ESP partition.
2017-07-03 01:55:45 +02:00
0ebc26e125
Update IDRIX copyright year
2017-06-23 22:15:59 +02:00
ee5c1784ea
Windows EFI Bootloader: Add new attributes "DcsBmlDriver" and "DcsBmlLockFlags" to EFI configuration DcsProp. Set their values to 0 to disable DcsBml functionality.
2017-06-21 01:39:54 +02:00
5c9aff0c54
Windows: Remove unused method ReadEfiConfig
2017-06-11 17:28:20 +02:00
4208b43581
Windows: code refactoring for handling of ESP files (DcsProp and PlatformInfo).
2017-06-11 01:28:42 +02:00
cf5729d4e1
Beta2 patch 1
...
Edit DcsProp and PlatformInfo from System->Settings
EFI loader updated
2017-06-05 17:45:45 +02:00
46cd09ef50
PlatformInfo read. (via ReadEfiConfig)
...
It is displayed in System settings
2017-06-05 17:45:45 +02:00
74b82118d5
Windows: use IOCTL_DISK_GET_DRIVE_GEOMETRY_EX instead of the deprecated IOCTL_DISK_GET_DRIVE_GEOMETRY in order to get accurate disk size value.
2017-05-17 00:46:41 +02:00
2ddc374164
Windows: Remove VeraCrypt from EFI boot partition after decrypting the system
2016-10-17 18:40:39 +02:00
e362d804b0
Windows: Perform Shutdown instead of Reboot during Pre-Test of UEFI system encryption in order to detect machines where changes to EFI boot don't persist after shutdown.
2016-10-17 18:40:20 +02:00
4dacedd9cc
Windows: Replace XZip/XUnzip library with zlib and libzip and include the sources of these library into VeraCrypt source tree.
2016-10-17 18:40:06 +02:00
2d72e42c6c
Windows: Implement Rescue Disk support for EFI system encryption
2016-08-15 01:09:17 +02:00
07ee8c1069
Windows: Implement support for EFI system encryption in Windows GUI.
2016-08-15 01:09:13 +02:00
11716ed2da
Remove trailing whitespace
2016-05-10 22:18:34 +02:00
fc37cc4a02
Normalize all line terminators
2016-05-10 20:20:14 +02:00
1396269d57
Windows: Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
2016-04-20 00:48:20 +02:00
bda7a1d0bd
Copyright: update dates to include 2016.
2016-01-20 00:53:24 +01:00
5872be28a2
Windows: Fix Dll hijacking vulnerability affecting installer that allows arbitrary code execution with elevation of privilege (CVE-2016-1281)
2016-01-03 00:15:05 +01:00
90bd57fe40
Windows: Full UNICODE rewrite and implement support for UNICODE passwords.
2015-11-26 01:44:52 +01:00
9e1e128b14
Windows: Add functionality to verify Rescue Disk ISO image file.
2015-09-16 01:33:19 +02:00
52c7445a79
Windows: Correctly detect presence of CD/DVD recorder during the creation of Rescue Disk. Check only CD/DVD drives and removable media when looking for rescue disk during its verification.
2015-09-16 01:33:16 +02:00
42a7a17cb9
Windows Installer: better handling for updating system favorite service from 1.0f-2 (solve Windows 10 issue) . Remove extra VeraCrypt files that may remain after uninstalling it.
2015-09-06 20:31:01 +02:00
041024fbb9
Update license information to reflect the use of a dual license Apache 2.0 and TrueCrypt 3.0.
2015-08-06 00:04:25 +02:00
Mounir IDRASSI
Mounir IDRASSI
kavsrf
David Foerster