d26be95861
Update copyright year to 2026
2026-06-09 09:56:25 +09:00
1871765a76
Windows: allow cancelling long mount operations
...
Add a root-driver abort IOCTL that bypasses the mount control mutex and sets cooperative KDF abort flags for the active mount.
Restrict abort requests to privileged callers or to the user that initiated the pending mount, and retry early wait-dialog cancel requests until the driver has registered the cancellable mount context.
Wire the wait dialog Cancel button to send the abort request through a fresh driver handle, and propagate ERR_USER_ABORT through header/cache processing.
Add a /cancelmount command-line switch that sends the same abort request without displaying UI, so users can cancel hidden-wait-dialog mount operations from another process.
2026-06-07 23:39:52 +09:00
9ea5ccc4aa
Windows: Enable screen protection by default to block screenshots, recordings & Windows Recall. Add configurable setting in Preferences, Installer, and MSI.
...
This update introduces a screen protection mechanism that leverages the Windows Display Affinity API to prevent screen capture, screen recording, and inclusion in the Windows 11 Recall feature. By default, all VeraCrypt windows, menus, and tooltips are protected. Users can enable or disable this feature through a new setting available in the application Preferences, as well as in the installer and MSI configurations.
This enhances user privacy by mitigating potential leaks of sensitive interface content.
Note: Due to a regression in Windows 11 affecting layered windows, ComboBox dropdowns cannot currently be protected by this mechanism.
2025-05-24 15:28:39 +09:00
b673901503
Move copyright and links to "AM Crypo", amcrypto.jp and veracrypt.jp
2025-05-11 16:02:20 +09:00
498dff9013
refactor: use the term unmount instead of dismount ( #1478 )
...
* refactor: use UNMOUNT instead of DISMOUNT in code
This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.
* refactor(ui): use unmount instead of dismount
This change updates the GUI text and replaces dismount with unmount.
* docs: update term dismount -> unmount
* refactor(cmdline): add unmount
This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.
* docs: mention that /dismount is deprecated
This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
2025-01-31 23:18:26 +01:00
1b35abb191
Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers.
2025-01-14 12:26:28 +01:00
453ff2880e
Windows Driver: Make max work items count configurable. Increase default to 1024. Queue write IRPs.
...
- Made the maximum work items count configurable to allow flexibility based on system needs.
- Increased the default value of max work items count to 1024 to better handle high-throughput scenarios.
- Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
2024-11-23 17:44:48 +01:00
ed1263bf8c
Implement detection of volumes with vulnerable XTS master key.
...
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
2024-08-02 00:20:53 +02:00
455a4f2176
Avoid conflict with C++17 features std::byte by using uint8 type instead of byte
2024-06-12 12:30:04 +02:00
b1657e88e4
Windows Security: make memory protection enabled by default. Add process mitigation (ASLR, Dynamic code, extension points)
...
Memory protection can be disabled using registry value "VeraCryptEnableMemoryProtection" under the key "HKLM\SYSTEM\CurrentControlSet\Services\veracrypt"
2023-09-18 00:13:52 +02:00
f84d235cf1
Windows: Implement support for mounting partially encrypted system partitions
...
For now, we force ReadOnly mounting for such partitions.
2023-08-13 22:50:37 +02:00
fa6359d424
Windows: Remove TrueCrypt support. Increment version to 1.26.4.
2023-07-22 10:25:22 +02:00
c51a209879
Windows: Add registry setting to disable erasing encryption keys on Windows shutdown/reboot. This helps solve BSOD during shutdown/reboot on some machines.
...
Under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt", create a REG_DWORD value named "VeraCryptEraseKeysShutdown" and set its value to 0.
2022-02-06 09:52:24 +01:00
f63c2ec13c
Windows driver: Set maximum values for encryption queue parameters. Add IOCTL code to read used values from user space maximum value for EncryptionFragmentSize is 2048 maximum value for EncryptionIoRequestCount is 8192 maximum value for EncryptionItemCount is (EncryptionIoRequestCount/2)
2021-12-30 00:42:39 +01:00
5640de3584
Windows Driver: Add registry settings to control driver internal encryption queue Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt: - VeraCryptEncryptionFragmentSize (REG_DWORD): size of encryption data fragment in KiB. Default is 256. - VeraCryptEncryptionIoRequestCount (REG_DWORD): maximum number of parallel I/O requests. Default is 16. - VeraCryptEncryptionItemCount (REG_DWORD): maximum number of encryption queue items processed in parallel. Default is 8.
2021-12-20 00:18:58 +01:00
5c934d8122
Windows Driver: Add IOCTL code to query RAM encryption status in VeraCrypt driver
2019-03-03 23:48:49 +01:00
cf48b532b4
Windows: Implement RAM encryption for keys on 64-bit machines using ChaCha12 cipher and t1ha non-cryptographic fast hash ( https://github.com/leo-yuriev/t1ha )
2019-03-01 00:35:13 +01:00
e5b9cee868
Windows: Add option to enable use of CPU RDRAND/RDSEED as source of entropy which is now disabled by default
2019-02-08 01:50:03 +01:00
d3e7ed96f3
Windows: Implement feature that enables clearing of encryption keys when a new device is inserted. Better implementation for update of EFI bootloader without usage of drive letters (this can fix random issues encountered during Windows upgrade).
2019-01-14 10:49:05 +01:00
652e989d23
Windows Security: Add new entry point in driver that allows emergency clearing of all encryption keys from memory. This entry point requires administrative privileges and it will caused BSDO when system encryption is active. It can be useful for example to applications that monitors physical access to the machine and which need to erase sensitive key material from RAM when unauthorized access is detected.
2019-01-09 00:30:12 +01:00
11f0b99846
Windows driver: move newly added field in VOLUME_PROPERTIES_STRUCT to the end for compatibility with previous version.
2019-01-09 00:29:57 +01:00
1967bd862e
Windows: Add mount option that allows mounting a volume without attaching it to the specified drive letter. This is useful in situation where Windows has issue with the filesystem (e.g. ReFS on Windows 10 1809) and we need to use third party software to be able to use the filesystem under Windows through low level VeraCrypt virtual device (e.g. \Device\VeraCryptVolumeX).
2018-12-19 00:41:37 +01:00
7cbe6b71e5
Windows: implement a driver configuration option to explicitly allow defragmenting non-système disques by Windows built-in defragmenter tool.
2018-08-24 00:49:59 +02:00
d907627f7e
Windows: Add option to block TRIM command on system encryption SSD drives.
2018-03-05 19:35:07 +01:00
cd59d5364f
Windows: Implement TRIM support for non-system SSD partitions/drives and add driver option to enable it (TRIM is disabled by default for non-system SSD partitions/drives)
2018-03-04 18:50:23 +01:00
0ebc26e125
Update IDRIX copyright year
2017-06-23 22:15:59 +02:00
55aa098295
Windows: fix high CPU usage when a favorite is configured to mount using VolumeID when its host device is connected to the machine.
2017-06-01 01:56:13 +02:00
cda40547fe
Windows: query extra host drive information using IOCTL_STORAGE_QUERY_PROPERTY (StorageAdapterProperty) in both driver and user mode applications.
2017-05-25 01:15:16 +02:00
74b82118d5
Windows: use IOCTL_DISK_GET_DRIVE_GEOMETRY_EX instead of the deprecated IOCTL_DISK_GET_DRIVE_GEOMETRY in order to get accurate disk size value.
2017-05-17 00:46:41 +02:00
0ac4009720
Windows: Fix failure to access EFS data on VeraCrypt volumes under Windows 10 but supporting undocumented IOCTL.
2016-10-17 18:40:25 +02:00
b146e235f8
Windows: align buffers used for keys to avoid issues when SSE used.
2016-08-15 01:09:14 +02:00
11716ed2da
Remove trailing whitespace
2016-05-10 22:18:34 +02:00
fc37cc4a02
Normalize all line terminators
2016-05-10 20:20:14 +02:00
f5606a44a6
Windows: Finalize implementation of the new volume ID mechanism. Use SHA-256 instead of SHA-512 to compute volume ID to reduce string size and make more convenient to use.
2016-04-14 08:53:41 +02:00
60575d9a49
Windows: start implementation of volume ID mechanism that will be used to identify VeraCrypt disk volumes instead of device name.
2016-04-08 23:53:49 +02:00
bda7a1d0bd
Copyright: update dates to include 2016.
2016-01-20 00:53:24 +01:00
8f6c08330a
Windows: Implement PIM caching, both for system encryption and for normal volumes. Add options to activate it in the Preferences and System Settings.
2015-12-21 01:19:04 +01:00
90bd57fe40
Windows: Full UNICODE rewrite and implement support for UNICODE passwords.
2015-11-26 01:44:52 +01:00
9a6fc789eb
Windows: Add option to disable detection of "Evil Maid" attacks. This is helpful for users who have software running the modifies the bootloader, like FLEXnet.
2015-10-07 12:56:01 +02:00
c94f8c9b63
Windows Driver: Modify fix for CVE-2015-7358 to solve side effects on Windows mount manager while still making it hard to abuse drive letter handling.
2015-10-05 04:31:17 +02:00
9b24da3398
Windows Driver: Fix inherited TrueCrypt local elevation of privilege vulnerability caused by abusing the drive letter symbolic link creation facilities to remap the main system drive. Thanks to James Forshaw (Google) for reporting this issue and for helping implementing the fix.
2015-09-26 17:44:03 +02:00
db80c02342
Windows: Add option to explicitly support extended disk IOCTLs and disable this support by default. This will avoid having issue with software that doesn't handle correctly partial IOCTL_STORAGE_QUERY_PROPERTY support.
2015-09-16 01:33:14 +02:00
90f9194558
Windows: Support setting volume label in Explorer through mount option. Support using favorite label as label in Explorer.
2015-08-31 00:30:58 +02:00
041024fbb9
Update license information to reflect the use of a dual license Apache 2.0 and TrueCrypt 3.0.
2015-08-06 00:04:25 +02:00
6ca598f841
Windows: Implement Evil-Maid-Attack detection mechanism. Write the correct bootloader when changing the system encryption password: this enables to recover if an attack is detected.
2015-07-29 00:33:10 +02:00
6ef41abdd2
Use Pim name for internal variables instead of the old name Pin
2015-07-11 01:58:34 +02:00
c3c1bdd29d
Windows: Add support for PIN in favorites. Several enhancements to GUI handling of Dynamic Mode.
2015-06-07 01:38:34 +02:00
8ebf5ac605
Windows: first implementation of dynamic mode
2015-05-26 01:38:15 +02:00
7d52dda67c
Windows Driver: Implement querying physical sector size of veraCrypt volume through IOCTL_STORAGE_QUERY_PROPERTY
2015-05-03 15:47:29 +02:00
cc02c78a8c
Windows Driver: add TrueCrypt mode of mounted volumes to the output of TC_IOCTL_GET_MOUNTED_VOLUMES
2015-01-04 16:29:31 +01:00
Mounir IDRASSI
Mounir IDRASSI
Helmut K. C. Tessarek
David Foerster