diff options
author | kavsrf <kavsrf@gmail.com> | 2017-02-26 11:42:59 +0300 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2017-06-05 17:37:36 +0200 |
commit | 10ddedbbac7acb326fb9447c6a1c5f1706017e4b (patch) | |
tree | 26993016e4b1cb9ab71bf046a1cfab7e348738c0 /Library/VeraCryptLib | |
parent | fdfe9f849c15dc4b864a72fcbc5266edb68171c1 (diff) | |
download | VeraCrypt-DCS-10ddedbbac7acb326fb9447c6a1c5f1706017e4b.tar.gz VeraCrypt-DCS-10ddedbbac7acb326fb9447c6a1c5f1706017e4b.zip |
PasswordTimeout and infodelay keys in DcsProp
DcsProp documented
included in VeraCrypt Beta2 patch 1
Diffstat (limited to 'Library/VeraCryptLib')
-rw-r--r-- | Library/VeraCryptLib/DcsProp | 182 | ||||
-rw-r--r-- | Library/VeraCryptLib/DcsVeraCrypt.c | 5 | ||||
-rw-r--r-- | Library/VeraCryptLib/DcsVeraCrypt.h | 2 | ||||
-rw-r--r-- | Library/VeraCryptLib/mklinks_src.bat | 2 |
4 files changed, 191 insertions, 0 deletions
diff --git a/Library/VeraCryptLib/DcsProp b/Library/VeraCryptLib/DcsProp new file mode 100644 index 0000000..e0b6691 --- /dev/null +++ b/Library/VeraCryptLib/DcsProp @@ -0,0 +1,182 @@ +<?xml version="1.0" encoding="utf-8"?>
+<VeraCrypt>
+ <!-- EFI boot DCS configuration -->
+ <configuration>
+ <!-- PasswordType 0/1
+ 0 - text message is displayed
+ PasswordMsg to specify message
+ 1 - touch picture password if touch is supported by EFI. check PlatformInfo
+ PasswordPicture to specify bitmap
+ -->
+ <config key="PasswordType">0</config>
+ <config key="PasswordMsg">Password:</config>
+ <config key="PasswordPicture">EFI\VeraCrypt\login.bmp</config>
+
+ <!-- Show "*" on each key pressed or picture zone touched -->
+ <config key="AuthorizeProgress">1</config>
+ <!-- Show chars on each key press -->
+ <config key="AuthorizeVisible">0</config>
+ <!-- Show zones touched -->
+ <config key="AuthorizeMarkTouch">0</config>
+
+ <!-- Number of authorization retries -->
+ <config key="AuthorizeRetry">10</config>
+ <!-- Timeout in seconds before <ESC> from password prompt -->
+ <config key="PasswordTimeout">0</config>
+
+ <!-- authorization start message -->
+ <config key="AuthStartMsg">Authorizing...</config>
+ <!-- authorization error message -->
+ <config key="AuthErrorMsg">Authorization failed. Wrong password, PIM or hash.</config>
+
+ <!-- PictureChars specifies PasswordPicture alphabet order
+ It is possible to save it on external USB if SecRegionSearch selected
+ -->
+ <!-- config key="PictureChars">MN/[aQ-eyPr}GT: |V^UqiI_gbdA9YwZ%f8t6S@D\"7uXl\\30R#+zH*,W4J?= BLFv]hx~E;$ .o'sp1`(>C)O{!5j2nmkcK</config -->
+
+ <!-- AutoLogin 0/1
+ Posibility to avoid password prompt
+ AutoPassword is password by default
+ Use it with PlatformLocked or TPMLocked enabled to lock password to the computer.
+ -->
+ <config key="AutoLogin">0</config>
+ <config key="AutoPassword"></config>
+
+ <!-- PimRqt 0/1
+ Request PIM during authorization
+ PimMsg - message
+ Pim - default value
+ -->
+ <config key="PimMsg">Pim:</config>
+ <config key="Pim">0</config>
+ <config key="PimRqt">1</config>
+
+ <!-- HashRqt 0/1
+ Request hash during authorization
+ HashMsg - message. It is generated if not specified
+ Hash - default value
+ -->
+ <!-- config key="HashMsg">(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG
+Hash:</config-->
+ <config key="Hash">0</config>
+ <config key="HashRqt">0</config>
+
+ <!-- PlatformLocked 0/1 (it is controled by <F7>)
+ Password is mixed with data from SMBIOS and USB serial structures
+ to avoid authorization on another computer
+ -->
+ <config key="PlatformLocked">0</config>
+
+ <!-- TPMLocked 0/1 (it is controled by <F8>)
+ Password is mixed with data from TPM
+ data is in TPM NVRAM and the data is locked to PCRs selected (use configuration <F2> and "c" "t")
+ BIOS modification or any other boot module blocks authorization with TPMLocked=1
+ DcsProp is measured to PCR8 also.
+ TPM 1.2 support only.
+ -->
+ <config key="TPMLocked">0</config>
+ <!-- Display error if TPM configured and locked before password to inform user with pause (sec) -->
+ <config key="TPMLockedInfoDelay">0</config>
+
+ <!-- Random generator to generate salt to change password <F2> function key
+ 2 RDRAND
+ 3 PRNDGEN but state hast to be saved on external USB
+ 5 TPM 1.2 if pressent
+ -->
+ <config key="Random">2</config>
+
+ <!-- RUD - Require USB device (authorization started if the USB is attached. "what I have")
+ 0 - skip
+ NNNN - CRC32 decimal value of USB "VID_PID_SERIAL" string
+ It is possible to configure via DcsWinCfg
+ or from EFI shell: DcsCfg.dcs -ul
+ -->
+ <config key="RUD">0</config>
+
+ <!-- Try to find security region -->
+ <config key="SecRegionSearch">0</config>
+ <!-- Display device of RUD or SecRegion found with pause (sec) -->
+ <config key="SecRegionInfoDelay">0</config>
+
+ <!-- Ask password even no USB with SecRegions found
+ ForcePasswordMsg, ForcePasswordType,ForcePasswordProgress keys can overide default values
+ -->
+ <config key="DcsBootForce">1</config>
+
+ <!--
+ to find OS partition GUID if ESP and OS uses diffrent disks
+ -->
+ <!-- config key="PartitionGuidOS">XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</config-->
+
+
+ <!-- Actions
+ Success - authorization OK
+ NotFound - RUD of SecRegion search failed
+ Failed - <ESC> pressed or AuthorizeRetry limit
+
+ It can contain several keywords space separated
+
+ Keywords:
+ Exit – simple exit (default)
+ Status(code) – override exit status code (0 is OK)
+ File(path) – path to file to be executed
+ Guid(xxx-x..) – GUID of partition with file to be executed
+ Printinfo – print guid, file and status.
+ Message(msg) – message to display for the action
+ Postexec – send loader path to DcsBoot to execute after exit
+ Exec – execute module
+ Halt – CPU halt
+ Delay(N) – delay boot
+ -->
+ <config key="ActionSuccess">Exit</config>
+ <config key="ActionNotFound">Exit</config>
+ <config key="ActionFailed">Exit</config>
+
+ <!-- Devices to configure PicturePassword if possible. Check PlatformInfo of your computer
+ GraphDevice - Graphics device and mode
+ TouchDevice - Touch device
+ BeepDevice - ordinary speaker to beep on touch zone
+ -->
+
+ <!-- GraphDevice
+ -1 - initialize + autodetect
+ -2 - ignore
+ <n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
+ -->
+ <config key="GraphDevice">-1</config>
+
+ <!-- GraphMode
+ -1 default (see PlatformInfo. or use DcsCfg.dcs -gm <n> to test)
+ -->
+ <config key="GraphMode">-1</config>
+
+ <!--
+ TouchDevice
+ -1 init + autodetect
+ -2 ignore;
+ <N> number in list of devices (See platformInfo or use DcsCfg -tl and to test DcsCfg -tt <N>)
+ -->
+ <config key="TouchDevice">-1</config>
+
+ <!-- TouchSimulate to use keyboard arrows to move touch <F11>/<F12> speed -->
+ <config key="TouchSimulate">1</config>
+
+ <!-- 0/1 Beep if picture zone touched -->
+ <config key="Beep">0</config>
+
+ <!-- BeepDevice (LegacySpeaker.dcs driver is used to support)
+ -1 - initialize + autodetect
+ <n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
+ -->
+ <config key="BeepDevice">-1</config>
+
+ <!-- Beep paramters -->
+ <config key="BeepNumber">1</config>
+ <config key="BeepDuration">100</config>
+ <config key="BeepInterval">0</config>
+ <config key="BeepTone">1280</config>
+ <!-- <F4> enable/disable beeps -->
+ <config key="BeepControl">1</config>
+
+ </configuration>
+</VeraCrypt>
\ No newline at end of file diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c index f4a1e27..5d9be88 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.c +++ b/Library/VeraCryptLib/DcsVeraCrypt.c @@ -66,6 +66,7 @@ char* gAuthStartMsg = NULL; INT32 gRUD = 0;
int gAuthSecRegionSearch = 0;
+int gSecRegionInfoDelay = 0;
CHAR8* gPlatformKeyFile = NULL;
UINTN gPlatformKeyFileSize = 0;
@@ -146,6 +147,7 @@ VCAuthLoadConfig() gPasswordProgress = (UINT8)ConfigReadInt("AuthorizeProgress", 1); // print "*"
gPasswordVisible = (UINT8)ConfigReadInt("AuthorizeVisible", 0); // show chars
gPasswordShowMark = ConfigReadInt("AuthorizeMarkTouch", 1); // show touch points
+ gPasswordTimeout = (UINT8)ConfigReadInt("PasswordTimeout", 0); // If no password for <seconds> => <ESC>
gDcsBootForce = ConfigReadInt("DcsBootForce", 1); // Ask password even if no USB marked found.
@@ -165,8 +167,11 @@ VCAuthLoadConfig() gRndDefault = ConfigReadInt("Random", 0);
gAuthSecRegionSearch = ConfigReadInt("SecRegionSearch", 0);
+ gSecRegionInfoDelay = ConfigReadInt("SecRegionInfoDelay", 0);
+
gPlatformLocked = ConfigReadInt("PlatformLocked", 0);
gTPMLocked = ConfigReadInt("TPMLocked", 0);
+ gTPMLockedInfoDelay = ConfigReadInt("TPMLockedInfoDelay", 9);
gSCLocked = ConfigReadInt("SCLocked", 0);
// Actions for DcsInt
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.h b/Library/VeraCryptLib/DcsVeraCrypt.h index e6ee57c..f7a3c8f 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.h +++ b/Library/VeraCryptLib/DcsVeraCrypt.h @@ -53,9 +53,11 @@ extern char* gAuthErrorMsg; extern INT32 gRUD;
extern int gAuthSecRegionSearch;
+extern int gSecRegionInfoDelay;
extern int gPlatformLocked;
extern int gTPMLocked;
+extern int gTPMLockedInfoDelay;
extern int gSCLocked;
extern int gAuthPwdCode;
diff --git a/Library/VeraCryptLib/mklinks_src.bat b/Library/VeraCryptLib/mklinks_src.bat index 1126cfa..a62298e 100644 --- a/Library/VeraCryptLib/mklinks_src.bat +++ b/Library/VeraCryptLib/mklinks_src.bat @@ -1,6 +1,8 @@ @echo off
pushd %~dp0
+if "%veracrypt_src%"=="" if exist %CD:~0,-28%\VeraCrypt\src set veracrypt_src=%CD:~0,-28%\VeraCrypt\src
+
call :select_path "%veracrypt_src%" "Select VeraCrypt directory:"
set veracrypt_src=%select_path_result%
|