blob: c9ca1ff996794e3aa04aa76dc1715cef4c072a79 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
<!-- EFI boot DCS configuration -->
<configuration>
<!-- PasswordType 0/1
0 - text message is displayed
PasswordMsg to specify message
1 - touch picture password if touch is supported by EFI. check PlatformInfo
PasswordPicture to specify bitmap (only support BITMAPINFOHEADER format)
-->
<config key="PasswordType">0</config>
<config key="PasswordMsg">Password:</config>
<config key="PasswordPicture">EFI\VeraCrypt\login.bmp</config>
<!-- Show "*" on each key pressed or picture zone touched -->
<config key="AuthorizeProgress">1</config>
<!-- Show chars on each key press -->
<config key="AuthorizeVisible">0</config>
<!-- Show zones touched -->
<config key="AuthorizeMarkTouch">0</config>
<!-- Number of authorization retries -->
<config key="AuthorizeRetry">10</config>
<!-- Timeout in seconds before <ESC> from password prompt -->
<config key="PasswordTimeout">0</config>
<!-- authorization start message -->
<config key="AuthStartMsg">Authorizing...</config>
<!-- authorization error message -->
<config key="AuthErrorMsg">Authorization failed. Wrong password, PIM or hash.</config>
<!-- PictureChars specifies PasswordPicture alphabet order
It is possible to save it on external USB if SecRegionSearch selected
-->
<!-- config key="PictureChars">MN/[aQ-eyPr}GT: |V^UqiI_gbdA9YwZ%f8t6S@D\"7uXl\\30R#+zH*,W4J?= BLFv]hx~E;$ .o'sp1`(>C)O{!5j2nmkcK</config -->
<!-- AutoLogin 0/1
Posibility to avoid password prompt
AutoPassword is password by default
Use it with PlatformLocked or TPMLocked enabled to lock password to the computer.
-->
<config key="AutoLogin">0</config>
<config key="AutoPassword"></config>
<!-- PimRqt 0/1
Request PIM during authorization
PimMsg - message
Pim - default value
-->
<config key="PimMsg">Pim:</config>
<config key="Pim">0</config>
<config key="PimRqt">1</config>
<!-- HashRqt 0/1
Request hash during authorization
HashMsg - message. It is generated if not specified
Hash - default value
-->
<!-- config key="HashMsg">(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG
Hash:</config-->
<config key="Hash">0</config>
<config key="HashRqt">0</config>
<!-- PlatformLocked 0/1 (it is controled by <F7>)
Password is mixed with data from SMBIOS and USB serial structures
to avoid authorization on another computer
-->
<config key="PlatformLocked">0</config>
<!-- TPMLocked 0/1 (it is controled by <F8>)
Password is mixed with data from TPM
data is in TPM NVRAM and the data is locked to PCRs selected (use configuration <F2> and "c" "t")
BIOS modification or any other boot module blocks authorization with TPMLocked=1
DcsProp is measured to PCR8 also.
TPM 1.2 support only.
-->
<config key="TPMLocked">0</config>
<!-- Display error if TPM configured and locked before password to inform user with pause (sec) -->
<config key="TPMLockedInfoDelay">0</config>
<!-- Random generator to generate salt to change password <F2> function key
2 RDRAND
3 PRNDGEN but state hast to be saved on external USB
5 TPM 1.2 if pressent
-->
<config key="Random">2</config>
<!-- RUD - Require USB device (authorization started if the USB is attached. "what I have")
0 - skip
NNNN - CRC32 decimal value of USB "VID_PID_SERIAL" string
It is possible to configure via DcsWinCfg
or from EFI shell: DcsCfg.dcs -ul
-->
<config key="RUD">0</config>
<!-- Try to find security region -->
<config key="SecRegionSearch">0</config>
<!-- Display device of RUD or SecRegion found with pause (sec) -->
<config key="SecRegionInfoDelay">0</config>
<!-- Ask password even no USB with SecRegions found
ForcePasswordMsg, ForcePasswordType,ForcePasswordProgress keys can overide default values
-->
<config key="DcsBootForce">1</config>
<!--
to find OS partition GUID if ESP and OS uses diffrent disks
-->
<!-- config key="PartitionGuidOS">XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</config-->
<!-- Actions
Success - authorization OK
NotFound - RUD of SecRegion search failed
Failed - <ESC> pressed or AuthorizeRetry limit
It can contain several keywords space separated
Keywords:
Exit – simple exit (default)
Status(code) – override exit status code (0 is OK)
File(path) – path to file to be executed
Guid(xxx-x..) – GUID of partition with file to be executed
Printinfo – print guid, file and status.
Message(msg) – message to display for the action
Postexec – send loader path to DcsBoot to execute after exit
Exec – execute module
Halt – CPU halt
Delay(N) – delay boot
-->
<config key="ActionSuccess">Exit</config>
<config key="ActionNotFound">Exit</config>
<config key="ActionFailed">Exit</config>
<!-- Devices to configure PicturePassword if possible. Check PlatformInfo of your computer
GraphDevice - Graphics device and mode
TouchDevice - Touch device
BeepDevice - ordinary speaker to beep on touch zone
-->
<!-- GraphDevice
-1 - initialize + autodetect
-2 - ignore
<n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
-->
<config key="GraphDevice">-1</config>
<!-- GraphMode
-1 default (see PlatformInfo. or use DcsCfg.dcs -gm <n> to test)
-->
<config key="GraphMode">-1</config>
<!--
TouchDevice
-1 init + autodetect
-2 ignore;
<N> number in list of devices (See platformInfo or use DcsCfg -tl and to test DcsCfg -tt <N>)
-->
<config key="TouchDevice">-1</config>
<!-- TouchSimulate to use keyboard arrows to move touch <F11>/<F12> speed -->
<config key="TouchSimulate">1</config>
<!-- 0/1 Beep if picture zone touched -->
<config key="Beep">0</config>
<!-- BeepDevice (LegacySpeaker.dcs driver is used to support)
-1 - initialize + autodetect
<n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
-->
<config key="BeepDevice">-1</config>
<!-- Beep paramters -->
<config key="BeepNumber">1</config>
<config key="BeepDuration">100</config>
<config key="BeepInterval">0</config>
<config key="BeepTone">1280</config>
<!-- <F4> enable/disable beeps -->
<config key="BeepControl">1</config>
</configuration>
</VeraCrypt>
|