VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/Library/VeraCryptLib/DcsProp
blob: e0b6691a5d7c1241182fa77cba048aba4a520fa0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
  <!-- EFI boot DCS configuration -->
  <configuration>
    <!-- PasswordType 0/1
         0 - text message is displayed
         PasswordMsg to specify message
         1 - touch picture password if touch is supported by EFI. check PlatformInfo
         PasswordPicture to specify bitmap
    -->
    <config key="PasswordType">0</config>
    <config key="PasswordMsg">Password:</config>
    <config key="PasswordPicture">EFI\VeraCrypt\login.bmp</config>

    <!-- Show "*" on each key pressed or picture zone touched -->
    <config key="AuthorizeProgress">1</config>
    <!-- Show chars on each key press -->
    <config key="AuthorizeVisible">0</config>
    <!-- Show zones touched -->
    <config key="AuthorizeMarkTouch">0</config>

    <!-- Number of authorization retries -->
    <config key="AuthorizeRetry">10</config>
    <!-- Timeout in seconds before <ESC> from password prompt -->
    <config key="PasswordTimeout">0</config>

    <!-- authorization start message -->
    <config key="AuthStartMsg">Authorizing...</config>
    <!-- authorization error message -->
    <config key="AuthErrorMsg">Authorization failed. Wrong password, PIM or hash.</config>
    
    <!-- PictureChars specifies PasswordPicture alphabet order
         It is possible to save it on external USB if SecRegionSearch selected
     --> 
    <!-- config key="PictureChars">MN/[aQ-eyPr}GT: |V^UqiI_gbdA9YwZ%f8t6S@D\"7uXl\\30R#+zH*,W4J?= BLFv]hx~E;$ .o'sp1`(>C)O{!5j2nmkcK</config -->

    <!-- AutoLogin 0/1 
    Posibility to avoid password prompt
    AutoPassword is  password by default
    Use it with PlatformLocked or TPMLocked enabled to lock password to the computer.
    -->
    <config key="AutoLogin">0</config>
    <config key="AutoPassword"></config>

    <!-- PimRqt 0/1 
    Request PIM during authorization
    PimMsg - message
    Pim - default value
    -->
    <config key="PimMsg">Pim:</config>
    <config key="Pim">0</config>
    <config key="PimRqt">1</config>

    <!-- HashRqt 0/1 
    Request hash during authorization
    HashMsg - message. It is generated if not specified
    Hash - default value
    -->
    <!-- config key="HashMsg">(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG
Hash:</config-->
    <config key="Hash">0</config>
    <config key="HashRqt">0</config>

    <!-- PlatformLocked 0/1 (it is controled by <F7>)
    Password is mixed with data from SMBIOS and USB serial structures
    to avoid authorization on another computer
    -->
    <config key="PlatformLocked">0</config>

    <!-- TPMLocked 0/1 (it is controled by <F8>)
    Password is mixed with data from TPM
    data is in TPM NVRAM and the data is locked to PCRs selected (use configuration <F2> and "c" "t")
    BIOS modification or any other boot module blocks authorization with TPMLocked=1
    DcsProp is measured to PCR8 also.
    TPM 1.2 support only.
    -->
    <config key="TPMLocked">0</config>
    <!-- Display error if TPM configured and locked before password to inform user with pause (sec) -->
    <config key="TPMLockedInfoDelay">0</config>
    
    <!-- Random generator to generate salt to change password <F2> function key
    2 RDRAND
    3 PRNDGEN but state hast to be saved on external USB
    5 TPM 1.2 if pressent
    -->
    <config key="Random">2</config>

    <!-- RUD - Require USB device (authorization started if the USB is attached. "what I have")
    0 - skip
    NNNN - CRC32 decimal value of USB "VID_PID_SERIAL" string
    It is possible to configure via DcsWinCfg
    or from EFI shell: DcsCfg.dcs -ul
    -->
    <config key="RUD">0</config>

    <!-- Try to find security region -->
    <config key="SecRegionSearch">0</config>
    <!-- Display device of RUD or SecRegion found with pause (sec) -->
    <config key="SecRegionInfoDelay">0</config>

    <!-- Ask password even no USB with SecRegions found 
    ForcePasswordMsg, ForcePasswordType,ForcePasswordProgress keys can overide default values
    -->
    <config key="DcsBootForce">1</config>

    <!-- 
    to find OS partition GUID if ESP and OS uses diffrent disks
    -->
    <!-- config key="PartitionGuidOS">XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</config-->


    <!-- Actions
    Success  - authorization OK
    NotFound - RUD of SecRegion search failed
    Failed   - <ESC> pressed or AuthorizeRetry limit

    It can contain several keywords space separated

    Keywords:
    Exit           – simple exit (default)
    Status(code)   – override exit status code (0 is OK)
    File(path)     – path to file to be executed
    Guid(xxx-x..)  – GUID of partition with file to be executed
    Printinfo      – print guid, file and status.
    Message(msg)   – message to display for the action
    Postexec       – send loader path to DcsBoot to execute after exit
    Exec           – execute module
    Halt           – CPU halt
    Delay(N)       – delay boot
    -->
    <config key="ActionSuccess">Exit</config>
    <config key="ActionNotFound">Exit</config>
    <config key="ActionFailed">Exit</config>

    <!-- Devices to configure PicturePassword if possible. Check PlatformInfo of your computer
    GraphDevice - Graphics device and mode
    TouchDevice - Touch device
    BeepDevice  - ordinary speaker to beep on touch zone
    -->
    
    <!-- GraphDevice 
    -1  - initialize + autodetect
    -2  - ignore
    <n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
    -->
    <config key="GraphDevice">-1</config>
    
    <!-- GraphMode 
    -1 default (see PlatformInfo. or use DcsCfg.dcs -gm <n> to test)
    -->
    <config key="GraphMode">-1</config>

    <!-- 
    TouchDevice 
    -1 init + autodetect
    -2 ignore; 
    <N> number in list of devices (See platformInfo or use DcsCfg -tl and to test DcsCfg -tt <N>)
    -->
    <config key="TouchDevice">-1</config>

    <!-- TouchSimulate to use keyboard arrows to move touch <F11>/<F12> speed -->
    <config key="TouchSimulate">1</config>

    <!-- 0/1 Beep if picture zone touched -->
    <config key="Beep">0</config>
    
    <!-- BeepDevice (LegacySpeaker.dcs driver is used to support)
    -1  - initialize + autodetect
    <n> - number in list of devices (see PlatformInfo or use DcsCfg.dcs -gl )
    -->
    <config key="BeepDevice">-1</config>
    
    <!-- Beep paramters -->
    <config key="BeepNumber">1</config>
    <config key="BeepDuration">100</config>
    <config key="BeepInterval">0</config>
    <config key="BeepTone">1280</config>
    <!-- <F4> enable/disable beeps -->
    <config key="BeepControl">1</config>

  </configuration>
</VeraCrypt>