VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-03-01 00:32:21 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-03-01 00:35:54 +0100
commitedd1b00126fa39396fbb76c73cc3ea17aa955fc8 (patch)
tree9a2422d40e8f9d4d5eed8f3b11ca060f42d7d084
parent3d6032d69e2450250ebe8d12808b4934fc6a2354 (diff)
downloadVeraCrypt-edd1b00126fa39396fbb76c73cc3ea17aa955fc8.tar.gz
VeraCrypt-edd1b00126fa39396fbb76c73cc3ea17aa955fc8.zip
Windows Driver: Enable RAM encryption only after its security parameters were created
-rw-r--r--src/Driver/Ntdriver.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index bf57fcdc..70b34f43 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -138,6 +138,7 @@ static BOOL SystemFavoriteVolumeDirty = FALSE;
static BOOL PagingFileCreationPrevented = FALSE;
static BOOL EnableExtendedIoctlSupport = FALSE;
static BOOL AllowTrimCommand = FALSE;
+static BOOL RamEncryptionActivated = FALSE;
static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
@@ -331,18 +332,16 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
{
// we enable RAM encryption only starting from Windows 7
- if (IsRamEncryptionEnabled())
+ if (RamEncryptionActivated)
{
if (t1ha_selfcheck__t1ha2() != 0)
TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
if (!InitializeSecurityParameters(GetDriverRandomSeed))
TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
+
+ EnableRamEncryption (TRUE);
}
}
- else
- {
- EnableRamEncryption (FALSE);
- }
#endif
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i)
@@ -4513,7 +4512,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
WriteRegistryConfigFlags (flags);
}
- EnableRamEncryption ((flags & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE);
+ RamEncryptionActivated = (flags & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE;
}
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);