diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-03-01 00:32:21 +0100 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-03-01 00:35:54 +0100 |
| commit | edd1b00126fa39396fbb76c73cc3ea17aa955fc8 (patch) | |
| tree | 9a2422d40e8f9d4d5eed8f3b11ca060f42d7d084 | |
| parent | 3d6032d69e2450250ebe8d12808b4934fc6a2354 (diff) | |
| download | VeraCrypt-edd1b00126fa39396fbb76c73cc3ea17aa955fc8.tar.gz VeraCrypt-edd1b00126fa39396fbb76c73cc3ea17aa955fc8.zip | |
Windows Driver: Enable RAM encryption only after its security parameters were created
| -rw-r--r-- | src/Driver/Ntdriver.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index bf57fcdc..70b34f43 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -138,6 +138,7 @@ static BOOL SystemFavoriteVolumeDirty = FALSE; static BOOL PagingFileCreationPrevented = FALSE; static BOOL EnableExtendedIoctlSupport = FALSE; static BOOL AllowTrimCommand = FALSE; +static BOOL RamEncryptionActivated = FALSE; static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL; static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL; static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL; @@ -331,18 +332,16 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1)) { // we enable RAM encryption only starting from Windows 7 - if (IsRamEncryptionEnabled()) + if (RamEncryptionActivated) { if (t1ha_selfcheck__t1ha2() != 0) TC_BUG_CHECK (STATUS_INVALID_PARAMETER); if (!InitializeSecurityParameters(GetDriverRandomSeed)) TC_BUG_CHECK (STATUS_INVALID_PARAMETER); + + EnableRamEncryption (TRUE); } } - else - { - EnableRamEncryption (FALSE); - } #endif for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i) @@ -4513,7 +4512,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) WriteRegistryConfigFlags (flags); } - EnableRamEncryption ((flags & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE); + RamEncryptionActivated = (flags & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE; } EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE); |