diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-08-13 22:50:37 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-08-13 22:50:37 +0200 |
| commit | f84d235cf17a92bb51031833da502660d364013f (patch) | |
| tree | 4fd5284f0b5f83d6f7ba9d3d8f5e2700f904ca39 /src/Driver | |
| parent | 8c7962bda7ea260049226fe99a351675fd0780a2 (diff) | |
| download | VeraCrypt-f84d235cf17a92bb51031833da502660d364013f.tar.gz VeraCrypt-f84d235cf17a92bb51031833da502660d364013f.zip | |
Windows: Implement support for mounting partially encrypted system partitions
For now, we force ReadOnly mounting for such partitions.
Diffstat (limited to 'src/Driver')
| -rw-r--r-- | src/Driver/EncryptedIoQueue.c | 2 | ||||
| -rw-r--r-- | src/Driver/EncryptedIoQueue.h | 1 | ||||
| -rw-r--r-- | src/Driver/Ntdriver.c | 15 | ||||
| -rw-r--r-- | src/Driver/Ntvol.c | 8 |
4 files changed, 21 insertions, 5 deletions
diff --git a/src/Driver/EncryptedIoQueue.c b/src/Driver/EncryptedIoQueue.c index 6900fc0d..bdf139a1 100644 --- a/src/Driver/EncryptedIoQueue.c +++ b/src/Driver/EncryptedIoQueue.c @@ -797,7 +797,7 @@ static VOID MainThreadProc (PVOID threadArg) request->OrigDataBufferFragment = dataBuffer; request->Length = dataFragmentLength; - if (queue->IsFilterDevice) + if (queue->IsFilterDevice || queue->bSupportPartialEncryption) { if (queue->EncryptedAreaStart == -1 || queue->EncryptedAreaEnd == -1) { diff --git a/src/Driver/EncryptedIoQueue.h b/src/Driver/EncryptedIoQueue.h index c4b6f269..2ab9dc5b 100644 --- a/src/Driver/EncryptedIoQueue.h +++ b/src/Driver/EncryptedIoQueue.h @@ -49,6 +49,7 @@ typedef struct // File-handle-based IO HANDLE HostFileHandle; + BOOL bSupportPartialEncryption; int64 VirtualDeviceLength; SECURITY_CLIENT_CONTEXT *SecurityClientContext; diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 7f00c9e0..b19ffb77 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -3156,6 +3156,21 @@ VOID VolumeThreadProc (PVOID Context) Extension->Queue.HostFileHandle = Extension->hDeviceFile; Extension->Queue.VirtualDeviceLength = Extension->DiskLength; Extension->Queue.MaxReadAheadOffset.QuadPart = Extension->HostLength; + if (bDevice && pThreadBlock->mount->bPartitionInInactiveSysEncScope + && (!Extension->cryptoInfo->hiddenVolume) + && (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value) + ) + { + // Support partial encryption only in the case of system encryption + Extension->Queue.EncryptedAreaStart = 0; + Extension->Queue.EncryptedAreaEnd = Extension->cryptoInfo->EncryptedAreaLength.Value - 1; + if (Extension->Queue.CryptoInfo->EncryptedAreaLength.Value == 0) + { + Extension->Queue.EncryptedAreaStart = -1; + Extension->Queue.EncryptedAreaEnd = -1; + } + Extension->Queue.bSupportPartialEncryption = TRUE; + } if (Extension->SecurityClientContextValid) Extension->Queue.SecurityClientContext = &Extension->SecurityClientContext; diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c index 177c0bf3..6f2ff399 100644 --- a/src/Driver/Ntvol.c +++ b/src/Driver/Ntvol.c @@ -88,6 +88,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, } mount->VolumeMountedReadOnlyAfterDeviceWriteProtected = FALSE; + mount->VolumeMountedReadOnlyAfterPartialSysEnc = FALSE; // If we are opening a device, query its size first if (bRawDevice) @@ -677,10 +678,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, if (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value) { - // Partial encryption is not supported for volumes mounted as regular - mount->nReturnCode = ERR_ENCRYPTION_NOT_COMPLETED; - ntStatus = STATUS_SUCCESS; - goto error; + // mount as readonly in case of partial system encryption + Extension->bReadOnly = mount->bMountReadOnly = TRUE; + mount->VolumeMountedReadOnlyAfterPartialSysEnc = TRUE; } } else if (Extension->cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) |