Windows Driver: erase system encryption keys from memory during shutdown/reboot to help mitigate some cold boot attacks

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-01-09 00:15:51 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-01-09 00:30:05 +0100
commit: 7c2cf7889f96292d037c21c680b641f70a4d390f (patch)
tree: d917ecc8153cc4cbc8ef5433bf386f5f4b5d8a26 /src
parent: 11f0b99846e9ca497284b57425a845474f1c39bf (diff)
download: VeraCrypt-7c2cf7889f96292d037c21c680b641f70a4d390f.tar.gz
VeraCrypt-7c2cf7889f96292d037c21c680b641f70a4d390f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index bb7083ce..2daf1f52 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -917,8 +917,9 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte
 		while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES);
 	}
 
-#if 0	// Dismount of the system drive is disabled until there is a way to do it without causing system errors (see the documentation for more info)
+	// Dismount the system drive on shutdown on Windows 7 and later
 	if (DriverShuttingDown
+		&& IsOSAtLeast (WIN_7)
 		&& Extension->BootDrive
 		&& Extension->DriveMounted
 		&& irpSp->MinorFunction == IRP_MN_SET_POWER
@@ -926,7 +927,6 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte
 	{
 		DismountDrive (Extension, TRUE);
 	}
-#endif // 0
 
 	PoStartNextPowerIrp (Irp);
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-01-09 00:15:51 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-01-09 00:30:05 +0100
commit	7c2cf7889f96292d037c21c680b641f70a4d390f (patch)
tree	d917ecc8153cc4cbc8ef5433bf386f5f4b5d8a26 /src
parent	11f0b99846e9ca497284b57425a845474f1c39bf (diff)
download	VeraCrypt-7c2cf7889f96292d037c21c680b641f70a4d390f.tar.gz VeraCrypt-7c2cf7889f96292d037c21c680b641f70a4d390f.zip