diff options
-rw-r--r-- | src/Common/Apidrvr.h | 2 | ||||
-rw-r--r-- | src/Driver/DriveFilter.c | 1 | ||||
-rw-r--r-- | src/Driver/Driver.rc | 4 | ||||
-rw-r--r-- | src/Driver/Ntdriver.c | 14 | ||||
-rw-r--r-- | src/Driver/Ntdriver.h | 1 |
5 files changed, 20 insertions, 2 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 36946e6c..2eddc3dd 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -420,6 +420,8 @@ typedef struct #define VC_ENCRYPTION_ITEM_COUNT DRIVER_STR("VeraCryptEncryptionItemCount") #define VC_ENCRYPTION_FRAGMENT_SIZE DRIVER_STR("VeraCryptEncryptionFragmentSize") +#define VC_ERASE_KEYS_SHUTDOWN DRIVER_STR("VeraCryptEraseKeysShutdown") + // WARNING: Modifying the following values can introduce incompatibility with previous versions. #define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD 0x1 #define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES 0x2 diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index d3510052..0da212f6 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -988,6 +988,7 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte // Dismount the system drive on shutdown on Windows 7 and later if (DriverShuttingDown + && EraseKeysOnShutdown && IsOSAtLeast (WIN_7) && Extension->BootDrive && Extension->DriveMounted diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc index 3af073ce..ef233463 100644 --- a/src/Driver/Driver.rc +++ b/src/Driver/Driver.rc @@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US // VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,25,6,1 - PRODUCTVERSION 1,25,6,1 + FILEVERSION 1,25,8,0 + PRODUCTVERSION 1,25,8,0 FILEFLAGSMASK 0x17L #ifdef _DEBUG FILEFLAGS 0x1L diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 6f068a8f..e70c0463 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -135,6 +135,7 @@ BOOL CacheBootPim = FALSE; BOOL NonAdminSystemFavoritesAccessDisabled = FALSE; BOOL BlockSystemTrimCommand = FALSE; BOOL AllowWindowsDefrag = FALSE; +BOOL EraseKeysOnShutdown = TRUE; // by default, we erase encryption keys on system shutdown static size_t EncryptionThreadPoolFreeCpuCountLimit = 0; static BOOL SystemFavoriteVolumeDirty = FALSE; static BOOL PagingFileCreationPrevented = FALSE; @@ -4856,6 +4857,19 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) } + if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ERASE_KEYS_SHUTDOWN, &data))) + { + if (data->Type == REG_DWORD) + { + if (*((uint32 *) data->Data)) + EraseKeysOnShutdown = TRUE; + else + EraseKeysOnShutdown = FALSE; + } + + TCfree (data); + } + return status; } diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h index b7e2d56e..3bbeb457 100644 --- a/src/Driver/Ntdriver.h +++ b/src/Driver/Ntdriver.h @@ -128,6 +128,7 @@ extern BOOL AllowWindowsDefrag; extern int EncryptionIoRequestCount; extern int EncryptionItemCount; extern int EncryptionFragmentSize; +extern BOOL EraseKeysOnShutdown; /* Helper macro returning x seconds in units of 100 nanoseconds */ #define WAIT_SECONDS(x) ((x)*10000000) |