diff options
-rw-r--r-- | src/Common/Format.c | 10 | ||||
-rw-r--r-- | src/Common/Format.h | 1 | ||||
-rw-r--r-- | src/Common/Language.xml | 15 | ||||
-rw-r--r-- | src/Common/Volumes.h | 2 | ||||
-rw-r--r-- | src/Format/Tcformat.c | 26 |
5 files changed, 41 insertions, 13 deletions
diff --git a/src/Common/Format.c b/src/Common/Format.c index ead65463..82487bd7 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -475,6 +475,7 @@ begin_format: case FILESYS_NONE: case FILESYS_NTFS: case FILESYS_EXFAT: + case FILESYS_REFS: if (volParams->bDevice && !StartFormatWriteThread()) { @@ -626,7 +627,7 @@ begin_format: } #ifndef DEBUG - if (volParams->quickFormat && volParams->fileSystem != FILESYS_NTFS && volParams->fileSystem != FILESYS_EXFAT) + if (volParams->quickFormat && volParams->fileSystem != FILESYS_NTFS && volParams->fileSystem != FILESYS_EXFAT && && volParams->fileSystem != FILESYS_REFS) Sleep (500); // User-friendly GUI #endif @@ -660,13 +661,13 @@ error: goto fv_end; } - if (volParams->fileSystem == FILESYS_NTFS || volParams->fileSystem == FILESYS_EXFAT) + if (volParams->fileSystem == FILESYS_NTFS || volParams->fileSystem == FILESYS_EXFAT || volParams->fileSystem == FILESYS_REFS) { // Quick-format volume as NTFS int driveNo = GetLastAvailableDrive (); MountOptions mountOptions; int retCode; - int fsType = (volParams->fileSystem == FILESYS_EXFAT)? FILESYS_EXFAT: FILESYS_NTFS; + int fsType = volParams->fileSystem; ZeroMemory (&mountOptions, sizeof (mountOptions)); @@ -932,6 +933,9 @@ BOOL FormatFs (int driveNo, int clusterSize, int fsType) case FILESYS_EXFAT: StringCchCopyW (szFsFormat, ARRAYSIZE (szFsFormat),L"EXFAT"); break; + case FILESYS_REFS: + StringCchCopyW (szFsFormat, ARRAYSIZE (szFsFormat),L"ReFS"); + break; default: return FALSE; } diff --git a/src/Common/Format.h b/src/Common/Format.h index 0d29ab3b..44d7980c 100644 --- a/src/Common/Format.h +++ b/src/Common/Format.h @@ -86,6 +86,7 @@ static void StopFormatWriteThread (); #define FILESYS_FAT 1 #define FILESYS_NTFS 2 #define FILESYS_EXFAT 3 +#define FILESYS_REFS 4 #ifdef __cplusplus } diff --git a/src/Common/Language.xml b/src/Common/Language.xml index a53d69a2..a2c1312f 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -394,7 +394,7 @@ <string lang="en" key="ADMIN_PRIVILEGES_DRIVER">In order to load the VeraCrypt driver, you need to be logged into an account with administrator privileges.</string> <string lang="en" key="ADMIN_PRIVILEGES_WARN_DEVICES">Please note that in order to encrypt, decrypt or format a partition/device you need to be logged into an account with administrator privileges.\n\nThis does not apply to file-hosted volumes.</string> <string lang="en" key="ADMIN_PRIVILEGES_WARN_HIDVOL">In order to create a hidden volume you need to be logged into an account with administrator privileges.\n\nContinue?</string> - <string lang="en" key="ADMIN_PRIVILEGES_WARN_NTFS">Please note that in order to format the volume as NTFS/exFAT you need to be logged into an account with administrator privileges.\n\nWithout administrator privileges, you can format the volume as FAT.</string> + <string lang="en" key="ADMIN_PRIVILEGES_WARN_NTFS">Please note that in order to format the volume as NTFS/exFAT/ReFS you need to be logged into an account with administrator privileges.\n\nWithout administrator privileges, you can format the volume as FAT.</string> <string lang="en" key="AES_HELP">FIPS-approved cipher (Rijndael, published in 1998) that may be used by U.S. government departments and agencies to protect classified information up to the Top Secret level. 256-bit key, 128-bit block, 14 rounds (AES-256). Mode of operation is XTS.</string> <string lang="en" key="ALREADY_MOUNTED">Volume is already mounted.</string> <string lang="en" key="ERR_SELF_TESTS_FAILED">CAUTION: At least one encryption or hash algorithm failed the built-in automatic self-tests!\n\nVeraCrypt installation may be corrupted.</string> @@ -540,8 +540,8 @@ <string lang="en" key="HIDVOL_PROT_WARN_AFTER_MOUNT">The hidden volume is now protected against damage until the outer volume is dismounted.\n\nWARNING: If any data is attempted to be saved to the hidden volume area, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to the hidden volume area will not be saved and will be lost. Windows may report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").</string> <string lang="en" key="HIDVOL_PROT_WARN_AFTER_MOUNT_PLURAL">Each of the hidden volumes within the newly mounted volumes is now protected against damage until dismounted.\n\nWARNING: If any data is attempted to be saved to protected hidden volume area of any of these volumes, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to protected hidden volume areas will not be saved and will be lost. Windows may report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").</string> <string lang="en" key="DAMAGE_TO_HIDDEN_VOLUME_PREVENTED">WARNING: Data were attempted to be saved to the hidden volume area of the volume mounted as %c:! VeraCrypt prevented these data from being saved in order to protect the hidden volume. This may have caused filesystem corruption on the outer volume and Windows may have reported a write error ("Delayed Write Failed" or "The parameter is incorrect"). The entire volume (both the outer and the hidden part) will be write-protected until it is dismounted. If this is not the first time VeraCrypt has prevented data from being saved to the hidden volume area of this volume, plausible deniability of this hidden volume might be adversely affected (due to possible unusual correlated inconsistencies within the outer volume file system). Therefore, you should consider creating a new VeraCrypt volume (with Quick Format disabled) and moving files from this volume to the new volume; this volume should be securely erased (both the outer and the hidden part). We strongly recommend that you restart the operating system now.</string> - <string lang="en" key="CANNOT_SATISFY_OVER_4G_FILE_SIZE_REQ">You have indicated intent to store files larger than 4 GB on the volume. This requires the volume to be formatted as NTFS/exFAT, which, however, will not be possible.</string> - <string lang="en" key="CANNOT_CREATE_NON_HIDDEN_NTFS_VOLUMES_UNDER_HIDDEN_OS">Please note that when a hidden operating system is running, non-hidden VeraCrypt volumes cannot be formatted as NTFS/exFAT. The reason is that the volume would need to be temporarily mounted without write protection in order to allow the operating system to format it as NTFS (whereas formatting as FAT is performed by VeraCrypt, not by the operating system, and without mounting the volume). For further technical details, see below. You can create a non-hidden NTFS/exFAT volume from within the decoy operating system.</string> + <string lang="en" key="CANNOT_SATISFY_OVER_4G_FILE_SIZE_REQ">You have indicated intent to store files larger than 4 GB on the volume. This requires the volume to be formatted as NTFS/exFAT/ReFS, which, however, will not be possible.</string> + <string lang="en" key="CANNOT_CREATE_NON_HIDDEN_NTFS_VOLUMES_UNDER_HIDDEN_OS">Please note that when a hidden operating system is running, non-hidden VeraCrypt volumes cannot be formatted as NTFS/exFAT/ReFS. The reason is that the volume would need to be temporarily mounted without write protection in order to allow the operating system to format it as NTFS (whereas formatting as FAT is performed by VeraCrypt, not by the operating system, and without mounting the volume). For further technical details, see below. You can create a non-hidden NTFS/exFAT/ReFS volume from within the decoy operating system.</string> <string lang="en" key="HIDDEN_VOL_CREATION_UNDER_HIDDEN_OS_HOWTO">For security reasons, when a hidden operating system is running, hidden volumes can be created only in the 'direct' mode (because outer volumes must always be mounted as read-only). To create a hidden volume securely, follow these steps:\n\n1) Boot the decoy system.\n\n2) Create a normal VeraCrypt volume and, to this volume, copy some sensitive-looking files that you actually do NOT want to hide (the volume will become the outer volume).\n\n3) Boot the hidden system and start the VeraCrypt Volume Creation Wizard. If the volume is file-hosted, move it to the system partition or to another hidden volume (otherwise, the newly created hidden volume would be mounted as read-only and could not be formatted). Follow the instructions in the wizard so as to select the 'direct' hidden volume creation mode.\n\n4) In the wizard, select the volume you created in step 2 and then follow the instructions to create a hidden volume within it.</string> <string lang="en" key="HIDDEN_OS_WRITE_PROTECTION_BRIEF_INFO">For security reasons, when a hidden operating system is running, local unencrypted filesystems and non-hidden VeraCrypt volumes are mounted as read-only (no data can be written to such filesystems or VeraCrypt volumes).\n\nData is allowed to be written to any filesystem that resides within a hidden VeraCrypt volume (provided that the hidden volume is not located in a container stored on an unencrypted filesystem or on any other read-only filesystem).</string> <string lang="en" key="HIDDEN_OS_WRITE_PROTECTION_EXPLANATION">There are three main reasons why such countermeasures have been implemented:\n\n- It enables the creation of a secure platform for mounting of hidden VeraCrypt volumes. Note that we officially recommend that hidden volumes are mounted only when a hidden operating system is running. (For more information, see the subsection 'Security Requirements and Precautions Pertaining to Hidden Volumes' in the documentation.)\n\n- In some cases, it is possible to determine that, at a certain time, a particular filesystem was not mounted under (or that a particular file on the filesystem was not saved or accessed from within) a particular instance of an operating system (e.g. by analyzing and comparing filesystem journals, file timestamps, application logs, error logs, etc). This might indicate that a hidden operating system is installed on the computer. The countermeasures prevent these issues.\n\n- It prevents data corruption and allows safe hibernation. When Windows resumes from hibernation, it assumes that all mounted filesystems are in the same state as when the system entered hibernation. VeraCrypt ensures this by write-protecting any filesystem accessible both from within the decoy and hidden systems. Without such protection, the filesystem could become corrupted when mounted by one system while the other system is hibernated.</string> @@ -670,7 +670,7 @@ <string lang="en" key="SELECT_KEYFILE_GENERATION_DIRECTORY">Select a directory where to store the keyfiles.</string> <string lang="en" key="SELECTED_KEYFILE_IS_CONTAINER_FILE">The current container file was selected as a keyfile. It will be skipped.</string> <string lang="en" key="SERPENT_HELP">Designed by Ross Anderson, Eli Biham, and Lars Knudsen. Published in 1998. 256-bit key, 128-bit block. Mode of operation is XTS. Serpent was one of the AES finalists.</string> - <string lang="en" key="SIZE_HELP">Please specify the size of the container you want to create.\n\nIf you create a dynamic (sparse-file) container, this parameter will specify its maximum possible size.\n\nNote that the minimum possible size of a FAT volume is 292 KB. The minimum possible size of an exFAT volume is 424 KB. The minimum possible size of an NTFS volume is 3792 KB.</string> + <string lang="en" key="SIZE_HELP">Please specify the size of the container you want to create.\n\nIf you create a dynamic (sparse-file) container, this parameter will specify its maximum possible size.\n\nNote that the minimum possible size of a FAT volume is 292 KB. The minimum possible size of an exFAT volume is 424 KB. The minimum possible size of an NTFS volume is 3792 KB. The minimum possible size of an ReFS volume is 642 MB.</string> <string lang="en" key="SIZE_HELP_HIDDEN_HOST_VOL">Please specify the size of the outer volume to be created (you will first create the outer volume and then a hidden volume within it). The minimum possible size of a volume within which a hidden volume is intended to be created is 340 KB.</string> <string lang="en" key="SIZE_HELP_HIDDEN_VOL">Please specify the size of the hidden volume to create. The minimum possible size of a hidden volume is 40 KB (or 3664 KB if it is formatted as NTFS). The maximum possible size you can specify for the hidden volume is displayed above.</string> <string lang="en" key="SIZE_HIDVOL_HOST_TITLE">Outer Volume Size</string> @@ -729,11 +729,11 @@ <string lang="en" key="ALL_FILES">All Files</string> <string lang="en" key="TC_VOLUMES">VeraCrypt Volumes</string> <string lang="en" key="DLL_FILES">Library Modules</string> - <string lang="en" key="FORMAT_NTFS_STOP">NTFS/exFAT formatting cannot continue.</string> + <string lang="en" key="FORMAT_NTFS_STOP">NTFS/exFAT/ReFS formatting cannot continue.</string> <string lang="en" key="CANT_MOUNT_VOLUME">Cannot mount volume.</string> <string lang="en" key="CANT_DISMOUNT_VOLUME">Cannot dismount volume.</string> - <string lang="en" key="FORMAT_NTFS_FAILED">Windows failed to format the volume as NTFS/exFAT.\n\nPlease select a different type of file system (if possible) and try again. Alternatively, you could leave the volume unformatted (select 'None' as the filesystem), exit this wizard, mount the volume, and then use either a system or a third-party tool to format the mounted volume (the volume will remain encrypted).</string> - <string lang="en" key="FORMAT_NTFS_FAILED_ASK_FAT">Windows failed to format the volume as NTFS/exFAT.\n\nDo you want to format the volume as FAT instead?</string> + <string lang="en" key="FORMAT_NTFS_FAILED">Windows failed to format the volume as NTFS/exFAT/ReFS.\n\nPlease select a different type of file system (if possible) and try again. Alternatively, you could leave the volume unformatted (select 'None' as the filesystem), exit this wizard, mount the volume, and then use either a system or a third-party tool to format the mounted volume (the volume will remain encrypted).</string> + <string lang="en" key="FORMAT_NTFS_FAILED_ASK_FAT">Windows failed to format the volume as NTFS/exFAT/ReFS.\n\nDo you want to format the volume as FAT instead?</string> <string lang="en" key="DEFAULT">Default</string> <string lang="en" key="PARTITION_LOWER_CASE">partition</string> <string lang="en" key="PARTITION_UPPER_CASE">PARTITION</string> @@ -1414,6 +1414,7 @@ <string lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly extracted.\n\nIf you have extracted the Rescue Disk image to a USB stick, please eject it and reinsert it; then try again. If this does not help, please try other ZIP software and/or medium.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created for a different master key, password, salt, etc., please note that such Rescue Disk will always fail this verification. To create a new Rescue Disk fully compatible with your current configuration, select 'System' > 'Create Rescue Disk'.</string> <string lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CREATION">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you need to extract the Rescue Disk image to a USB stick that is formatted as FAT/FAT32.\n\nIMPORTANT: Note that the zip file must be extracted directly to the root of the USB stick. For example, if the drive letter of the USB stick is E: then extracting the zip file should create a folder E:\\EFI on the USB stick.\n\nAfter you create the Rescue Disk, select 'System' > 'Verify Rescue Disk' to verify that it has been correctly created.</string> <control lang="en" key="IDC_SECURE_DESKTOP_PASSWORD_ENTRY">Use Secure Desktop for password entry</control> + <string lang="en" key="ERR_REFS_INVALID_VOLUME_SIZE">The volume file size specified in the command line is incompatible with selected ReFS filesystem.</string> </localization> <!-- XML Schema --> <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema"> diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h index 3fe3a450..710ccc45 100644 --- a/src/Common/Volumes.h +++ b/src/Common/Volumes.h @@ -77,6 +77,8 @@ extern "C" { #define TC_MAX_FAT_CLUSTER_SIZE (256 * BYTES_PER_KB) // Windows XP/Vista may crash when writing to a filesystem using clusters larger than 256 KB #define TC_MIN_EXFAT_FS_SIZE (42 * TC_MAX_VOLUME_SECTOR_SIZE) #define TC_MAX_EXFAT_FS_SIZE (128LL * BYTES_PER_PB) +#define TC_MIN_REFS_FS_SIZE (641 * BYTES_PER_MB) // minimal allowed volume size with 4KiB clusters. Determined empirically. +#define TC_MAX_REFS_FS_SIZE (0xFFFFFFFFFFFFFFFFULL) // real limit is 1 Yobibyte but it's too large for 64-bit integer // Volume size limits #define TC_MIN_VOLUME_SIZE (TC_TOTAL_VOLUME_HEADERS_SIZE + TC_MIN_FAT_FS_SIZE) diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 16b93db1..3f52fd3f 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -2556,7 +2556,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg) // Check administrator privileges if (!IsAdmin () && !IsUacSupported ()) { - if (fileSystem == FILESYS_NTFS || fileSystem == FILESYS_EXFAT) + if (fileSystem == FILESYS_NTFS || fileSystem == FILESYS_EXFAT || fileSystem == FILESYS_REFS) { if (Silent || (MessageBoxW (hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_NTFS"), lpszTitle, MB_OKCANCEL|MB_ICONWARNING|MB_DEFBUTTON2) == IDCANCEL)) goto cancel; @@ -4835,6 +4835,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa BOOL bNTFSallowed = FALSE; BOOL bFATallowed = FALSE; BOOL bEXFATallowed = FALSE; + BOOL bReFSallowed = FALSE; BOOL bNoFSallowed = FALSE; HCRYPTPROV hRngProv; @@ -4971,6 +4972,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"exFAT", FILESYS_EXFAT); bEXFATallowed = TRUE; } + + //ReFS write support activated by default starting from Windows 10 + //We don't support it yet for the creation of hidden volumes + if ((!bHiddenVolHost) && IsOSVersionAtLeast (WIN_10, 0) && dataAreaSize >= TC_MIN_REFS_FS_SIZE && dataAreaSize <= TC_MAX_REFS_FS_SIZE) + { + AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"ReFS", FILESYS_REFS); + bReFSallowed = TRUE; + } } else { @@ -4992,12 +5001,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { // Set default file system - if (bFATallowed && !(nNeedToStoreFilesOver4GB == 1 && (bNTFSallowed || bEXFATallowed))) + if (bFATallowed && !(nNeedToStoreFilesOver4GB == 1 && (bNTFSallowed || bEXFATallowed || bReFSallowed))) fileSystem = FILESYS_FAT; else if (bEXFATallowed) fileSystem = FILESYS_EXFAT; else if (bNTFSallowed) fileSystem = FILESYS_NTFS; + else if (bReFSallowed) + fileSystem = FILESYS_REFS; else if (bNoFSallowed) fileSystem = FILESYS_NONE; else @@ -6177,6 +6188,13 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa AbortProcess ("ERR_EXFAT_INVALID_VOLUME_SIZE"); } + if ( (fileSystem == FILESYS_REFS) && + (dataAreaSize < TC_MIN_REFS_FS_SIZE || dataAreaSize > TC_MAX_REFS_FS_SIZE) + ) + { + AbortProcess ("ERR_REFS_INVALID_VOLUME_SIZE"); + } + if ( (fileSystem == FILESYS_FAT) && (dataAreaSize < TC_MIN_FAT_FS_SIZE || dataAreaSize > (TC_MAX_FAT_SECTOR_COUNT * GetFormatSectorSize())) ) @@ -8294,7 +8312,7 @@ retryCDDriveCheck: { // Creating a non-hidden volume under a hidden OS - if (fileSystem == FILESYS_NTFS || fileSystem == FILESYS_EXFAT) + if (fileSystem == FILESYS_NTFS || fileSystem == FILESYS_EXFAT || fileSystem == FILESYS_REFS) { WarningDirect ((wstring (GetString ("CANNOT_CREATE_NON_HIDDEN_NTFS_VOLUMES_UNDER_HIDDEN_OS")) + L"\n\n" @@ -8965,6 +8983,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) CmdVolumeFilesystem = FILESYS_NTFS; else if (IsOSVersionAtLeast (WIN_VISTA, 1) && _wcsicmp(szTmp, L"EXFAT") == 0) CmdVolumeFilesystem = FILESYS_EXFAT; + else if (IsOSVersionAtLeast (WIN_10, 0) && _wcsicmp(szTmp, L"ReFS") == 0) + CmdVolumeFilesystem = FILESYS_REFS; else { AbortProcess ("COMMAND_LINE_ERROR"); |