VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver
diff options
context:
space:
mode:
Diffstat (limited to 'src/Driver')
-rw-r--r--src/Driver/EncryptedIoQueue.c2
-rw-r--r--src/Driver/EncryptedIoQueue.h1
-rw-r--r--src/Driver/Ntdriver.c15
-rw-r--r--src/Driver/Ntvol.c8
4 files changed, 21 insertions, 5 deletions
diff --git a/src/Driver/EncryptedIoQueue.c b/src/Driver/EncryptedIoQueue.c
index 6900fc0d..bdf139a1 100644
--- a/src/Driver/EncryptedIoQueue.c
+++ b/src/Driver/EncryptedIoQueue.c
@@ -797,7 +797,7 @@ static VOID MainThreadProc (PVOID threadArg)
request->OrigDataBufferFragment = dataBuffer;
request->Length = dataFragmentLength;
- if (queue->IsFilterDevice)
+ if (queue->IsFilterDevice || queue->bSupportPartialEncryption)
{
if (queue->EncryptedAreaStart == -1 || queue->EncryptedAreaEnd == -1)
{
diff --git a/src/Driver/EncryptedIoQueue.h b/src/Driver/EncryptedIoQueue.h
index c4b6f269..2ab9dc5b 100644
--- a/src/Driver/EncryptedIoQueue.h
+++ b/src/Driver/EncryptedIoQueue.h
@@ -49,6 +49,7 @@ typedef struct
// File-handle-based IO
HANDLE HostFileHandle;
+ BOOL bSupportPartialEncryption;
int64 VirtualDeviceLength;
SECURITY_CLIENT_CONTEXT *SecurityClientContext;
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 7f00c9e0..b19ffb77 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -3156,6 +3156,21 @@ VOID VolumeThreadProc (PVOID Context)
Extension->Queue.HostFileHandle = Extension->hDeviceFile;
Extension->Queue.VirtualDeviceLength = Extension->DiskLength;
Extension->Queue.MaxReadAheadOffset.QuadPart = Extension->HostLength;
+ if (bDevice && pThreadBlock->mount->bPartitionInInactiveSysEncScope
+ && (!Extension->cryptoInfo->hiddenVolume)
+ && (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value)
+ )
+ {
+ // Support partial encryption only in the case of system encryption
+ Extension->Queue.EncryptedAreaStart = 0;
+ Extension->Queue.EncryptedAreaEnd = Extension->cryptoInfo->EncryptedAreaLength.Value - 1;
+ if (Extension->Queue.CryptoInfo->EncryptedAreaLength.Value == 0)
+ {
+ Extension->Queue.EncryptedAreaStart = -1;
+ Extension->Queue.EncryptedAreaEnd = -1;
+ }
+ Extension->Queue.bSupportPartialEncryption = TRUE;
+ }
if (Extension->SecurityClientContextValid)
Extension->Queue.SecurityClientContext = &Extension->SecurityClientContext;
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index 177c0bf3..6f2ff399 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -88,6 +88,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
}
mount->VolumeMountedReadOnlyAfterDeviceWriteProtected = FALSE;
+ mount->VolumeMountedReadOnlyAfterPartialSysEnc = FALSE;
// If we are opening a device, query its size first
if (bRawDevice)
@@ -677,10 +678,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value)
{
- // Partial encryption is not supported for volumes mounted as regular
- mount->nReturnCode = ERR_ENCRYPTION_NOT_COMPLETED;
- ntStatus = STATUS_SUCCESS;
- goto error;
+ // mount as readonly in case of partial system encryption
+ Extension->bReadOnly = mount->bMountReadOnly = TRUE;
+ mount->VolumeMountedReadOnlyAfterPartialSysEnc = TRUE;
}
}
else if (Extension->cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC)