VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Boot
AgeCommit message (Collapse)AuthorFilesLines
2018-03-30Windows: Update EFI bootloader files for 1.22 releaseMounir IDRASSI6-0/+0
2018-03-28Windows: Update EFI bootloader files for 1.22-BETA8Mounir IDRASSI6-0/+0
2018-03-27Windows: Update EFI bootloader files for 1.22-BETA7Mounir IDRASSI6-0/+0
2018-03-22Update EFI bootloader files to latest VeraCrypt-DCS (commit "llmath updated ↵Mounir IDRASSI14-0/+0
(EFI based)")
2017-08-02Windows MBR bootloader: reduce CPU usage during password prompt (Credit: ↵Mounir IDRASSI1-1/+22
Jason Pyeron of CipherShed project https://github.com/CipherShed/CipherShed/commit/00ea00e8e6a23a4243316f860aa07ed59203ab97)
2017-07-23Windows MBR Bootloader: always compress bootloader with upx to reduce ↵Mounir IDRASSI1-2/+2
runtime memory requirement thanks to its in-place decompression.
2017-07-22Windows: reduce size of MBR bootloader by removing unused functions in each ↵Mounir IDRASSI2-4/+8
build type.
2017-07-20Windows: display prompt to upgrade Rescue Disk when installing 1.22 version ↵Mounir IDRASSI1-1/+1
because of the fix for hidden os boot issue on some machines.
2017-07-19Windows MBR bootloader: remove unused test function in release buildMounir IDRASSI2-0/+5
2017-07-09Windows: Update EFI bootloader files from VeraCrypt-DCS 1.21 after Camellia ↵Mounir IDRASSI2-0/+0
64bit assembly changes
2017-07-07Windows: display prompt to upgrade Rescue Disk when installing 1.21 version.Mounir IDRASSI1-1/+1
2017-07-07Windows: Update EFI bootloader files from VeraCrypt-DCS 1.21Mounir IDRASSI4-0/+0
2017-07-02Windows: Update EFI bootloader file from latest VeraCrypt-DCS 1.21Mounir IDRASSI6-0/+0
2017-06-29Windows: Update EFI bootloader file from latest VeraCrypt-DCSMounir IDRASSI4-0/+0
2017-06-23Update IDRIX copyright yearMounir IDRASSI25-25/+25
2017-06-21Windows: Update EFI bootloader file from latest VeraCrypt-DCS that includes ↵Mounir IDRASSI4-0/+0
Camellia 64-bit speed optimization
2017-06-21Update EFI bootloader files to latest VeraCrypt-DCS (commit "BML flags added")Mounir IDRASSI10-0/+0
2017-06-11Windows: Update EFI bootloader file from latest VeraCrypt-DCS 1.20Mounir IDRASSI14-0/+0
2017-06-05cland static code analyzer fixeskavsrf1-15/+19
2017-06-05Beta2 patch 1kavsrf7-5/+4
Edit DcsProp and PlatformInfo from System->Settings EFI loader updated
2017-06-05DcsInfo is addedkavsrf14-0/+0
2016-12-30Windows: Update EFI bootloader file from latest VeraCrypt-DCS 1.20-BETA2 build.Mounir IDRASSI6-0/+0
2016-12-07Windows: Update EFI bootloader file from latest VeraCrypt-DCS build that ↵Mounir IDRASSI6-0/+0
includes fix for Rescue Disk decryption bug.
2016-10-17Windows: Support EFI system encryption for 32-bit Windows.Mounir IDRASSI6-0/+0
2016-10-17Windows: Update EFI bootloader file from latest VeraCrypt-DCS build.Mounir IDRASSI3-0/+0
2016-10-17Windows: Add latest DCS bootloader binaries built against latest sourcesMounir IDRASSI4-0/+0
2016-10-17Windows Bootloader: fix issue in copy process of hidden OS caused by use of ↵Mounir IDRASSI1-1/+4
wrong PIM.
2016-10-17Windows MBR Bootloader: compress Camellia Rescue Disk bootloader to reduce ↵Mounir IDRASSI1-1/+1
size ( < 13312 bytes), allowing a backup copy to be included in the Rescue Disk.
2016-10-17Windows Bootloader: for MBR bootloader, reset position pointers to keystroke ↵Mounir IDRASSI1-0/+6
buffer after password or PIM is entered to avoid leaking length information
2016-08-21Windows: force the update of rescue disk from version 1.18 because of the ↵Mounir IDRASSI1-1/+1
fixes in EFI bootloader
2016-08-21Windows Boot: About EFI Bootloader files linked against latest sourcesMounir IDRASSI3-0/+0
2016-08-17Windows Boot: update EFI Boot Loader file after correction made to wrong ↵Mounir IDRASSI2-0/+0
password error message.
2016-08-17Add reference to VeraCrypt-DCS EFI Boot loader in Readme. Update copyrights.Mounir IDRASSI1-1/+23
2016-08-17Windows Bootloader: Update EFI bootloader files built using the latest ↵Mounir IDRASSI3-0/+0
source modifications
2016-08-17Linux: fix various compilation issues under Linux.Mounir IDRASSI1-1/+1
2016-08-15Windows: Add DCS EFI Bootloader files that are signed. Add certificates and ↵Mounir IDRASSI29-0/+38
powershell script to update Secure Boot configuration.
2016-08-15Windows: Synchronize file with changes done in EFI Bootloader DCS.kavsrf1-33/+66
2016-08-15Windows EFI Bootloader: modifications to prepare EFI system encryption ↵Alex2-1/+109
support (common files with DcsBoot)
2016-06-17Windows: Use Visual C++ 2010 instead of Visual C++ 2008.Mounir IDRASSI3-0/+424
2016-06-02Crypto: Add support for Japanese encryption standard Camellia, including for ↵Mounir IDRASSI3-3/+12
system encryption.
2016-05-10Remove trailing whitespaceDavid Foerster25-96/+96
2016-05-10Normalize all line terminatorsDavid Foerster27-5110/+5110
2016-04-20Windows: Reduce memory usage of Rescue Disk for cascades by 1KB.Mounir IDRASSI1-5/+1
2016-04-20Windows: Add option to avoid PIM prompt in pre-boot authentication by ↵Mounir IDRASSI6-59/+86
storing PIM value unencrypted in MBR.
2016-02-22Windows bootloader: try to fix boot issues on some machines by increasing ↵Mounir IDRASSI1-5/+5
required memory by 1 KiB
2016-01-29Windows Bootloader: Always hide password/PIM values with '*' after ENTER is ↵Mounir IDRASSI1-15/+15
hit, even if F5 was pressed to display password/PIM.
2016-01-20Copyright: update dates to include 2016.Mounir IDRASSI25-25/+25
2015-12-05Windows Rescue Disk: when decryption paused/finished, display message to ↵Mounir IDRASSI1-0/+4
indicate that header is being updated
2015-11-26Windows Bootloader: Avoid displaying empty new line between password and PIM ↵Mounir IDRASSI1-1/+4
after filling password field with dummy '*'.
2015-10-15Windows Rescue Disk: compress bootloader for rescue disk in several more ↵Mounir IDRASSI1-2/+2
cases because of its growing size.
sterSize = 4 * BYTES_PER_KB; else if (volumeSize >= 256 * BYTES_PER_MB) clusterSize = 2 * BYTES_PER_KB; else if (volumeSize >= 1 * BYTES_PER_MB) clusterSize = 1 * BYTES_PER_KB; else clusterSize = 512; ft->cluster_size = clusterSize / ft->sector_size; if (ft->cluster_size == 0) ft->cluster_size = 1; if (ft->cluster_size * ft->sector_size > TC_MAX_FAT_CLUSTER_SIZE) ft->cluster_size = TC_MAX_FAT_CLUSTER_SIZE / ft->sector_size; if (ft->cluster_size > 128) ft->cluster_size = 128; } if (volumeSize <= TC_MAX_FAT_CLUSTER_SIZE * 4) ft->cluster_size = 1; // Geometry always set to SECTORS/1/1 ft->secs_track = 1; ft->heads = 1; ft->dir_entries = 512; ft->fats = 2; ft->media = 0xf8; ft->hidden = 0; ft->size_root_dir = ft->dir_entries * 32; // FAT12 ft->size_fat = 12; ft->reserved = 2; fatsecs = ft->num_sectors - (ft->size_root_dir + ft->sector_size - 1) / ft->sector_size - ft->reserved; ft->cluster_count = (int) (((__int64) fatsecs * ft->sector_size) / (ft->cluster_size * ft->sector_size)); ft->fat_length = (((ft->cluster_count * 3 + 1) >> 1) + ft->sector_size - 1) / ft->sector_size; if (ft->cluster_count >= 4085) // FAT16 { ft->size_fat = 16; ft->reserved = 2; fatsecs = ft->num_sectors - (ft->size_root_dir + ft->sector_size - 1) / ft->sector_size - ft->reserved; ft->cluster_count = (int) (((__int64) fatsecs * ft->sector_size) / (ft->cluster_size * ft->sector_size)); ft->fat_length = (ft->cluster_count * 2 + ft->sector_size - 1) / ft->sector_size; } if(ft->cluster_count >= 65525) // FAT32 { ft->size_fat = 32; ft->reserved = 32 - 1; do { ft->reserved++; fatsecs = ft->num_sectors - ft->reserved; ft->size_root_dir = ft->cluster_size * ft->sector_size; ft->cluster_count = (int) (((__int64) fatsecs * ft->sector_size) / (ft->cluster_size * ft->sector_size)); ft->fat_length = (ft->cluster_count * 4 + ft->sector_size - 1) / ft->sector_size; // Align data area on TC_MAX_VOLUME_SECTOR_SIZE } while (ft->sector_size == TC_SECTOR_SIZE_LEGACY && (ft->reserved * ft->sector_size + ft->fat_length * ft->fats * ft->sector_size) % TC_MAX_VOLUME_SECTOR_SIZE != 0); } ft->cluster_count -= ft->fat_length * ft->fats / ft->cluster_size; if (ft->num_sectors >= 65536 || ft->size_fat == 32) { ft->sectors = 0; ft->total_sect = ft->num_sectors; } else { ft->sectors = (uint16) ft->num_sectors; ft->total_sect = 0; } } void PutBoot (fatparams * ft, unsigned char *boot) { int cnt = 0; boot[cnt++] = 0xeb; /* boot jump */ boot[cnt++] = 0x3c; boot[cnt++] = 0x90; memcpy (boot + cnt, "MSDOS5.0", 8); /* system id */ cnt += 8; *(__int16 *)(boot + cnt) = LE16(ft->sector_size); /* bytes per sector */ cnt += 2; boot[cnt++] = (__int8) ft->cluster_size; /* sectors per cluster */ *(__int16 *)(boot + cnt) = LE16(ft->reserved); /* reserved sectors */ cnt += 2; boot[cnt++] = (__int8) ft->fats; /* 2 fats */ if(ft->size_fat == 32) { boot[cnt++] = 0x00; boot[cnt++] = 0x00; } else { *(__int16 *)(boot + cnt) = LE16(ft->dir_entries); /* 512 root entries */ cnt += 2; } *(__int16 *)(boot + cnt) = LE16(ft->sectors); /* # sectors */ cnt += 2; boot[cnt++] = (__int8) ft->media; /* media byte */ if(ft->size_fat == 32) { boot[cnt++] = 0x00; boot[cnt++] = 0x00; } else { *(__int16 *)(boot + cnt) = LE16((uint16) ft->fat_length); /* fat size */ cnt += 2; } *(__int16 *)(boot + cnt) = LE16(ft->secs_track); /* # sectors per track */ cnt += 2; *(__int16 *)(boot + cnt) = LE16(ft->heads); /* # heads */ cnt += 2; *(__int32 *)(boot + cnt) = LE32(ft->hidden); /* # hidden sectors */ cnt += 4; *(__int32 *)(boot + cnt) = LE32(ft->total_sect); /* # huge sectors */ cnt += 4; if(ft->size_fat == 32) { *(__int32 *)(boot + cnt) = LE32(ft->fat_length); cnt += 4; /* fat size 32 */ boot[cnt++] = 0x00; /* ExtFlags */ boot[cnt++] = 0x00; boot[cnt++] = 0x00; /* FSVer */ boot[cnt++] = 0x00; boot[cnt++] = 0x02; /* RootClus */ boot[cnt++] = 0x00; boot[cnt++] = 0x00; boot[cnt++] = 0x00; boot[cnt++] = 0x01; /* FSInfo */ boot[cnt++] = 0x00; boot[cnt++] = 0x06; /* BkBootSec */ boot[cnt++] = 0x00; memset(boot+cnt, 0, 12); cnt+=12; /* Reserved */ } boot[cnt++] = 0x00; /* drive number */ // FIXED 80 > 00 boot[cnt++] = 0x00; /* reserved */ boot[cnt++] = 0x29; /* boot sig */ memcpy (boot + cnt, ft->volume_id, 4); /* vol id */ cnt += 4; memcpy (boot + cnt, ft->volume_name, 11); /* vol title */ cnt += 11; switch(ft->size_fat) /* filesystem type */ { case 12: memcpy (boot + cnt, "FAT12 ", 8); break; case 16: memcpy (boot + cnt, "FAT16 ", 8); break; case 32: memcpy (boot + cnt, "FAT32 ", 8); break; } cnt += 8; memset (boot + cnt, 0, ft->size_fat==32 ? 420:448); /* boot code */ cnt += ft->size_fat==32 ? 420:448; boot[cnt++] = 0x55; boot[cnt++] = 0xaa; /* boot sig */ } /* FAT32 FSInfo */ static void PutFSInfo (unsigned char *sector, fatparams *ft) { memset (sector, 0, ft->sector_size); sector[3]=0x41; /* LeadSig */ sector[2]=0x61; sector[1]=0x52; sector[0]=0x52; sector[484+3]=0x61; /* StrucSig */ sector[484+2]=0x41; sector[484+1]=0x72; sector[484+0]=0x72; // Free cluster count *(uint32 *)(sector + 488) = LE32 (ft->cluster_count - ft->size_root_dir / ft->sector_size / ft->cluster_size); // Next free cluster *(uint32 *)(sector + 492) = LE32 (2); sector[508+3]=0xaa; /* TrailSig */ sector[508+2]=0x55; sector[508+1]=0x00; sector[508+0]=0x00; } int FormatFat (unsigned __int64 startSector, fatparams * ft, void * dev, PCRYPTO_INFO cryptoInfo, BOOL quickFormat) { int write_buf_cnt = 0; char sector[TC_MAX_VOLUME_SECTOR_SIZE], *write_buf; unsigned __int64 nSecNo = startSector; int x, n; int retVal; char temporaryKey[MASTER_KEYDATA_SIZE]; LARGE_INTEGER startOffset; LARGE_INTEGER newOffset; // Seek to start sector startOffset.QuadPart = startSector * ft->sector_size; if (!SetFilePointerEx ((HANDLE) dev, startOffset, &newOffset, FILE_BEGIN) || newOffset.QuadPart != startOffset.QuadPart) { return ERR_VOL_SEEKING; } /* Write the data area */ write_buf = (char *)TCalloc (FormatWriteBufferSize); if (!write_buf) return ERR_OUTOFMEMORY; memset (sector, 0, ft->sector_size); RandgetBytes (ft->volume_id, sizeof (ft->volume_id), FALSE); PutBoot (ft, (unsigned char *) sector); if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; /* fat32 boot area */ if (ft->size_fat == 32) { /* fsinfo */ PutFSInfo((unsigned char *) sector, ft); if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; /* reserved */ while (nSecNo - startSector < 6) { memset (sector, 0, ft->sector_size); sector[508+3]=0xaa; /* TrailSig */ sector[508+2]=0x55; if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; } /* bootsector backup */ memset (sector, 0, ft->sector_size); PutBoot (ft, (unsigned char *) sector); if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; PutFSInfo((unsigned char *) sector, ft); if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; } /* reserved */ while (nSecNo - startSector < (unsigned int)ft->reserved) { memset (sector, 0, ft->sector_size); if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; } /* write fat */ for (x = 1; x <= ft->fats; x++) { for (n = 0; n < ft->fat_length; n++) { memset (sector, 0, ft->sector_size); if (n == 0) { unsigned char fat_sig[12]; if (ft->size_fat == 32) { fat_sig[0] = (unsigned char) ft->media; fat_sig[1] = fat_sig[2] = 0xff; fat_sig[3] = 0x0f; fat_sig[4] = fat_sig[5] = fat_sig[6] = 0xff; fat_sig[7] = 0x0f; fat_sig[8] = fat_sig[9] = fat_sig[10] = 0xff; fat_sig[11] = 0x0f; memcpy (sector, fat_sig, 12); } else if (ft->size_fat == 16) { fat_sig[0] = (unsigned char) ft->media; fat_sig[1] = 0xff; fat_sig[2] = 0xff; fat_sig[3] = 0xff; memcpy (sector, fat_sig, 4); } else if (ft->size_fat == 12) { fat_sig[0] = (unsigned char) ft->media; fat_sig[1] = 0xff; fat_sig[2] = 0xff; fat_sig[3] = 0x00; memcpy (sector, fat_sig, 4); } } if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; } } /* write rootdir */ for (x = 0; x < ft->size_root_dir / ft->sector_size; x++) { memset (sector, 0, ft->sector_size); if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; } /* Fill the rest of the data area with random data */ if(!quickFormat) { if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo)) goto fail; /* Generate a random temporary key set to be used for "dummy" encryption that will fill the free disk space (data area) with random data. This is necessary for plausible deniability of hidden volumes (and also reduces the amount of predictable plaintext within the volume). */ // Temporary master key if (!RandgetBytes (temporaryKey, EAGetKeySize (cryptoInfo->ea), FALSE)) goto fail; // Temporary secondary key (XTS mode) if (!RandgetBytes (cryptoInfo->k2, sizeof cryptoInfo->k2, FALSE)) goto fail; retVal = EAInit (cryptoInfo->ea, temporaryKey, cryptoInfo->ks); if (retVal != ERR_SUCCESS) { burn (temporaryKey, sizeof(temporaryKey)); return retVal; } if (!EAInitMode (cryptoInfo)) { burn (temporaryKey, sizeof(temporaryKey)); return ERR_MODE_INIT_FAILED; } x = ft->num_sectors - ft->reserved - ft->size_root_dir / ft->sector_size - ft->fat_length * 2; while (x--) { if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo) == FALSE) goto fail; } UpdateProgressBar (nSecNo * ft->sector_size); } else UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size); if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo)) goto fail; TCfree (write_buf); burn (temporaryKey, sizeof(temporaryKey)); return 0; fail: TCfree (write_buf); burn (temporaryKey, sizeof(temporaryKey)); return ERR_OS_ERROR; }