| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* refactor: use UNMOUNT instead of DISMOUNT in code
This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.
* refactor(ui): use unmount instead of dismount
This change updates the GUI text and replaces dismount with unmount.
* docs: update term dismount -> unmount
* refactor(cmdline): add unmount
This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.
* docs: mention that /dismount is deprecated
This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
|
|
Update Windows drivers.
|
|
1024. Queue write IRPs.
- Made the maximum work items count configurable to allow flexibility based on system needs.
- Increased the default value of max work items count to 1024 to better handle high-throughput scenarios.
- Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
|
|
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
|
|
|
|
mitigation (ASLR, Dynamic code, extension points)
Memory protection can be disabled using registry value "VeraCryptEnableMemoryProtection" under the key "HKLM\SYSTEM\CurrentControlSet\Services\veracrypt"
|
|
For now, we force ReadOnly mounting for such partitions.
|
|
|
|
shutdown/reboot. This helps solve BSOD during shutdown/reboot on some machines.
Under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt", create a REG_DWORD value named "VeraCryptEraseKeysShutdown" and set its value to 0.
|
|
IOCTL code to read used values from user space maximum value for EncryptionFragmentSize is 2048 maximum value for EncryptionIoRequestCount is 8192 maximum value for EncryptionItemCount is (EncryptionIoRequestCount/2)
|
|
queue Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt: - VeraCryptEncryptionFragmentSize (REG_DWORD): size of encryption data fragment in KiB. Default is 256. - VeraCryptEncryptionIoRequestCount (REG_DWORD): maximum number of parallel I/O requests. Default is 16. - VeraCryptEncryptionItemCount (REG_DWORD): maximum number of encryption queue items processed in parallel. Default is 8.
|
|
driver
|
|
cipher and t1ha non-cryptographic fast hash (https://github.com/leo-yuriev/t1ha)
|
|
which is now disabled by default
|
|
new device is inserted. Better implementation for update of EFI bootloader without usage of drive letters (this can fix random issues encountered during Windows upgrade).
|
|
clearing of all encryption keys from memory. This entry point requires administrative privileges and it will caused BSDO when system encryption is active. It can be useful for example to applications that monitors physical access to the machine and which need to erase sensitive key material from RAM when unauthorized access is detected.
|
|
end for compatibility with previous version.
|
|
to the specified drive letter. This is useful in situation where Windows has issue with the filesystem (e.g. ReFS on Windows 10 1809) and we need to use third party software to be able to use the filesystem under Windows through low level VeraCrypt virtual device (e.g. \Device\VeraCryptVolumeX).
|
|
defragmenting non-système disques by Windows built-in defragmenter tool.
|
|
|
|
driver option to enable it (TRIM is disabled by default for non-system SSD partitions/drives)
|
|
|
|
VolumeID when its host device is connected to the machine.
|
|
IOCTL_STORAGE_QUERY_PROPERTY (StorageAdapterProperty) in both driver and user mode applications.
|
|
IOCTL_DISK_GET_DRIVE_GEOMETRY in order to get accurate disk size value.
|
|
10 but supporting undocumented IOCTL.
|
|
|
|
|
|
|
|
instead of SHA-512 to compute volume ID to reduce string size and make more convenient to use.
|
|
identify VeraCrypt disk volumes instead of device name.
|
|
|
|
volumes. Add options to activate it in the Preferences and System Settings.
|
|
|
|
helpful for users who have software running the modifies the bootloader, like FLEXnet.
|
|
Windows mount manager while still making it hard to abuse drive letter handling.
|
|
vulnerability caused by abusing the drive letter symbolic link creation facilities to remap the main system drive. Thanks to James Forshaw (Google) for reporting this issue and for helping implementing the fix.
|
|
this support by default. This will avoid having issue with software that doesn't handle correctly partial IOCTL_STORAGE_QUERY_PROPERTY support.
|
|
Support using favorite label as label in Explorer.
|
|
and TrueCrypt 3.0.
|
|
bootloader when changing the system encryption password: this enables to recover if an attack is detected.
|
|
|
|
handling of Dynamic Mode.
|
|
|
|
through IOCTL_STORAGE_QUERY_PROPERTY
|
|
TC_IOCTL_GET_MOUNTED_VOLUMES
|
|
volumes to VeraCrypt using the change password functionality.
|
|
correct hash algorithm of volumes during various operations (mount, change password...). In case of system encryption, slightly speedup Windows startup time by making the driver pickup the correct hash algorithm used for the encryption.
|
|
SHA-256. Support SHA-256 for normal volumes as well.
|
|
are never used by VeraCrypt. This will speed up volumes opening in many cases.
|
