diff --git a/Translations/Language.ar.xml b/Translations/Language.ar.xml index 34d6e356..be3de3d5 100644 --- a/Translations/Language.ar.xml +++ b/Translations/Language.ar.xml @@ -1688,6 +1688,8 @@ ‮الإقلاع الآمن Secure Boot مفعّل، لكن قاعدة بيانات Secure Boot في البرنامج الثابت لا تثق بأي مجموعة Microsoft UEFI CA يدعمها محمل الإقلاع EFI الخاص بـ ڤيراكربت. فعّل إما Microsoft Corporation UEFI CA 2011، أو كليهما Microsoft UEFI CA 2023 و Microsoft Option ROM UEFI CA 2023، ثم شغّل خيار الإصلاح/إعادة التنصيب في ڤيراكربت. بدلاً من ذلك، عطّل Secure Boot. ‮ستفتح نافذة الطرفية بعد الضغط على 'موافق' وستتحقق من نظام الملفات على مجلد ڤيراكربت المحدد باستخدام 'diskutil'. ستُعرض النتيجة في تلك النافذة.\n\nإذا تعذر بدء التحقق، فسيتم تشغيل أداة القرص بدلاً من ذلك. ‮ستفتح نافذة الطرفية بعد الضغط على 'موافق' وستحاول إصلاح نظام الملفات على مجلد ڤيراكربت المحدد باستخدام 'diskutil'. ستُعرض النتيجة في تلك النافذة.\n\nإذا تعذر بدء الإصلاح، فسيتم تشغيل أداة القرص بدلاً من ذلك. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.be.xml b/Translations/Language.be.xml index eed52802..090ac4c9 100644 --- a/Translations/Language.be.xml +++ b/Translations/Language.be.xml @@ -1688,6 +1688,8 @@ Secure Boot уключаны, але база даных Secure Boot у прашыўцы не давярае ніводнаму набору Microsoft UEFI CA, які падтрымліваецца загрузчыкам EFI VeraCrypt. Уключыце альбо Microsoft Corporation UEFI CA 2011, альбо адначасова Microsoft UEFI CA 2023 і Microsoft Option ROM UEFI CA 2023, затым запусціце VeraCrypt Аднавіць/пераўсталяваць. У якасці альтэрнатывы адключыце Secure Boot. Пасля націску 'OK' адкрыецца акно Тэрмінала, у якім будзе праверана файлавая сістэма выбранага тома VeraCrypt з дапамогай 'diskutil'. Вынік будзе паказаны ў гэтым акне.\n\nКалі праверку немагчыма запусціць, замест гэтага будзе запушчана Дыскавая ўтыліта. Пасля націску 'OK' адкрыецца акно Тэрмінала, у якім будзе выканана спроба аднавіць файлавую сістэму выбранага тома VeraCrypt з дапамогай 'diskutil'. Вынік будзе паказаны ў гэтым акне.\n\nКалі аднаўленне немагчыма запусціць, замест гэтага будзе запушчана Дыскавая ўтыліта. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.bg.xml b/Translations/Language.bg.xml index c778600f..df7fd2a2 100644 --- a/Translations/Language.bg.xml +++ b/Translations/Language.bg.xml @@ -1688,6 +1688,8 @@ Secure Boot е активирано, но базата данни на Secure Boot във фърмуера не се доверява на нито един набор Microsoft UEFI CA, поддържан от EFI зареждащия модул на VeraCrypt. Активирайте или Microsoft Corporation UEFI CA 2011, или едновременно Microsoft UEFI CA 2023 и Microsoft Option ROM UEFI CA 2023, след което стартирайте опцията Поправка/Преинсталация във VeraCrypt. Като алтернатива деактивирайте Secure Boot. След като натиснете 'OK', ще се отвори прозорец на Терминал и ще провери файловата система на избрания том VeraCrypt чрез 'diskutil'. Резултатът ще бъде показан в този прозорец.\n\nАко проверката не може да бъде стартирана, вместо това ще бъде стартирана Дискова помощна програма. След като натиснете 'OK', ще се отвори прозорец на Терминал и ще се опита да поправи файловата система на избрания том VeraCrypt чрез 'diskutil'. Резултатът ще бъде показан в този прозорец.\n\nАко поправката не може да бъде стартирана, вместо това ще бъде стартирана Дискова помощна програма. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.ca.xml b/Translations/Language.ca.xml index fa850bc2..d9eea512 100644 --- a/Translations/Language.ca.xml +++ b/Translations/Language.ca.xml @@ -1688,6 +1688,8 @@ Secure Boot està activat, però la base de dades Secure Boot del microprogramari no confia en cap conjunt de Microsoft UEFI CA compatible amb el carregador d'arrencada EFI de VeraCrypt. Activeu Microsoft Corporation UEFI CA 2011, o bé Microsoft UEFI CA 2023 i Microsoft Option ROM UEFI CA 2023, i després executeu VeraCrypt Reparar/Reinstal·lar. Alternativament, desactiveu Secure Boot. Després de prémer 'OK', s'obrirà una finestra del Terminal i es comprovarà el sistema de fitxers del volum VeraCrypt seleccionat amb 'diskutil'. El resultat es mostrarà en aquesta finestra.\n\nSi no es pot iniciar la comprovació, s'obrirà la Utilitat de Discos. Després de prémer 'OK', s'obrirà una finestra del Terminal i s'intentarà reparar el sistema de fitxers del volum VeraCrypt seleccionat amb 'diskutil'. El resultat es mostrarà en aquesta finestra.\n\nSi no es pot iniciar la reparació, s'obrirà la Utilitat de Discos. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.co.xml b/Translations/Language.co.xml index b17fafe2..254f439e 100644 --- a/Translations/Language.co.xml +++ b/Translations/Language.co.xml @@ -1710,6 +1710,8 @@ Information about Corsican localization: A piccera sicurizata hè attiva ma a basa di dati di a piccera sicurizata di u microprugramma ùn face micca cunfidenza à alcunu inseme d’auturità di certificazione UEFI di Microsoft accettatu da u caricadore di piccera EFI di VeraCrypt. Attivà, sia Microsoft Corporation UEFI CA 2011, sia Microsoft UEFI CA 2023 è Microsoft Option ROM UEFI CA 2023 tremindui, eppò lancià « Riparà o riinstallà » di VeraCrypt. Osinnò, disattivà a piccera sicurizata. Una finestra di terminale s’aprerà dopu avè appughjatu nant’à « Vai » è ci serà un cuntrollu di u sistema di schedariu nant’à u vulume VeraCrypt selezziunatu impieghendu « diskutil ». U risultatu serà affissatu in quella finestra.\n\nS’è u cuntrollu ùn pò principià, « Disk Utility » serà lanciatu in rimpiazzamentu. Una finestra di terminale s’aprerà dopu avè appughjatu nant’à « Vai » è ci serà un tentativu di riparà u sistema di schedariu nant’à u vulume VeraCrypt selezziunatu impieghendu « diskutil ». U risultatu serà affissatu in quella finestra.\n\nS’è a riparazione ùn pò principià, « Disk Utility » serà lanciatu in rimpiazzamentu. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml index d61294c8..fbc75584 100644 --- a/Translations/Language.cs.xml +++ b/Translations/Language.cs.xml @@ -1688,6 +1688,8 @@ Secure Boot je povolen, ale databáze Secure Boot ve firmwaru nedůvěřuje žádné sadě Microsoft UEFI CA podporované zavaděčem EFI VeraCryptu. Povolte buď Microsoft Corporation UEFI CA 2011, nebo současně Microsoft UEFI CA 2023 a Microsoft Option ROM UEFI CA 2023, poté spusťte volbu Opravit/Přeinstalovat programu VeraCrypt. Případně Secure Boot zakažte. Po stisknutí tlačítka „OK” se otevře okno Terminálu, ve kterém bude pomocí příkazu 'diskutil' zkontrolován systém souborů vybraného svazku VeraCryptu. Výsledek se zobrazí v tomto okně.\n\nPokud kontrolu nelze spustit, bude místo toho spuštěna Disková utilita. Po stisknutí tlačítka „OK” se otevře okno Terminálu, ve kterém bude pomocí příkazu 'diskutil' proveden pokus o opravu systému souborů vybraného svazku VeraCryptu. Výsledek se zobrazí v tomto okně.\n\nPokud opravu nelze spustit, bude místo toho spuštěna Disková utilita. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.da.xml b/Translations/Language.da.xml index ba088f5a..71ef369e 100644 --- a/Translations/Language.da.xml +++ b/Translations/Language.da.xml @@ -1688,6 +1688,8 @@ Secure Boot er aktiveret, men firmwarens Secure Boot-database har ikke tillid til nogen Microsoft UEFI CA-samling, der understøttes af VeraCrypts EFI-bootloader. Aktivér enten Microsoft Corporation UEFI CA 2011 eller både Microsoft UEFI CA 2023 og Microsoft Option ROM UEFI CA 2023, og kør derefter VeraCrypt Reparer/geninstaller. Alternativt kan du deaktivere Secure Boot. Et Terminal-vindue åbnes, når du trykker på 'OK', og kontrollerer filsystemet på det valgte VeraCrypt-bind med 'diskutil'. Resultatet vises i det vindue.\n\nHvis kontrollen ikke kan startes, startes Diskværktøj i stedet. Et Terminal-vindue åbnes, når du trykker på 'OK', og forsøger at reparere filsystemet på det valgte VeraCrypt-bind med 'diskutil'. Resultatet vises i det vindue.\n\nHvis reparationen ikke kan startes, startes Diskværktøj i stedet. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.de.xml b/Translations/Language.de.xml index 28732e47..b384b15d 100644 --- a/Translations/Language.de.xml +++ b/Translations/Language.de.xml @@ -1691,6 +1691,8 @@ Secure Boot is enabled, but the firmware Secure Boot database does not trust any Microsoft UEFI CA set supported by VeraCrypt's EFI bootloader. Enable either Microsoft Corporation UEFI CA 2011, or both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023, then run VeraCrypt Repair/Reinstall. Alternatively, disable Secure Boot. A Terminal window will open after you press 'OK' and check the file system on the selected VeraCrypt volume using 'diskutil'. The result will be shown in that window.\n\nIf the check cannot be started, Disk Utility will be launched instead. A Terminal window will open after you press 'OK' and attempt to repair the file system on the selected VeraCrypt volume using 'diskutil'. The result will be shown in that window.\n\nIf the repair cannot be started, Disk Utility will be launched instead. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.el.xml b/Translations/Language.el.xml index 2bdf0e6e..02bd23ec 100644 --- a/Translations/Language.el.xml +++ b/Translations/Language.el.xml @@ -1688,6 +1688,8 @@ Το Secure Boot είναι ενεργοποιημένο, αλλά η βάση δεδομένων Secure Boot του υλικολογισμικού δεν εμπιστεύεται κανένα σύνολο Microsoft UEFI CA που υποστηρίζεται από τον EFI φορτωτή εκκίνησης του VeraCrypt. Ενεργοποιήστε είτε το Microsoft Corporation UEFI CA 2011 είτε και τα δύο Microsoft UEFI CA 2023 και Microsoft Option ROM UEFI CA 2023, και στη συνέχεια εκτελέστε το VeraCrypt Επιδιόρθωση/Επανεγκατάσταση. Εναλλακτικά, απενεργοποιήστε το Secure Boot. Αφού πατήσετε 'OK', θα ανοίξει ένα παράθυρο Τερματικού και θα ελεγχθεί το σύστημα αρχείων στον επιλεγμένο τόμο VeraCrypt χρησιμοποιώντας το 'diskutil'. Το αποτέλεσμα θα εμφανιστεί σε αυτό το παράθυρο.\n\nΕάν ο έλεγχος δεν μπορεί να ξεκινήσει, θα εκκινηθεί αντ' αυτού το Βοήθημα Δίσκων. Αφού πατήσετε 'OK', θα ανοίξει ένα παράθυρο Τερματικού και θα γίνει προσπάθεια επιδιόρθωσης του συστήματος αρχείων στον επιλεγμένο τόμο VeraCrypt χρησιμοποιώντας το 'diskutil'. Το αποτέλεσμα θα εμφανιστεί σε αυτό το παράθυρο.\n\nΕάν η επιδιόρθωση δεν μπορεί να ξεκινήσει, θα εκκινηθεί αντ' αυτού το Βοήθημα Δίσκων. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml index 418ad5ef..89da701d 100644 --- a/Translations/Language.es.xml +++ b/Translations/Language.es.xml @@ -1688,6 +1688,8 @@ Secure Boot está habilitado, pero la base de datos de Secure Boot del firmware no confía en ningún conjunto de CA UEFI de Microsoft compatible con el cargador de arranque EFI de VeraCrypt. Habilite Microsoft Corporation UEFI CA 2011 o tanto Microsoft UEFI CA 2023 como Microsoft Option ROM UEFI CA 2023, y luego ejecute la opción Reparar/Reinstalar de VeraCrypt. Alternativamente, deshabilite Secure Boot. Después de pulsar 'Aceptar', se abrirá una ventana de Terminal para comprobar el sistema de archivos del volumen VeraCrypt seleccionado usando 'diskutil'. El resultado se mostrará en esa ventana.\n\nSi no se puede iniciar la comprobación, se iniciará en su lugar la Utilidad de Discos. Después de pulsar 'Aceptar', se abrirá una ventana de Terminal para intentar reparar el sistema de archivos del volumen VeraCrypt seleccionado usando 'diskutil'. El resultado se mostrará en esa ventana.\n\nSi no se puede iniciar la reparación, se iniciará en su lugar la Utilidad de Discos. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.et.xml b/Translations/Language.et.xml index 674adeeb..a100cd29 100644 --- a/Translations/Language.et.xml +++ b/Translations/Language.et.xml @@ -1688,6 +1688,8 @@ Secure Boot on lubatud, kuid püsivara Secure Boot andmebaas ei usalda ühtegi Microsoft UEFI CA komplekti, mida VeraCrypti EFI alglaadur toetab. Lubage kas Microsoft Corporation UEFI CA 2011 või korraga Microsoft UEFI CA 2023 ja Microsoft Option ROM UEFI CA 2023, seejärel käivitage VeraCrypti valik "Parandage/installige uuesti". Teise võimalusena keelake Secure Boot. Pärast nupu 'Olgu' vajutamist avaneb Terminali aken ja valitud VeraCrypti köite failisüsteemi kontrollitakse käsuga 'diskutil'. Tulemus kuvatakse selles aknas.\n\nKui kontrolli ei saa käivitada, käivitatakse selle asemel Kettautiliit. Pärast nupu 'Olgu' vajutamist avaneb Terminali aken ja valitud VeraCrypti köite failisüsteemi üritatakse parandada käsuga 'diskutil'. Tulemus kuvatakse selles aknas.\n\nKui parandust ei saa käivitada, käivitatakse selle asemel Kettautiliit. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.eu.xml b/Translations/Language.eu.xml index 70cd5b60..6cdfcc54 100644 --- a/Translations/Language.eu.xml +++ b/Translations/Language.eu.xml @@ -1688,6 +1688,8 @@ Secure Boot gaituta dago, baina firmwareko Secure Boot datu-baseak ez du fidagarritzat hartzen VeraCrypt-en EFI abiarazleak onartzen duen Microsoft UEFI CA multzorik. Gaitu Microsoft Corporation UEFI CA 2011, edo bai Microsoft UEFI CA 2023 bai Microsoft Option ROM UEFI CA 2023, eta ondoren exekutatu VeraCrypt Konpondu/Berinstalatu. Bestela, desgaitu Secure Boot. 'Ados' sakatu ondoren Terminal leiho bat irekiko da eta hautatutako VeraCrypt bolumenaren fitxategi sistema egiaztatuko da 'diskutil' erabiliz. Emaitza leiho horretan erakutsiko da.\n\nEgiaztapena ezin bada hasi, Disko-utilitatea abiaraziko da horren ordez. 'Ados' sakatu ondoren Terminal leiho bat irekiko da eta hautatutako VeraCrypt bolumenaren fitxategi sistema konpontzen saiatuko da 'diskutil' erabiliz. Emaitza leiho horretan erakutsiko da.\n\nKonponketa ezin bada hasi, Disko-utilitatea abiaraziko da horren ordez. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.fa.xml b/Translations/Language.fa.xml index ce550514..fe360be0 100644 --- a/Translations/Language.fa.xml +++ b/Translations/Language.fa.xml @@ -1688,6 +1688,8 @@ Secure Boot فعال است، اما پایگاه داده Secure Boot در میان‌افزار به هیچ مجموعه Microsoft UEFI CA که توسط بوت‌لودر EFI وراکریپت پشتیبانی می‌شود اعتماد ندارد. یا Microsoft Corporation UEFI CA 2011 را فعال کنید، یا هر دو Microsoft UEFI CA 2023 و Microsoft Option ROM UEFI CA 2023 را فعال کنید، سپس گزینه Repair/Reinstall را در VeraCrypt اجرا کنید. همچنین می‌توانید Secure Boot را غیرفعال کنید. پس از فشار دادن 'قبول'، یک پنجره Terminal باز می‌شود و فایل سیستم حجم VeraCrypt انتخاب‌شده را با استفاده از 'diskutil' بررسی می‌کند. نتیجه در همان پنجره نمایش داده می‌شود.\n\nاگر بررسی قابل شروع نباشد، به‌جای آن Disk Utility اجرا خواهد شد. پس از فشار دادن 'قبول'، یک پنجره Terminal باز می‌شود و تلاش می‌کند فایل سیستم حجم VeraCrypt انتخاب‌شده را با استفاده از 'diskutil' تعمیر کند. نتیجه در همان پنجره نمایش داده می‌شود.\n\nاگر تعمیر قابل شروع نباشد، به‌جای آن Disk Utility اجرا خواهد شد. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml index 95d87390..e72babfe 100644 --- a/Translations/Language.fi.xml +++ b/Translations/Language.fi.xml @@ -1688,6 +1688,8 @@ Secure Boot on käytössä, mutta laiteohjelmiston Secure Boot -tietokanta ei luota yhteenkään Microsoft UEFI CA -joukkoon, jota VeraCryptin EFI-käynnistysohjelma tukee. Ota käyttöön joko Microsoft Corporation UEFI CA 2011 tai sekä Microsoft UEFI CA 2023 että Microsoft Option ROM UEFI CA 2023, ja suorita sitten VeraCryptin Korjaa/asenna uudelleen -toiminto. Vaihtoehtoisesti poista Secure Boot käytöstä. Kun painat 'OK', Pääte-ikkuna avautuu ja siinä tarkistetaan valitun VeraCrypt-taltion tiedostojärjestelmä komennolla 'diskutil'. Tulos näytetään kyseisessä ikkunassa.\n\nJos tarkistusta ei voida käynnistää, Levytyökalu käynnistetään sen sijaan. Kun painat 'OK', Pääte-ikkuna avautuu ja siinä yritetään korjata valitun VeraCrypt-taltion tiedostojärjestelmä komennolla 'diskutil'. Tulos näytetään kyseisessä ikkunassa.\n\nJos korjausta ei voida käynnistää, Levytyökalu käynnistetään sen sijaan. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml index a8d66fc0..f7a44550 100644 --- a/Translations/Language.fr.xml +++ b/Translations/Language.fr.xml @@ -1688,6 +1688,8 @@ Secure Boot est activé, mais la base de données Secure Boot du firmware ne fait confiance à aucun ensemble Microsoft UEFI CA pris en charge par le chargeur de démarrage EFI de VeraCrypt. Activez soit Microsoft Corporation UEFI CA 2011, soit à la fois Microsoft UEFI CA 2023 et Microsoft Option ROM UEFI CA 2023, puis exécutez l’option Réparer/Réinstaller de VeraCrypt. Vous pouvez également désactiver Secure Boot. Après avoir cliqué sur 'OK', une fenêtre Terminal s’ouvrira pour vérifier le système de fichiers du volume VeraCrypt sélectionné à l’aide de 'diskutil'. Le résultat sera affiché dans cette fenêtre.\n\nSi la vérification ne peut pas être lancée, l’Utilitaire de disque sera lancé à la place. Après avoir cliqué sur 'OK', une fenêtre Terminal s’ouvrira pour tenter de réparer le système de fichiers du volume VeraCrypt sélectionné à l’aide de 'diskutil'. Le résultat sera affiché dans cette fenêtre.\n\nSi la réparation ne peut pas être lancée, l’Utilitaire de disque sera lancé à la place. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.he.xml b/Translations/Language.he.xml index c5ef6d32..fac73669 100644 --- a/Translations/Language.he.xml +++ b/Translations/Language.he.xml @@ -1688,6 +1688,8 @@ Secure Boot מופעל, אך מסד הנתונים של Secure Boot בקושחה אינו נותן אמון באף ערכת Microsoft UEFI CA הנתמכת על ידי טוען האתחול EFI של VeraCrypt. הפעל את Microsoft Corporation UEFI CA 2011, או את שניהם Microsoft UEFI CA 2023 ו-Microsoft Option ROM UEFI CA 2023, ולאחר מכן הפעל את אפשרות התיקון/התקנה מחדש של VeraCrypt. לחלופין, השבת את Secure Boot. לאחר שתלחץ על 'אישור', ייפתח חלון Terminal ותתבצע בדיקה של מערכת הקבצים באמצעי האחסון VeraCrypt שנבחר באמצעות 'diskutil'. התוצאה תוצג בחלון זה.\n\nאם לא ניתן להתחיל את הבדיקה, יופעל במקום זאת כלי העזר לכוננים. לאחר שתלחץ על 'אישור', ייפתח חלון Terminal וייעשה ניסיון לתקן את מערכת הקבצים באמצעי האחסון VeraCrypt שנבחר באמצעות 'diskutil'. התוצאה תוצג בחלון זה.\n\nאם לא ניתן להתחיל את התיקון, יופעל במקום זאת כלי העזר לכוננים. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.hu.xml b/Translations/Language.hu.xml index 542b6df1..953dab23 100644 --- a/Translations/Language.hu.xml +++ b/Translations/Language.hu.xml @@ -1688,6 +1688,8 @@ A Secure Boot engedélyezve van, de a firmware Secure Boot adatbázisa nem bízik meg egyetlen olyan Microsoft UEFI CA-készletben sem, amelyet a VeraCrypt EFI rendszerbetöltője támogat. Engedélyezze vagy a Microsoft Corporation UEFI CA 2011-et, vagy egyszerre a Microsoft UEFI CA 2023-at és a Microsoft Option ROM UEFI CA 2023-at, majd futtassa a VeraCrypt javítási/újratelepítési műveletét. Alternatív megoldásként tiltsa le a Secure Bootot. Az 'OK' megnyomása után megnyílik egy Terminál ablak, és a 'diskutil' segítségével ellenőrzi a kiválasztott VeraCrypt kötet fájlrendszerét. Az eredmény ebben az ablakban jelenik meg.\n\nHa az ellenőrzés nem indítható el, helyette a Lemezkezelő indul el. Az 'OK' megnyomása után megnyílik egy Terminál ablak, és megkísérli kijavítani a kiválasztott VeraCrypt kötet fájlrendszerét a 'diskutil' segítségével. Az eredmény ebben az ablakban jelenik meg.\n\nHa a javítás nem indítható el, helyette a Lemezkezelő indul el. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.id.xml b/Translations/Language.id.xml index 0db5f005..7fd25dc7 100644 --- a/Translations/Language.id.xml +++ b/Translations/Language.id.xml @@ -1688,6 +1688,8 @@ Secure Boot diaktifkan, tetapi basis data Secure Boot pada firmware tidak mempercayai set Microsoft UEFI CA apa pun yang didukung oleh bootloader EFI VeraCrypt. Aktifkan Microsoft Corporation UEFI CA 2011, atau aktifkan keduanya Microsoft UEFI CA 2023 dan Microsoft Option ROM UEFI CA 2023, lalu jalankan opsi Perbaiki/Pasang Ulang VeraCrypt. Sebagai alternatif, nonaktifkan Secure Boot. Sebuah jendela Terminal akan terbuka setelah Anda menekan 'Ok' dan memeriksa sistem berkas pada volume VeraCrypt yang dipilih menggunakan 'diskutil'. Hasilnya akan ditampilkan di jendela tersebut.\n\nJika pemeriksaan tidak dapat dimulai, Utilitas Disk akan dijalankan sebagai gantinya. Sebuah jendela Terminal akan terbuka setelah Anda menekan 'Ok' dan mencoba memperbaiki sistem berkas pada volume VeraCrypt yang dipilih menggunakan 'diskutil'. Hasilnya akan ditampilkan di jendela tersebut.\n\nJika perbaikan tidak dapat dimulai, Utilitas Disk akan dijalankan sebagai gantinya. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml index 30f23c20..786a8d64 100644 --- a/Translations/Language.it.xml +++ b/Translations/Language.it.xml @@ -1688,6 +1688,8 @@ Secure Boot è abilitato, ma il database di Secure Boot del firmware non considera attendibile nessun set Microsoft UEFI CA supportato dal boot loader EFI di VeraCrypt. Abilita Microsoft Corporation UEFI CA 2011 oppure sia Microsoft UEFI CA 2023 sia Microsoft Option ROM UEFI CA 2023, quindi esegui l'opzione Ripara/Reinstalla di VeraCrypt. In alternativa, disabilita Secure Boot. Dopo aver premuto 'OK' si aprirà una finestra del Terminale che controllerà il file system del volume VeraCrypt selezionato usando 'diskutil'. Il risultato sarà mostrato in quella finestra.\n\nSe il controllo non può essere avviato, verrà avviata Utility Disco al suo posto. Dopo aver premuto 'OK' si aprirà una finestra del Terminale che tenterà di riparare il file system del volume VeraCrypt selezionato usando 'diskutil'. Il risultato sarà mostrato in quella finestra.\n\nSe la riparazione non può essere avviata, verrà avviata Utility Disco al suo posto. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml index 5fe2ca82..80f45218 100644 --- a/Translations/Language.ja.xml +++ b/Translations/Language.ja.xml @@ -1688,6 +1688,8 @@ Secure Boot が有効になっていますが、ファームウェアの Secure Boot データベースは VeraCrypt の EFI ブートローダーがサポートする Microsoft UEFI CA セットを信頼していません。Microsoft Corporation UEFI CA 2011、または Microsoft UEFI CA 2023 と Microsoft Option ROM UEFI CA 2023 の両方を有効にしてから、VeraCrypt のリペア/再インストールを実行してください。または、Secure Boot を無効にしてください。 [OK] を押すとターミナルウィンドウが開き、'diskutil' を使用して選択された VeraCrypt ボリュームのファイルシステムを検査します。結果はそのウィンドウに表示されます。\n\n検査を開始できない場合は、代わりにディスクユーティリティが起動します。 [OK] を押すとターミナルウィンドウが開き、'diskutil' を使用して選択された VeraCrypt ボリュームのファイルシステムの修復を試みます。結果はそのウィンドウに表示されます。\n\n修復を開始できない場合は、代わりにディスクユーティリティが起動します。 + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.ka.xml b/Translations/Language.ka.xml index 26fd2f86..403ffcda 100644 --- a/Translations/Language.ka.xml +++ b/Translations/Language.ka.xml @@ -1688,6 +1688,8 @@ Secure Boot ჩართულია, მაგრამ მიკროპროგრამის Secure Boot მონაცემთა ბაზა არ ენდობა Microsoft UEFI CA-ის არცერთ კომპლექტს, რომელსაც VeraCrypt-ის EFI ჩამტვირთველი უჭერს მხარს. ჩართეთ ან Microsoft Corporation UEFI CA 2011, ან ორივე Microsoft UEFI CA 2023 და Microsoft Option ROM UEFI CA 2023, შემდეგ გაუშვით VeraCrypt აღდგენა/რეინსტალაცია. ალტერნატიულად, გამორთეთ Secure Boot. 'დიახ' ღილაკზე დაჭერის შემდეგ გაიხსნება ტერმინალის ფანჯარა და 'diskutil'-ის გამოყენებით შემოწმდება არჩეული VeraCrypt ტომის ფაილური სისტემა. შედეგი გამოჩნდება ამ ფანჯარაში.\n\nთუ შემოწმება ვერ დაიწყება, მის ნაცვლად გაეშვება დისკის უტილიტა. 'დიახ' ღილაკზე დაჭერის შემდეგ გაიხსნება ტერმინალის ფანჯარა და 'diskutil'-ის გამოყენებით მოხდება არჩეული VeraCrypt ტომის ფაილური სისტემის შეკეთების მცდელობა. შედეგი გამოჩნდება ამ ფანჯარაში.\n\nთუ შეკეთება ვერ დაიწყება, მის ნაცვლად გაეშვება დისკის უტილიტა. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml index 69095620..0330c033 100644 --- a/Translations/Language.ko.xml +++ b/Translations/Language.ko.xml @@ -1688,6 +1688,8 @@ 보안 부팅(Secure Boot)이 활성화되어 있지만 펌웨어의 Secure Boot 데이터베이스가 VeraCrypt의 EFI 부트 로더가 지원하는 어떤 Microsoft UEFI CA 세트도 신뢰하지 않습니다. Microsoft Corporation UEFI CA 2011을 활성화하거나 Microsoft UEFI CA 2023과 Microsoft Option ROM UEFI CA 2023을 모두 활성화한 다음 VeraCrypt 수리/재설치를 실행하세요. 또는 Secure Boot를 비활성화하세요. '확인'을 누르면 터미널 창이 열리고 'diskutil'을 사용하여 선택한 VeraCrypt 볼륨의 파일 시스템을 검사합니다. 결과는 해당 창에 표시됩니다.\n\n검사를 시작할 수 없으면 대신 디스크 유틸리티가 실행됩니다. '확인'을 누르면 터미널 창이 열리고 'diskutil'을 사용하여 선택한 VeraCrypt 볼륨의 파일 시스템 복구를 시도합니다. 결과는 해당 창에 표시됩니다.\n\n복구를 시작할 수 없으면 대신 디스크 유틸리티가 실행됩니다. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.lv.xml b/Translations/Language.lv.xml index d863c3f2..eb2d2028 100644 --- a/Translations/Language.lv.xml +++ b/Translations/Language.lv.xml @@ -1688,6 +1688,8 @@ Secure Boot ir iespējots, bet aparātprogrammatūras Secure Boot datubāze neuzticas nevienai Microsoft UEFI CA kopai, ko atbalsta VeraCrypt EFI sāknēšanas ielādētājs. Iespējojiet Microsoft Corporation UEFI CA 2011 vai gan Microsoft UEFI CA 2023, gan Microsoft Option ROM UEFI CA 2023, pēc tam palaidiet VeraCrypt labošanas/pārinstalēšanas opciju. Alternatīvi atspējojiet Secure Boot. Pēc pogas 'Labi' nospiešanas tiks atvērts Termināļa logs un, izmantojot 'diskutil', tiks pārbaudīta atlasītā VeraCrypt sējuma datņu sistēma. Rezultāts tiks parādīts šajā logā.\n\nJa pārbaudi nevarēs sākt, tās vietā tiks palaista Diska utilīta. Pēc pogas 'Labi' nospiešanas tiks atvērts Termināļa logs un, izmantojot 'diskutil', tiks mēģināts salabot atlasītā VeraCrypt sējuma datņu sistēmu. Rezultāts tiks parādīts šajā logā.\n\nJa labošanu nevarēs sākt, tās vietā tiks palaista Diska utilīta. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.my.xml b/Translations/Language.my.xml index 88e502cc..399f9085 100644 --- a/Translations/Language.my.xml +++ b/Translations/Language.my.xml @@ -1690,6 +1690,8 @@ Secure Boot ကို ဖွင့်ထားသော်လည်း firmware ၏ Secure Boot database သည် VeraCrypt ၏ EFI bootloader က ပံ့ပိုးသော Microsoft UEFI CA အစုများထဲမှ မည်သည့်အစုကိုမျှ မယုံကြည်ပါ။ Microsoft Corporation UEFI CA 2011 ကို ဖွင့်ပါ၊ သို့မဟုတ် Microsoft UEFI CA 2023 နှင့် Microsoft Option ROM UEFI CA 2023 နှစ်ခုလုံးကို ဖွင့်ပါ၊ ထို့နောက် VeraCrypt ပြုပြင်ရန်/ပြန်ထည့်သွင်းရန် ကို လုပ်ဆောင်ပါ။ တစ်နည်းအားဖြင့် Secure Boot ကို ပိတ်ပါ။ 'ကောင်းပြီ' ကို နှိပ်ပြီးနောက် Terminal ဝင်းဒိုးတစ်ခု ဖွင့်လာမည်ဖြစ်ပြီး ရွေးချယ်ထားသော VeraCrypt volume ပေါ်ရှိ ဖိုင်စနစ်ကို 'diskutil' ဖြင့် စစ်ဆေးမည်။ ရလဒ်ကို ထိုဝင်းဒိုးတွင် ပြသမည်။\n\nစစ်ဆေးမှုကို စတင်၍ မရပါက Disk Utility ကို အစားထိုး ဖွင့်ပါမည်။ 'ကောင်းပြီ' ကို နှိပ်ပြီးနောက် Terminal ဝင်းဒိုးတစ်ခု ဖွင့်လာမည်ဖြစ်ပြီး ရွေးချယ်ထားသော VeraCrypt volume ပေါ်ရှိ ဖိုင်စနစ်ကို 'diskutil' ဖြင့် ပြင်ဆင်ရန် ကြိုးစားမည်။ ရလဒ်ကို ထိုဝင်းဒိုးတွင် ပြသမည်။\n\nပြင်ဆင်မှုကို စတင်၍ မရပါက Disk Utility ကို အစားထိုး ဖွင့်ပါမည်။ + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.nb.xml b/Translations/Language.nb.xml index dc7e3c9d..d2463ebe 100644 --- a/Translations/Language.nb.xml +++ b/Translations/Language.nb.xml @@ -1688,6 +1688,8 @@ Sikker oppstart (Secure Boot) er aktivert, men fastvarens database for sikker oppstart stoler ikke på noe Microsoft UEFI CA-sett som støttes av VeraCrypts EFI-oppstartslaster. Aktiver enten Microsoft Corporation UEFI CA 2011, eller både Microsoft UEFI CA 2023 og Microsoft Option ROM UEFI CA 2023, og kjør deretter VeraCrypt Reparer/Installer på nytt. Alternativt kan du deaktivere sikker oppstart. Et terminalvindu åpnes etter at du har trykket på «OK», og filsystemet på det valgte VeraCrypt-volumet kontrolleres ved hjelp av «diskutil». Resultatet vises i det vinduet.\n\nHvis kontrollen ikke kan startes, åpnes Diskverktøy i stedet. Et terminalvindu åpnes etter at du har trykket på «OK», og det forsøkes å reparere filsystemet på det valgte VeraCrypt-volumet ved hjelp av «diskutil». Resultatet vises i det vinduet.\n\nHvis reparasjonen ikke kan startes, åpnes Diskverktøy i stedet. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.nl.xml b/Translations/Language.nl.xml index 6b38c580..b33066b9 100644 --- a/Translations/Language.nl.xml +++ b/Translations/Language.nl.xml @@ -1688,6 +1688,8 @@ Secure Boot is ingeschakeld, maar de Secure Boot-database van de firmware vertrouwt geen enkele Microsoft UEFI CA-set die door de EFI-bootloader van VeraCrypt wordt ondersteund. Schakel ofwel Microsoft Corporation UEFI CA 2011 in, ofwel zowel Microsoft UEFI CA 2023 als Microsoft Option ROM UEFI CA 2023, en voer vervolgens VeraCrypt repareren/opnieuw installeren uit. Als alternatief kan Secure Boot uitgeschakeld worden. Nadat u op 'OK' hebt geklikt, wordt er een terminalvenster geopend waarin het bestandssysteem op het geselecteerde VeraCrypt-volume met behulp van 'diskutil' wordt gecontroleerd. Het resultaat wordt in dat venster weergegeven.\n\nAls de controle niet kan worden gestart, wordt in plaats daarvan Schijfhulpprogramma gestart. Nadat u op 'OK' hebt geklikt, wordt er een terminalvenster geopend en wordt er geprobeerd om het bestandssysteem op het geselecteerde VeraCrypt-volume te herstellen met behulp van 'diskutil'. Het resultaat wordt in dat venster weergegeven.\n\nAls het herstel niet kan worden gestart, wordt in plaats daarvan Schijfhulpprogramma gestart. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.nn.xml b/Translations/Language.nn.xml index 7085f497..59c5ff22 100644 --- a/Translations/Language.nn.xml +++ b/Translations/Language.nn.xml @@ -1688,6 +1688,8 @@ Secure Boot er slått på, men Secure Boot-databasen i fastvara stolar ikkje på noko Microsoft UEFI CA-sett som EFI-oppstartslastaren til VeraCrypt støttar. Slå på anten Microsoft Corporation UEFI CA 2011, eller både Microsoft UEFI CA 2023 og Microsoft Option ROM UEFI CA 2023, og køyr deretter Reparer/installer på nytt i VeraCrypt. Alternativt kan du slå av Secure Boot. Eit Terminal-vindauge blir opna etter at du trykkjer på 'OK', og filsystemet på det valde VeraCrypt-volumet blir kontrollert med 'diskutil'. Resultatet blir vist i det vindauget.\n\nOm kontrollen ikkje kan startast, blir Diskverktøy starta i staden. Eit Terminal-vindauge blir opna etter at du trykkjer på 'OK', og det blir prøvd å reparera filsystemet på det valde VeraCrypt-volumet med 'diskutil'. Resultatet blir vist i det vindauget.\n\nOm reparasjonen ikkje kan startast, blir Diskverktøy starta i staden. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.pl.xml b/Translations/Language.pl.xml index 21222f1a..0021d6da 100644 --- a/Translations/Language.pl.xml +++ b/Translations/Language.pl.xml @@ -1688,6 +1688,8 @@ Funkcja Secure Boot jest włączona, ale baza danych oprogramowania układowego Secure Boot nie ufa żadnemu zestawowi certyfikatów Microsoft UEFI CA obsługiwanemu przez program rozruchowy EFI VeraCrypt. Włącz albo certyfikat Microsoft Corporation UEFI CA 2011, albo zarówno certyfikat Microsoft UEFI CA 2023, jak i certyfikat Microsoft Option ROM UEFI CA 2023, a następnie uruchom naprawę lub ponowną instalację VeraCrypt. Ewentualnie wyłącz funkcję Secure Boot. Po kliknięciu przycisku „OK” otworzy się okno Terminala, w którym zostanie przeprowadzone sprawdzanie systemu plików na wybranym wolumenie VeraCrypt za pomocą polecenia „diskutil”. Wynik zostanie wyświetlony w tym oknie.\n\nJeśli nie uda się uruchomić sprawdzania, zamiast tego uruchomi się Narzędzie dyskowe. Po kliknięciu przycisku „OK” otworzy się okno Terminala, w którym zostanie podjęta próba naprawy systemu plików na wybranym wolumenie VeraCrypt za pomocą polecenia „diskutil”. Wynik zostanie wyświetlony w tym oknie.\n\nJeśli nie uda się uruchomić naprawy, zamiast tego uruchomi się Narzędzie dyskowe. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml index 7c00a885..d24f3588 100644 --- a/Translations/Language.pt-br.xml +++ b/Translations/Language.pt-br.xml @@ -1688,6 +1688,8 @@ A Inicialização Segura (Secure Boot) está ativada, mas o banco de dados de Secure Boot do firmware não confia em nenhum conjunto de CA UEFI da Microsoft compatível com o carregador de inicialização EFI do VeraCrypt. Ative Microsoft Corporation UEFI CA 2011 ou tanto Microsoft UEFI CA 2023 quanto Microsoft Option ROM UEFI CA 2023, e então execute a opção Reparar/Reinstalar do VeraCrypt. Como alternativa, desative o Secure Boot. Após você pressionar 'OK', uma janela do Terminal será aberta para verificar o sistema de arquivos do volume VeraCrypt selecionado usando 'diskutil'. O resultado será mostrado nessa janela.\n\nSe a verificação não puder ser iniciada, o Utilitário de Disco será iniciado em seu lugar. Após você pressionar 'OK', uma janela do Terminal será aberta para tentar reparar o sistema de arquivos do volume VeraCrypt selecionado usando 'diskutil'. O resultado será mostrado nessa janela.\n\nSe o reparo não puder ser iniciado, o Utilitário de Disco será iniciado em seu lugar. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.ro.xml b/Translations/Language.ro.xml index dde7f18e..5bf73720 100644 --- a/Translations/Language.ro.xml +++ b/Translations/Language.ro.xml @@ -1688,6 +1688,8 @@ Secure Boot este activat, dar baza de date Secure Boot din firmware nu consideră de încredere niciun set Microsoft UEFI CA acceptat de încărcătorul EFI al VeraCrypt. Activați fie Microsoft Corporation UEFI CA 2011, fie atât Microsoft UEFI CA 2023, cât și Microsoft Option ROM UEFI CA 2023, apoi rulați opțiunea Reparare/Reinstalare din VeraCrypt. Alternativ, dezactivați Secure Boot. După ce apăsați pe „OK”, se va deschide o fereastră a aplicației Terminal, iar sistemul de fișiere de pe volumul VeraCrypt selectat va fi verificat folosind „diskutil”. Rezultatul va fi afișat în acea fereastră.\n\nDacă verificarea nu poate fi pornită, se va lansa în schimb „Utilitar disc”. După ce apăsați pe „OK”, se va deschide o fereastră a aplicației Terminal, iar folosind „diskutil” se va încerca repararea sistemului de fișiere de pe volumul VeraCrypt selectat. Rezultatul va fi afișat în acea fereastră.\n\nDacă repararea nu poate fi pornită, se va lansa în schimb „Utilitar disc”. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.ru.xml b/Translations/Language.ru.xml index 97ab71b3..e6d6c9cc 100644 --- a/Translations/Language.ru.xml +++ b/Translations/Language.ru.xml @@ -1688,6 +1688,8 @@ Secure Boot включён, но база данных Secure Boot в микропрограмме не доверяет ни одному набору Microsoft UEFI CA, поддерживаемому EFI-загрузчиком VeraCrypt. Включите либо Microsoft Corporation UEFI CA 2011, либо одновременно Microsoft UEFI CA 2023 и Microsoft Option ROM UEFI CA 2023, затем выполните восстановление/переустановку VeraCrypt. Либо отключите Secure Boot. После нажатия 'OK' откроется окно Терминала, в котором с помощью 'diskutil' будет проверена файловая система выбранного тома VeraCrypt. Результат будет показан в этом окне.\n\nЕсли проверку не удастся запустить, вместо неё будет запущена Дисковая утилита. После нажатия 'OK' откроется окно Терминала, в котором с помощью 'diskutil' будет выполнена попытка исправить файловую систему выбранного тома VeraCrypt. Результат будет показан в этом окне.\n\nЕсли исправление не удастся запустить, вместо него будет запущена Дисковая утилита. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.sk.xml b/Translations/Language.sk.xml index f3d4709e..a021e678 100644 --- a/Translations/Language.sk.xml +++ b/Translations/Language.sk.xml @@ -1688,6 +1688,8 @@ Secure Boot je povolený, ale databáza Secure Boot vo firmvéri nedôveruje žiadnej sade Microsoft UEFI CA podporovanej EFI zavádzačom VeraCrypt. Povoľte buď Microsoft Corporation UEFI CA 2011, alebo súčasne Microsoft UEFI CA 2023 a Microsoft Option ROM UEFI CA 2023, potom spustite vo VeraCrypte možnosť "Oprava/opätovná inštalácia". Prípadne zakážte Secure Boot. Po stlačení tlačidla 'OK' sa otvorí okno Terminálu a pomocou 'diskutil' sa skontroluje systém súborov na vybranom zväzku VeraCrypt. Výsledok sa zobrazí v tomto okne.\n\nAk kontrolu nemožno spustiť, namiesto toho sa spustí Disková utilita. Po stlačení tlačidla 'OK' sa otvorí okno Terminálu a pomocou 'diskutil' sa vykoná pokus o opravu systému súborov na vybranom zväzku VeraCrypt. Výsledok sa zobrazí v tomto okne.\n\nAk opravu nemožno spustiť, namiesto toho sa spustí Disková utilita. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml index f2979cf3..f9600ea5 100644 --- a/Translations/Language.sl.xml +++ b/Translations/Language.sl.xml @@ -1688,6 +1688,8 @@ Secure Boot je omogočen, vendar zbirka podatkov Secure Boot v vdelani programski opremi ne zaupa nobenemu naboru Microsoft UEFI CA, ki ga podpira VeraCryptov zagonski nalagalnik EFI. Omogoči Microsoft Corporation UEFI CA 2011 ali pa tako Microsoft UEFI CA 2023 kot Microsoft Option ROM UEFI CA 2023, nato v VeraCryptu zaženi možnost Popravi/ponovno namesti. Lahko pa onemogočiš Secure Boot. Ko pritisneš 'V redu', se bo odprlo okno Terminala, v katerem se bo z ukazom 'diskutil' preveril datotečni sistem izbranega nosilca VeraCrypt. Rezultat bo prikazan v tem oknu.\n\nČe preverjanja ni mogoče zagnati, se bo namesto tega zagnal Disk Utility. Ko pritisneš 'V redu', se bo odprlo okno Terminala, v katerem se bo z ukazom 'diskutil' poskusilo popraviti datotečni sistem izbranega nosilca VeraCrypt. Rezultat bo prikazan v tem oknu.\n\nČe popravila ni mogoče zagnati, se bo namesto tega zagnal Disk Utility. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.sv.xml b/Translations/Language.sv.xml index 91c054b3..f0dcbe20 100644 --- a/Translations/Language.sv.xml +++ b/Translations/Language.sv.xml @@ -1688,6 +1688,8 @@ Secure Boot är aktiverat, men firmwarens Secure Boot-databas litar inte på någon Microsoft UEFI CA-uppsättning som stöds av VeraCrypts EFI-startinläsare. Aktivera antingen Microsoft Corporation UEFI CA 2011 eller både Microsoft UEFI CA 2023 och Microsoft Option ROM UEFI CA 2023, och kör sedan alternativet Reparera/installera om i VeraCrypt. Alternativt kan du inaktivera Secure Boot. Ett Terminal-fönster öppnas när du trycker på "OK" och kontrollerar filsystemet på den valda VeraCrypt-volymen med "diskutil". Resultatet visas i fönstret.\n\nOm kontrollen inte kan startas öppnas Skivverktyg i stället. Ett Terminal-fönster öppnas när du trycker på "OK" och försöker reparera filsystemet på den valda VeraCrypt-volymen med "diskutil". Resultatet visas i fönstret.\n\nOm reparationen inte kan startas öppnas Skivverktyg i stället. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.th.xml b/Translations/Language.th.xml index 4643f940..125d6fa1 100644 --- a/Translations/Language.th.xml +++ b/Translations/Language.th.xml @@ -1688,6 +1688,8 @@ Secure Boot เปิดใช้งานอยู่ แต่ฐานข้อมูล Secure Boot ของเฟิร์มแวร์ไม่เชื่อถือชุด Microsoft UEFI CA ใด ๆ ที่ตัวโหลดบูต EFI ของ VeraCrypt รองรับ เปิดใช้งาน Microsoft Corporation UEFI CA 2011 หรือเปิดใช้งานทั้ง Microsoft UEFI CA 2023 และ Microsoft Option ROM UEFI CA 2023 จากนั้นเรียกใช้ตัวเลือกซ่อมแซม/ติดตั้งใหม่ของ VeraCrypt หรือปิดใช้งาน Secure Boot แทน หน้าต่าง Terminal จะเปิดขึ้นหลังจากคุณกด 'ตกลง' และจะตรวจสอบระบบไฟล์บนวอลุ่ม VeraCrypt ที่เลือกโดยใช้ 'diskutil' ผลลัพธ์จะแสดงในหน้าต่างนั้น\n\nหากไม่สามารถเริ่มการตรวจสอบได้ Disk Utility จะถูกเปิดแทน หน้าต่าง Terminal จะเปิดขึ้นหลังจากคุณกด 'ตกลง' และจะพยายามซ่อมแซมระบบไฟล์บนวอลุ่ม VeraCrypt ที่เลือกโดยใช้ 'diskutil' ผลลัพธ์จะแสดงในหน้าต่างนั้น\n\nหากไม่สามารถเริ่มการซ่อมแซมได้ Disk Utility จะถูกเปิดแทน + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml index 19b2a493..f63ba959 100644 --- a/Translations/Language.tr.xml +++ b/Translations/Language.tr.xml @@ -1688,6 +1688,8 @@ Secure Boot etkin, ancak makine yazılımının Secure Boot veri tabanı VeraCrypt'in EFI başlatma yükleyicisinin desteklediği hiçbir Microsoft UEFI CA kümesine güvenmiyor. Microsoft Corporation UEFI CA 2011 ya da hem Microsoft UEFI CA 2023 hem de Microsoft Option ROM UEFI CA 2023 öğelerini etkinleştirin, ardından VeraCrypt Onar/Yeniden kur işlemini çalıştırın. Alternatif olarak Secure Boot özelliğini devre dışı bırakın. 'Tamam' üzerine tıkladıktan sonra bir Terminal penceresi açılacak ve 'diskutil' kullanılarak seçilmiş VeraCrypt biriminin dosya sistemi denetlenecek. Sonuç bu pencerede görüntülenecek.\n\nDenetim başlatılamazsa, bunun yerine Disk İzlencesi başlatılacak. 'Tamam' üzerine tıkladıktan sonra bir Terminal penceresi açılacak ve 'diskutil' kullanılarak seçilmiş VeraCrypt biriminin dosya sistemi onarılmaya çalışılacak. Sonuç bu pencerede görüntülenecek.\n\nOnarım başlatılamazsa, bunun yerine Disk İzlencesi başlatılacak. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.uk.xml b/Translations/Language.uk.xml index 0dfeb0e1..53af8abb 100644 --- a/Translations/Language.uk.xml +++ b/Translations/Language.uk.xml @@ -1688,6 +1688,8 @@ Secure Boot увімкнено, але база даних Secure Boot у мікропрограмі не довіряє жодному набору Microsoft UEFI CA, підтримуваному EFI-завантажувачем VeraCrypt. Увімкніть або Microsoft Corporation UEFI CA 2011, або одночасно Microsoft UEFI CA 2023 і Microsoft Option ROM UEFI CA 2023, потім виконайте відновлення/перевстановлення VeraCrypt. Або вимкніть Secure Boot. Після натискання 'Гаразд' відкриється вікно Термінала, у якому за допомогою 'diskutil' буде перевірено файлову систему вибраного тому VeraCrypt. Результат буде показано в цьому вікні.\n\nЯкщо перевірку неможливо запустити, натомість буде запущено Дискову утиліту. Після натискання 'Гаразд' відкриється вікно Термінала, у якому за допомогою 'diskutil' буде виконано спробу виправити файлову систему вибраного тому VeraCrypt. Результат буде показано в цьому вікні.\n\nЯкщо виправлення неможливо запустити, натомість буде запущено Дискову утиліту. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.uz.xml b/Translations/Language.uz.xml index 4872a7e6..ad896f39 100644 --- a/Translations/Language.uz.xml +++ b/Translations/Language.uz.xml @@ -1688,6 +1688,8 @@ Secure Boot ёқилган, аммо микродастурнинг Secure Boot маълумотлар базаси VeraCrypt EFI юклагичи қўллаб-қувватлайдиган Microsoft UEFI CA тўпламларининг ҳеч бирига ишонмайди. Microsoft Corporation UEFI CA 2011 ни ёки Microsoft UEFI CA 2023 ва Microsoft Option ROM UEFI CA 2023 иккаласини ёқинг, сўнг VeraCrypt "Таъмирлаш/қайта ўрнатиш" ни ишга туширинг. Ёки Secure Boot ни ўчиринг. 'OK' тугмасини босганингиздан сўнг Терминал ойнаси очилади ва танланган VeraCrypt томидаги файл тизими 'diskutil' ёрдамида текширилади. Натижа шу ойнада кўрсатилади.\n\nАгар текширувни бошлаб бўлмаса, унинг ўрнига Диск утилитаси ишга туширилади. 'OK' тугмасини босганингиздан сўнг Терминал ойнаси очилади ва танланган VeraCrypt томидаги файл тизимини 'diskutil' ёрдамида тузатишга уриниб кўрилади. Натижа шу ойнада кўрсатилади.\n\nАгар тузатишни бошлаб бўлмаса, унинг ўрнига Диск утилитаси ишга туширилади. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.vi.xml b/Translations/Language.vi.xml index d079aa94..f7c02a86 100644 --- a/Translations/Language.vi.xml +++ b/Translations/Language.vi.xml @@ -1688,6 +1688,8 @@ Secure Boot đang được bật, nhưng cơ sở dữ liệu Secure Boot của chương trình cơ sở không tin cậy bất kỳ bộ Microsoft UEFI CA nào được bộ tải khởi động EFI của VeraCrypt hỗ trợ. Hãy bật Microsoft Corporation UEFI CA 2011, hoặc bật cả Microsoft UEFI CA 2023 và Microsoft Option ROM UEFI CA 2023, sau đó chạy tùy chọn Sửa chữa/Cài đặt lại của VeraCrypt. Hoặc, hãy tắt Secure Boot. Một cửa sổ Terminal sẽ mở sau khi bạn bấm 'Đồng ý' và kiểm tra hệ thống tập tin trên tập đĩa VeraCrypt đã chọn bằng 'diskutil'. Kết quả sẽ được hiển thị trong cửa sổ đó.\n\nNếu không thể bắt đầu kiểm tra, Tiện ích Ổ đĩa sẽ được khởi chạy thay thế. Một cửa sổ Terminal sẽ mở sau khi bạn bấm 'Đồng ý' và thử sửa chữa hệ thống tập tin trên tập đĩa VeraCrypt đã chọn bằng 'diskutil'. Kết quả sẽ được hiển thị trong cửa sổ đó.\n\nNếu không thể bắt đầu sửa chữa, Tiện ích Ổ đĩa sẽ được khởi chạy thay thế. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.zh-cn.xml b/Translations/Language.zh-cn.xml index b8a042e0..e7c4d945 100644 --- a/Translations/Language.zh-cn.xml +++ b/Translations/Language.zh-cn.xml @@ -1689,6 +1689,8 @@ 安全启动已启用,但固件的安全启动数据库不信任 VeraCrypt EFI 引导加载程序支持的任何 Microsoft UEFI CA 集合。请启用 Microsoft Corporation UEFI CA 2011,或同时启用 Microsoft UEFI CA 2023 和 Microsoft Option ROM UEFI CA 2023,然后运行 VeraCrypt 的“修复/重新安装”。或者,请禁用安全启动。 按下“确定”后,将打开“终端”窗口,并使用 'diskutil' 检查所选 VeraCrypt 卷上的文件系统。结果将显示在该窗口中。\n\n如果无法开始检查,则将改为启动“磁盘工具”。 按下“确定”后,将打开“终端”窗口,并尝试使用 'diskutil' 修复所选 VeraCrypt 卷上的文件系统。结果将显示在该窗口中。\n\n如果无法开始修复,则将改为启动“磁盘工具”。 + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.zh-hk.xml b/Translations/Language.zh-hk.xml index 0172aab4..bf73522f 100644 --- a/Translations/Language.zh-hk.xml +++ b/Translations/Language.zh-hk.xml @@ -1688,6 +1688,8 @@ Secure Boot 已啟用,但韌體的 Secure Boot 資料庫不信任 VeraCrypt EFI 開機載入程式所支援的任何 Microsoft UEFI CA 集合。請啟用 Microsoft Corporation UEFI CA 2011,或同時啟用 Microsoft UEFI CA 2023 和 Microsoft Option ROM UEFI CA 2023,然後執行 VeraCrypt 修復或重新安裝。或者,請停用 Secure Boot。 按下 [確定] 後,將會開啟「終端機」視窗,並使用 'diskutil' 檢查所選 VeraCrypt 加密區上的檔案系統。結果會顯示在該視窗中。\n\n如果無法開始檢查,將會改為啟動「磁碟工具程式」。 按下 [確定] 後,將會開啟「終端機」視窗,並使用 'diskutil' 嘗試修復所選 VeraCrypt 加密區上的檔案系統。結果會顯示在該視窗中。\n\n如果無法開始修復,將會改為啟動「磁碟工具程式」。 + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/Translations/Language.zh-tw.xml b/Translations/Language.zh-tw.xml index 1946e1f6..da0391ee 100644 --- a/Translations/Language.zh-tw.xml +++ b/Translations/Language.zh-tw.xml @@ -1688,6 +1688,8 @@ Secure Boot 已啟用,但韌體的 Secure Boot 資料庫不信任 VeraCrypt EFI 開機載入程式所支援的任何 Microsoft UEFI CA 集合。請啟用 Microsoft Corporation UEFI CA 2011,或同時啟用 Microsoft UEFI CA 2023 和 Microsoft Option ROM UEFI CA 2023,然後執行 VeraCrypt 修復/重新安裝。或者,請停用 Secure Boot。 按下「確定」後,將會開啟「終端機」視窗,並使用「diskutil」檢查所選 VeraCrypt 加密區上的檔案系統。結果會顯示在該視窗中。\n\n如果無法開始檢查,將會改為啟動「磁碟工具程式」。 按下「確定」後,將會開啟「終端機」視窗,並使用「diskutil」嘗試修復所選 VeraCrypt 加密區上的檔案系統。結果會顯示在該視窗中。\n\n如果無法開始修復,將會改為啟動「磁碟工具程式」。 + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index cee921dc..b1c535d6 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -2629,6 +2629,8 @@ namespace VeraCrypt bool ContainsMicrosoftCorporationUefiCa2011; bool ContainsMicrosoftUefiCa2023; bool ContainsMicrosoftOptionRomUefiCa2023; + bool ContainsMicrosoftWindowsProductionPca2011; + bool ContainsWindowsUefiCa2023; bool DbMalformed; DWORD ParseError; }; @@ -3015,6 +3017,85 @@ namespace VeraCrypt 0x77, 0x87, 0xEC, 0x67, 0x2E, 0xB9, 0x87, 0x06, 0x46, 0xDD, 0x41, 0x43, 0x40, 0x6A, 0x5F, 0x2F }; + + // The two Windows boot manager signing CAs below are not used for loader-set selection. + // They are tracked so that the trust of the chainloaded Windows boot manager copy + // (bootmgfw_ms.vc) can be verified against the active Secure Boot db before a reboot. + // Microsoft Windows Production PCA 2011, SHA-1 thumbprint 580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D. + // DER source: https://go.microsoft.com/fwlink/p/?linkid=321192, SHA-256 E8E95F0733A55E8BAD7BE0A1413EE23C51FCEA64B3C8FA6A786935FDDCC71961. + static const uint8 microsoftWindowsProductionPca2011Rsa2048Modulus[256] = + { + 0xDD, 0x0C, 0xBB, 0xA2, 0xE4, 0x2E, 0x09, 0xE3, + 0xE7, 0xC5, 0xF7, 0x96, 0x69, 0xBC, 0x00, 0x21, + 0xBD, 0x69, 0x33, 0x33, 0xEF, 0xAD, 0x04, 0xCB, + 0x54, 0x80, 0xEE, 0x06, 0x83, 0xBB, 0xC5, 0x20, + 0x84, 0xD9, 0xF7, 0xD2, 0x8B, 0xF3, 0x38, 0xB0, + 0xAB, 0xA4, 0xAD, 0x2D, 0x7C, 0x62, 0x79, 0x05, + 0xFF, 0xE3, 0x4A, 0x3F, 0x04, 0x35, 0x20, 0x70, + 0xE3, 0xC4, 0xE7, 0x6B, 0xE0, 0x9C, 0xC0, 0x36, + 0x75, 0xE9, 0x8A, 0x31, 0xDD, 0x8D, 0x70, 0xE5, + 0xDC, 0x37, 0xB5, 0x74, 0x46, 0x96, 0x28, 0x5B, + 0x87, 0x60, 0x23, 0x2C, 0xBF, 0xDC, 0x47, 0xA5, + 0x67, 0xF7, 0x51, 0x27, 0x9E, 0x72, 0xEB, 0x07, + 0xA6, 0xC9, 0xB9, 0x1E, 0x3B, 0x53, 0x35, 0x7C, + 0xE5, 0xD3, 0xEC, 0x27, 0xB9, 0x87, 0x1C, 0xFE, + 0xB9, 0xC9, 0x23, 0x09, 0x6F, 0xA8, 0x46, 0x91, + 0xC1, 0x6E, 0x96, 0x3C, 0x41, 0xD3, 0xCB, 0xA3, + 0x3F, 0x5D, 0x02, 0x6A, 0x4D, 0xEC, 0x69, 0x1F, + 0x25, 0x28, 0x5C, 0x36, 0xFF, 0xFD, 0x43, 0x15, + 0x0A, 0x94, 0xE0, 0x19, 0xB4, 0xCF, 0xDF, 0xC2, + 0x12, 0xE2, 0xC2, 0x5B, 0x27, 0xEE, 0x27, 0x78, + 0x30, 0x8B, 0x5B, 0x2A, 0x09, 0x6B, 0x22, 0x89, + 0x53, 0x60, 0x16, 0x2C, 0xC0, 0x68, 0x1D, 0x53, + 0xBA, 0xEC, 0x49, 0xF3, 0x9D, 0x61, 0x8C, 0x85, + 0x68, 0x09, 0x73, 0x44, 0x5D, 0x7D, 0xA2, 0x54, + 0x2B, 0xDD, 0x79, 0xF7, 0x15, 0xCF, 0x35, 0x5D, + 0x6C, 0x1C, 0x2B, 0x5C, 0xCE, 0xBC, 0x9C, 0x23, + 0x8B, 0x6F, 0x6E, 0xB5, 0x26, 0xD9, 0x36, 0x13, + 0xC3, 0x4F, 0xD6, 0x27, 0xAE, 0xB9, 0x32, 0x3B, + 0x41, 0x92, 0x2C, 0xE1, 0xC7, 0xCD, 0x77, 0xE8, + 0xAA, 0x54, 0x4E, 0xF7, 0x5C, 0x0B, 0x04, 0x87, + 0x65, 0xB4, 0x43, 0x18, 0xA8, 0xB2, 0xE0, 0x6D, + 0x19, 0x77, 0xEC, 0x5A, 0x24, 0xFA, 0x48, 0x03 + }; + + // Windows UEFI CA 2023, SHA-1 thumbprint 45A0FA32604773C82433C3B7D59E7466B3AC0C67. + // DER source: https://go.microsoft.com/fwlink/?linkid=2239776, SHA-256 076F1FEA90AC29155EBF77C17682F75F1FDD1BE196DA302DC8461E350A9AE330. + static const uint8 windowsUefiCa2023Rsa2048Modulus[256] = + { + 0xBC, 0xB2, 0x35, 0xD1, 0x54, 0x79, 0xB4, 0x8F, + 0xCC, 0x81, 0x2A, 0x6E, 0xB3, 0x12, 0xD6, 0x93, + 0x97, 0x30, 0x7C, 0x38, 0x5C, 0xBF, 0x79, 0x92, + 0x19, 0x0A, 0x0F, 0x2D, 0x0A, 0xFE, 0xBF, 0xE0, + 0xA8, 0xD8, 0x32, 0x3F, 0xD2, 0xAB, 0x6F, 0x6F, + 0x81, 0xC1, 0x4D, 0x17, 0x69, 0x45, 0xCF, 0x85, + 0x80, 0x27, 0xA3, 0x7C, 0xB3, 0x31, 0xCC, 0xA5, + 0xA7, 0x4D, 0xF9, 0x43, 0xD0, 0x5A, 0x2F, 0xD7, + 0x18, 0x1B, 0xD2, 0x58, 0x96, 0x05, 0x39, 0xA3, + 0x95, 0xB7, 0xBC, 0xDD, 0x79, 0xC1, 0xA0, 0xCF, + 0x8F, 0xE2, 0x53, 0x1E, 0x2B, 0x26, 0x62, 0xA8, + 0x1C, 0xAE, 0x36, 0x1E, 0x4F, 0xA1, 0xDF, 0xB9, + 0x13, 0xBA, 0x0C, 0x25, 0xBB, 0x24, 0x65, 0x67, + 0x01, 0xAA, 0x1D, 0x41, 0x10, 0xB7, 0x36, 0xC1, + 0x6B, 0x2E, 0xB5, 0x6C, 0x10, 0xD3, 0x4E, 0x96, + 0xD0, 0x9F, 0x2A, 0xA1, 0xF1, 0xED, 0xA1, 0x15, + 0x0B, 0x82, 0x95, 0xC5, 0xFF, 0x63, 0x8A, 0x13, + 0xB5, 0x92, 0x34, 0x1E, 0x31, 0x5E, 0x61, 0x11, + 0xAE, 0x5D, 0xCC, 0xF1, 0x10, 0xE6, 0x4C, 0x79, + 0xC9, 0x72, 0xB2, 0x34, 0x8A, 0x82, 0x56, 0x2D, + 0xAB, 0x0F, 0x7C, 0xC0, 0x4F, 0x93, 0x8E, 0x59, + 0x75, 0x41, 0x86, 0xAC, 0x09, 0x10, 0x09, 0xF2, + 0x51, 0x65, 0x50, 0xB5, 0xF5, 0x21, 0xB3, 0x26, + 0x39, 0x8D, 0xAA, 0xC4, 0x91, 0xB3, 0xDC, 0xAC, + 0x64, 0x23, 0x06, 0xCD, 0x35, 0x5F, 0x0D, 0x42, + 0x49, 0x9C, 0x4F, 0x0D, 0xCE, 0x80, 0x83, 0x82, + 0x59, 0xFE, 0xDF, 0x4B, 0x44, 0xE1, 0x40, 0xC8, + 0x3D, 0x63, 0xB6, 0xCF, 0xB4, 0x42, 0x0D, 0x39, + 0x5C, 0xD2, 0x42, 0x10, 0x0C, 0x08, 0xC2, 0x74, + 0xEB, 0x1C, 0xDC, 0x6E, 0xBC, 0x0A, 0xAC, 0x98, + 0xBB, 0xCC, 0xFA, 0x1E, 0x3C, 0xA7, 0x83, 0x16, + 0xC5, 0xDB, 0x02, 0xDA, 0xD9, 0x96, 0xDF, 0x6B + }; const size_t efiGuidSize = 16; const size_t efiSignatureListHeaderSize = efiGuidSize + sizeof (uint32) * 3; const size_t efiSignatureOwnerSize = efiGuidSize; @@ -3066,6 +3147,16 @@ namespace VeraCrypt { support.ContainsMicrosoftOptionRomUefiCa2023 = true; } + else if (!support.ContainsMicrosoftWindowsProductionPca2011 + && BufferHasPattern (certificate, certificateSize, microsoftWindowsProductionPca2011Rsa2048Modulus, sizeof (microsoftWindowsProductionPca2011Rsa2048Modulus))) + { + support.ContainsMicrosoftWindowsProductionPca2011 = true; + } + else if (!support.ContainsWindowsUefiCa2023 + && BufferHasPattern (certificate, certificateSize, windowsUefiCa2023Rsa2048Modulus, sizeof (windowsUefiCa2023Rsa2048Modulus))) + { + support.ContainsWindowsUefiCa2023 = true; + } } } else if (BufferEquals (signatureList, efiCertRsa2048Guid, efiGuidSize)) @@ -3096,6 +3187,16 @@ namespace VeraCrypt { support.ContainsMicrosoftOptionRomUefiCa2023 = true; } + else if (!support.ContainsMicrosoftWindowsProductionPca2011 + && BufferEquals (publicKey, efiRsa2048KeySize, microsoftWindowsProductionPca2011Rsa2048Modulus, sizeof (microsoftWindowsProductionPca2011Rsa2048Modulus))) + { + support.ContainsMicrosoftWindowsProductionPca2011 = true; + } + else if (!support.ContainsWindowsUefiCa2023 + && BufferEquals (publicKey, efiRsa2048KeySize, windowsUefiCa2023Rsa2048Modulus, sizeof (windowsUefiCa2023Rsa2048Modulus))) + { + support.ContainsWindowsUefiCa2023 = true; + } } } @@ -3236,7 +3337,7 @@ namespace VeraCrypt ThrowUnsupportedEfiSecureBootDb (L"firmware db and Secure Boot state could not be read; refusing to select an unsupported EFI bootloader signing CA", dwError); // All Secure Boot state cases are handled above. - TC_THROW_FATAL_EXCEPTION; + ThrowUnsupportedEfiSecureBootDb (L"firmware db could not be read; refusing to select an unsupported EFI bootloader signing CA", dwError); } static void ThrowMissingEfiResource (const wchar_t* resourceName, bool rescueDisk) @@ -6111,6 +6212,70 @@ namespace VeraCrypt *pMicrosoft2023UefiCAsSupported = GetPreferredEfiBootLoaderResourceSet ().ResourceSet == VC_EFI_BOOT_LOADER_RESOURCE_SET_2023; } + bool BootEncryption::GetEfiBootChainTrustStatus (EfiBootChainTrustStatus& status) + { + memset (&status, 0, sizeof (status)); + + SystemDriveConfiguration config = GetSystemDriveConfiguration(); + if (!config.SystemPartition.IsGPT || !IsAdmin()) + return false; + + bool bSecureBootEnabled = false; + if (!TryFirmwareSecureBootEnabled (bSecureBootEnabled)) + return false; + status.SecureBootEnabled = bSecureBootEnabled; + + // Trust facts are only asserted from a fully parsed firmware db: acting on + // partial data could produce false "untrusted" reports. + FirmwareDbMicrosoftUefiCaSupport support; + if (!TryFirmwareDbGetMicrosoftUefiCaSupport (support) || support.DbMalformed) + return false; + + DWORD recordedResourceSet = 0; + if (!ReadRecordedEfiBootLoaderResourceSet (recordedResourceSet)) + return false; + status.InstalledResourceSet = recordedResourceSet; + + if (recordedResourceSet == VC_EFI_BOOT_LOADER_RESOURCE_SET_2023) + status.VeraCryptLoaderTrusted = FirmwareDbMicrosoftUefiCaSupportContains2023Set (support); + else if (recordedResourceSet == VC_EFI_BOOT_LOADER_RESOURCE_SET_2011) + status.VeraCryptLoaderTrusted = support.ContainsMicrosoftCorporationUefiCa2011; + else + return false; + + try + { + EfiBootInst.PrepareBootPartition (true); + + // The signer family of the chainloaded Windows boot manager copy is identified by the + // issuer name embedded in its Authenticode certificate table. Like loader-set selection, + // this is a byte-presence heuristic, not a signature verification. + std::vector loader; + if (EfiBootInst.ReadFileToBuffer (L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", loader) && !loader.empty ()) + { + static const char szWindowsProductionPca2011Name[] = "Microsoft Windows Production PCA 2011"; + static const char szWindowsUefiCa2023Name[] = "Windows UEFI CA 2023"; + bool bSignedThroughPca2011 = BufferHasPattern (loader.data (), loader.size (), szWindowsProductionPca2011Name, strlen (szWindowsProductionPca2011Name)); + bool bSignedThroughWindowsCa2023 = BufferHasPattern (loader.data (), loader.size (), szWindowsUefiCa2023Name, strlen (szWindowsUefiCa2023Name)); + + if (bSignedThroughPca2011 || bSignedThroughWindowsCa2023) + { + status.WindowsLoaderSignerKnown = true; + status.WindowsLoaderTrusted = + (bSignedThroughPca2011 && support.ContainsMicrosoftWindowsProductionPca2011) + || (bSignedThroughWindowsCa2023 && support.ContainsWindowsUefiCa2023); + } + } + } + catch (...) + { + // The EFI system partition could not be inspected; the VeraCrypt loader facts above remain valid. + } + + status.StatusKnown = true; + return true; + } + #ifndef SETUP void BootEncryption::CheckRequirements () { diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index 2611dc1b..1fb04a25 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -232,6 +232,18 @@ namespace VeraCrypt std::wstring BootVolumePath; }; + // Trust facts about the installed EFI boot chain, derived from the active Secure Boot db. + // Only valid when StatusKnown is true: partial or malformed firmware data never asserts facts. + struct EfiBootChainTrustStatus + { + bool StatusKnown; // Secure Boot state read and firmware db parsed completely + bool SecureBootEnabled; + bool VeraCryptLoaderTrusted; // signing CA(s) of the installed VeraCrypt EFI loader set found in db + bool WindowsLoaderSignerKnown; // signer family of EFI\Microsoft\Boot\bootmgfw_ms.vc identified + bool WindowsLoaderTrusted; // signing CA of bootmgfw_ms.vc found in db + DWORD InstalledResourceSet; // VC_EFI_BOOT_LOADER_RESOURCE_SET_2011 or VC_EFI_BOOT_LOADER_RESOURCE_SET_2023 + }; + class BootEncryption { public: @@ -319,6 +331,7 @@ namespace VeraCrypt static void UpdateSetupConfigFile (bool bForInstall); void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded); void GetEfiBootLoaderSigningSupport (BOOL* pMicrosoft2023UefiCAsSupported); + bool GetEfiBootChainTrustStatus (EfiBootChainTrustStatus& status); bool IsUsingUnsupportedAlgorithm(LONG driverVersion); void NotifyService (DWORD dwNotifyCmd); protected: diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 32ddae5a..b981636f 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1688,6 +1688,8 @@ Secure Boot is enabled, but the firmware Secure Boot database does not trust any Microsoft UEFI CA set supported by VeraCrypt's EFI bootloader. Enable either Microsoft Corporation UEFI CA 2011, or both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023, then run VeraCrypt Repair/Reinstall. Alternatively, disable Secure Boot. A Terminal window will open after you press 'OK' and check the file system on the selected VeraCrypt volume using 'diskutil'. The result will be shown in that window.\n\nIf the check cannot be started, Disk Utility will be launched instead. A Terminal window will open after you press 'OK' and attempt to repair the file system on the selected VeraCrypt volume using 'diskutil'. The result will be shown in that window.\n\nIf the repair cannot be started, Disk Utility will be launched instead. + Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. + Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting. diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 287a3032..88a72033 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -10827,6 +10827,22 @@ static void SystemFavoritesServiceLogInfo (const wstring &infoMessage) SystemFavoritesServiceLogMessage (infoMessage, EVENTLOG_INFORMATION_TYPE); } +static bool IsUnsupportedEfiSecureBootDbException (const ErrorException &e) +{ + return e.ErrLangId && strcmp (e.ErrLangId, "SYSENC_EFI_UNSUPPORTED_SECUREBOOT_CA") == 0; +} + +static void SystemFavoritesServiceLogBootLoaderUpdateError (const wchar_t *operation, const ErrorException &e) +{ + if (IsUnsupportedEfiSecureBootDbException (e)) + { + SystemFavoritesServiceLogError (wstring (operation) + L" failed: Secure Boot is enabled, but the firmware Secure Boot db does not trust any Microsoft UEFI CA set supported by VeraCrypt. See HKLM\\SOFTWARE\\VeraCrypt\\Diagnostics\\EfiBootLoader for the recorded selection reason."); + return; + } + + SystemFavoritesServiceLogError (wstring (operation) + L" failed while updating the boot loader."); +} + static void SystemFavoritesServiceSetStatus (DWORD status, DWORD waitHint = 0) { @@ -10884,8 +10900,28 @@ static void SystemFavoritesServiceUpdateLoaderProcessing (BOOL bForce) SystemFavoritesServiceLogInfo (L"SystemFavoritesServiceUpdateLoaderProcessing: InstallBootLoader calling"); bootEnc.InstallBootLoader (true); SystemFavoritesServiceLogInfo (L"SystemFavoritesServiceUpdateLoaderProcessing: InstallBootLoader called"); + + // Record in the event log when the active Secure Boot db no longer trusts a + // component of the boot chain (e.g. after a Secure Boot certificate update), + // so that a subsequent pre-boot failure can be diagnosed from Windows. + try + { + EfiBootChainTrustStatus trustStatus; + if (bootEnc.GetEfiBootChainTrustStatus (trustStatus) && trustStatus.StatusKnown && trustStatus.SecureBootEnabled) + { + if (!trustStatus.VeraCryptLoaderTrusted) + SystemFavoritesServiceLogWarning (L"Secure Boot chain check: the firmware Secure Boot db does not trust the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader. Pre-boot authentication may fail at the next reboot."); + else if (trustStatus.WindowsLoaderSignerKnown && !trustStatus.WindowsLoaderTrusted) + SystemFavoritesServiceLogWarning (L"Secure Boot chain check: the firmware Secure Boot db does not trust the Microsoft CA that signs the Windows boot manager copy used by VeraCrypt (bootmgfw_ms.vc). The handoff to Windows after pre-boot authentication may fail at the next reboot."); + } + } + catch (...) { } } } + catch (ErrorException &e) + { + SystemFavoritesServiceLogBootLoaderUpdateError (L"SystemFavoritesServiceUpdateLoaderProcessing", e); + } catch (Exception &) { SystemFavoritesServiceLogError (L"SystemFavoritesServiceUpdateLoaderProcessing failed while updating the boot loader."); @@ -11202,6 +11238,10 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz bootEnc.InstallBootLoader (true); } } + catch (ErrorException &e) + { + SystemFavoritesServiceLogBootLoaderUpdateError (L"PostOOBE boot loader update", e); + } catch (Exception &) { SystemFavoritesServiceLogError (L"PostOOBE boot loader update failed."); diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c index dde0f602..33c92acb 100644 --- a/src/Setup/Setup.c +++ b/src/Setup/Setup.c @@ -1799,6 +1799,22 @@ BOOL UpgradeBootLoader (HWND hwndDlg) bootEnc.InstallBootLoader (true); + // Verify the whole boot chain against the active Secure Boot db before the user + // reboots: a component that the firmware no longer trusts (e.g. after a Secure Boot + // certificate update) would otherwise only surface as a pre-boot failure. + try + { + EfiBootChainTrustStatus trustStatus; + if (bootEnc.GetEfiBootChainTrustStatus (trustStatus) && trustStatus.StatusKnown && trustStatus.SecureBootEnabled) + { + if (!trustStatus.VeraCryptLoaderTrusted) + Warning ("SYSENC_EFI_LOADER_NOT_TRUSTED_BY_SECUREBOOT", hwndDlg); + else if (trustStatus.WindowsLoaderSignerKnown && !trustStatus.WindowsLoaderTrusted) + Warning ("SYSENC_EFI_WINDOWS_LOADER_NOT_TRUSTED_BY_SECUREBOOT", hwndDlg); + } + } + catch (...) { } + if (bootEnc.GetInstalledBootLoaderVersion() <= TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION) { bUpdateRescueDisk = TRUE; diff --git a/src/SetupDLL/Setup.c b/src/SetupDLL/Setup.c index 1de2c3a6..29589855 100644 --- a/src/SetupDLL/Setup.c +++ b/src/SetupDLL/Setup.c @@ -94,6 +94,15 @@ BOOL bUpdateRescueDisk = FALSE; BOOL bRepairMode = FALSE; BOOL bUserSetLanguage = FALSE; +static BOOL EfiBootLoaderSelectionWasRefused () +{ + DWORD resourceSet = 0; + return ReadLocalMachineRegistryDword ( + (wchar_t *) VC_EFI_BOOT_LOADER_DIAGNOSTICS_REGISTRY_KEY, + (wchar_t *) VC_EFI_BOOT_LOADER_RESOURCE_SET_VALUE_NAME, + &resourceSet) && resourceSet == 0; +} + /* BOOL bMakePackage = FALSE; BOOL bDone = FALSE; @@ -1817,6 +1826,30 @@ BOOL UpgradeBootLoader_Dll (MSIHANDLE hInstaller, HWND hwndDlg) // this is done by the service now //bootEnc.InstallBootLoader (true); + // Verify the installed boot chain against the active Secure Boot db before the user + // reboots: a component that the firmware no longer trusts (e.g. after a Secure Boot + // certificate update) would otherwise only surface as a pre-boot failure. In the MSI + // upgrade path, the System Favorites service has already attempted the loader refresh. + try + { + if (EfiBootLoaderSelectionWasRefused ()) + { + MSILogAndShow (hInstaller, MSI_WARNING_LEVEL, GetString("SYSENC_EFI_UNSUPPORTED_SECUREBOOT_CA")); + } + else + { + EfiBootChainTrustStatus trustStatus; + if (bootEnc.GetEfiBootChainTrustStatus (trustStatus) && trustStatus.StatusKnown && trustStatus.SecureBootEnabled) + { + if (!trustStatus.VeraCryptLoaderTrusted) + MSILogAndShow (hInstaller, MSI_WARNING_LEVEL, GetString("SYSENC_EFI_LOADER_NOT_TRUSTED_BY_SECUREBOOT")); + else if (trustStatus.WindowsLoaderSignerKnown && !trustStatus.WindowsLoaderTrusted) + MSILogAndShow (hInstaller, MSI_WARNING_LEVEL, GetString("SYSENC_EFI_WINDOWS_LOADER_NOT_TRUSTED_BY_SECUREBOOT")); + } + } + } + catch (...) { } + if (bootEnc.GetInstalledBootLoaderVersion() <= TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION) { bUpdateRescueDisk = TRUE;