Track Microsoft Windows Production PCA 2011 and Windows UEFI CA 2023 in the firmware db parser so the trust of the chainloaded Windows boot manager copy (bootmgfw_ms.vc) can be verified.
Add BootEncryption::GetEfiBootChainTrustStatus to check the installed VeraCrypt loader set and the bootmgfw_ms.vc signer against the active Secure Boot db, asserting nothing from malformed or partial firmware data.
Warn before reboot during Setup upgrade/repair and log a System Favorites service event when a boot chain component is no longer trusted, so Secure Boot certificate changes surface in Windows instead of as a pre-boot failure.
Refs #1655.
Keep ordered flush barrier support available behind the new VC_DRIVER_CONFIG_ENABLE_ORDERED_FLUSH_BARRIERS driver configuration flag. With the flag clear, non-system IRP_MJ_FLUSH_BUFFERS requests complete successfully as they did before d1f73ce4 instead of entering EncryptedIoQueue.
This narrows the default Windows driver behavior while investigating 1.26.29 instability reports, but retains an opt-in path for targeted testing of ordered flush barriers. The close-time best-effort host flush is now gated by the same flag, so default close and dismount behavior also matches the pre-d1f73ce4 path.
CoreMacOSX::CheckFilesystem() ignored both its mountedVolume and repair
arguments and always just launched Disk Utility.app, so the "Check
Filesystem" and "Repair Filesystem" menu items behaved identically and
neither acted on the mounted volume. On Linux/BSD the same operation runs
fsck and honors the flag (passing -n only when repair is false).
Run diskutil on the VeraCrypt virtual device, choosing verifyVolume or
repairVolume per the flag (diskutil unmounts the inner filesystem itself
as needed). The Core layer has no GUI, so the result is shown in a
Terminal window via a temporary .command script; it falls back to
launching Disk Utility.app when no virtual device is available.
Run the macOS check in the unprivileged application process. VeraCrypt does
not need to create or launch the helper script from the elevated core
service: diskutil operates on the mounted virtual device and macOS handles
any device authorization requirements. Once a device-hosted mount has
started the elevated core service, every later service request is routed to
that root process. There it would create the helper script as root (0700)
and open a Terminal in the GUI session that the user could neither read nor
execute. CoreServiceProxy::CheckFilesystem now invokes the core
implementation directly on macOS instead of sending a service request, so
the script is always owned by the GUI user.
The device path is strictly validated as /dev/[r]diskN[sM] before being
single-quoted into the command. The helper script is created securely in
the per-user temp directory via mkstemps() (atomic O_EXCL/0600, fchmod
0700 by descriptor, close() checked for deferred write errors, unlinked on
any failure) rather than at a predictable, enumerable path in the
world-writable /tmp, guarding against a symlink/race on the executed
script. A trap removes the script on exit even if the window is closed
early, and it is also unlinked if launching Terminal fails. The script
captures $? so diskutil's result, including failures, is shown before the
script exits.
Replace the macOS pre-check message (which still told the user Disk
Utility would open and to pick Verify/Repair manually) with check- and
repair-specific text describing the new automatic diskutil flow.
Seed the two new strings into all translation files with the English
text so the XML key-completeness check passes; localization can follow.
Co-authored-by: Damian Rickard <damian@rickard.us>
Normalize menu separators in language XML files
Replace raw > characters in language entry text with the XML entity >,
and normalize remaining -> menu separators to > for consistency with the
existing language files.
The runtime text remains unchanged for escaped > characters because the
language parsers decode XML entities when loading strings.
Validate SecureBoot firmware data before trusting fallback selection and mark the unsupported-db helper as noreturn.
Record unsupported Secure Boot db refusals in EFI loader diagnostics, and avoid stale rescue-disk prompts after a refusal.
Reuse the central EFI loader selection policy for elevated signing-support checks instead of duplicating fallback/refusal logic.
Translate unsupported Secure Boot db failures across elevation without duplicate generic dialogs, surface stored-PIM refresh failures, and log unattended loader update failures.
Detect whether the active firmware Secure Boot db trusts the Microsoft Corporation UEFI CA 2011 before selecting the 2011-signed EFI loader set.
Abort with a clear diagnostic when Secure Boot is enabled but neither the 2011 CA nor the required 2023 CA pair is trusted, and document the CA requirements.
Preserve positive CA detection when malformed db data appears only after a supported Microsoft CA set has already been found, while recording the parse error in diagnostics.
Refs #1778.
Record EFI bootloader resource set changes during PostOOBE refreshes and mark a machine-wide rescue disk reminder.
Show the reminder on VeraCrypt startup using the existing generic rescue disk prompt and Create Rescue Disk flow.
Accept Argon2 and Argon2id aliases through HashGetIdByName so Windows mount parsing matches volume creation. Update Windows command-line documentation in English, Russian, and Chinese, and rebuild the CHM user guides.
The fixed-size data pool used by LoadLanguageData() in
src/Common/Language.c stores the embedded English XML strings plus the
selected language's XML strings. When AddPoolData() returns NULL
because the 1 MB DATA_POOL_CAPACITY is exhausted, LoadLanguageData()
aborts and returns FALSE. The callers ignore the return value, so the
dictionary is left partially populated: later XML entries (many
controls, warnings and newer dialogs) are missing while earlier
entries, including most menu items, remain translated.
Since 1.26.24 the XML language files have grown enough that several
languages now overflow the pool (e.g. Corsican, French, German and
Dutch).
Increase DATA_POOL_CAPACITY in src/Common/Dictionary.h from 1 MB to
4 MB to accommodate current and near-future translations.
This regression only affects the Windows version, which uses the
Win32/C localization path with this fixed pool. Linux and macOS use
wxWidgets/wxTranslations and do not use src/Common/Dictionary.c for
GUI localization.
Fixes: GH-1587
- Remove the redundant TC_STR_RELEASE_DATE define from Common/Tcdefs.h
- Add preprocessor helpers to convert TC_RELEASE_DATE_YEAR/MONTH/DAY into
the same "Month Day, Year" wide string used by TC_STR_RELEASED_BY
- Update source_date_epoch.sh to derive SOURCE_DATE_EPOCH from the three
numeric date defines only, removing the string-date parsing fallback
A SourceForge report pointed out that the password-change and header-KDF dialogs reused the current custom PIM when the user selected a different KDF. That was harmless when all choices used the same PBKDF2 PIM scale, but it is wrong with Argon2 because the same numeric PIM has different security and performance meaning.
Avoid silently carrying a custom PIM across KDF changes in both the Windows and wx dialogs. If the new KDF differs from the current one and the user has not explicitly opened the New PIM field, use the default PIM for the selected KDF instead. Keep preserving the current PIM when the KDF is unchanged.
Enable explicit New PIM entry in the header KDF-only flow, warn before resetting an existing custom PIM to the new KDF default, and validate explicitly entered KDF-only PIM values.
Report the new KDF from the Windows dialog as well as the new PIM so favorite volumes update both stored PIM and pinned KDF metadata after password or header KDF changes, including system favorites. Add translation fallbacks, documentation, and release notes for the new behavior.
Add a cancel callback and batch abort flag so auto-mount-all stops after dialog cancellation.
Mark MountVolume ERR_USER_ABORT with ERROR_CANCELLED so external /cancelmount also stops the scan.
Add a root-driver abort IOCTL that bypasses the mount control mutex and sets cooperative KDF abort flags for the active mount.
Restrict abort requests to privileged callers or to the user that initiated the pending mount, and retry early wait-dialog cancel requests until the driver has registered the cancellable mount context.
Wire the wait dialog Cancel button to send the abort request through a fresh driver handle, and propagate ERR_USER_ABORT through header/cache processing.
Add a /cancelmount command-line switch that sends the same abort request without displaying UI, so users can cancel hidden-wait-dialog mount operations from another process.
Keep caller-provided SOURCE_DATE_EPOCH authoritative and derive the automatic default through a shared helper used by the Makefile, direct CMake/CPack packaging, and the deb packaging wrapper.
When repository metadata is available, use the HEAD commit timestamp without relying on git -C. Resolve the source root before probing Git so symlinked source paths still use the checkout HEAD. For source tarballs without .git, derive the fallback timestamp from the release date encoded in Common/Tcdefs.h instead of the stale 2020-01-01 constant.
Add TC_RELEASE_DATE_DAY and validate it together with TC_RELEASE_DATE_YEAR, TC_RELEASE_DATE_MONTH, and TC_STR_RELEASE_DATE. Abort when no valid timestamp can be derived.
For direct CMake invocation, initialize SOURCEPATH when the wrapper has not provided it, use the shared helper for derivation, validate the result, and export it for package targets. Also persist the configured epoch through CPACK_PROJECT_CONFIG_FILE so later standalone cpack --config runs export the same value before invoking package generators.
Document that automatic git-checkout builds and release-tarball builds intentionally use different epochs; release reproducers should build from the tarball or set SOURCE_DATE_EPOCH explicitly.
Add a KDF checklist to the Windows benchmark dialog while keeping all algorithms selected by default.
Filter KDF benchmark execution to the checked algorithms and silently skip when none are selected.
Reuse existing KDF localization strings and keep Language.xml unchanged.
Only call the one-block assembly helper when one block remains after the three-block loop.
This prevents zero-block and multiple-of-three requests from reading and writing one extra block past the caller buffer.
Add a Twofish multiblock self-test covering block counts 0 through 9.
Align CRYPTO_INFO primary and secondary key-schedule buffers so cipher implementations can safely use word-sized schedule access on VeraCrypt-managed storage.
Keep generic Camellia direct uint64 schedule indexing. Builds that define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS use direct 64-bit key and block byte loads/stores; memcpy is retained only for strict-alignment builds.
Require SSSE3 before using the x64 AESNI 16-way Camellia path because the assembly uses pshufb in addition to AES and AVX.
Ensure SHA-256 and SHA-512 PBKDF cancellation paths restore saved extended processor state before cleanup. Remove unnecessary extended-state save/restore around BLAKE2s, which does not use AVX in the current implementation.
Hidden volumes are forced to quick format to avoid rewriting the hidden data area. Keep that behavior while skipping the file-container allocation shortcut that writes plaintext zero sectors at 128 MiB intervals.
The allocation shortcut remains enabled for non-hidden file containers; hidden containers now use only the encrypted formatter write path for sectors that are written.
Move the Unmount All mnemonic away from the single-volume Unmount action in the Windows resources and affected language files. This keeps the two main actions reachable through distinct keyboard accelerators across packaged translations.
Fixes https://github.com/veracrypt/VeraCrypt/issues/1751
Ensure ESP file writes have true replace semantics even when the operation is delegated to the elevated COM helper. This prevents shorter edits of EFI\VeraCrypt\DcsProp from leaving stale bytes at the end of the file.
Also XML-escape decoded EFI boot configuration values before serializing them, preserving values containing characters such as <, > and & during EfiBootConf save/update paths.
Fixes#954.
Mount temporary ReFS volumes as fixed media, since Windows does not support ReFS on removable media. Use FMIFS_HARDDISK for the FormatEx fallback while preserving the removable-media path for NTFS and exFAT.
Also make the FormatEx DONE-with-failure status explicit and guard against a missing callback parameter.
The Unix volume creation wizard applied the FAT32 sector-count limit as a blanket check for device-hosted hidden-volume outer volumes. On 512e disks Linux reports 512-byte logical sectors, so this incorrectly rejected larger device-hosted outer volumes even when the selected outer filesystem was not FAT.
Compute the actual VeraCrypt filesystem/data area size through a shared helper and apply the FAT32 size limit only when FAT is selected. This preserves correct FAT validation while allowing non-FAT outer volumes to proceed to the existing hidden-volume size estimation flow.
Update text-mode creation so FAT is not offered when the selected size cannot support it, and default to the platform native filesystem in that case. Clarify the user-facing FAT limit wording to refer to logical sector size.
Fixes#262
On Unix and macOS, the hidden volume wizard estimates the available space for non-FAT outer filesystems using statvfs(). The previous calculation used f_bsize with f_bavail, which can overstate available bytes on macOS exFAT because f_bsize may be the preferred I/O size instead of the fragment size associated with the block counts.
Use f_frsize when it is reported, fall back to f_bsize, and clamp the non-FAT estimate to the actual outer VeraCrypt data size before applying the existing 80% safety heuristic.
Also harden hidden volume creation in both the cross-platform VolumeCreator path and the Windows/common formatting path by rejecting sizes that would exceed the hidden host data area and overlap volume header space.
Fixes#1037
CentOS 6 builds VeraCrypt with GCC 4.4.7 and -std=c++0x. That compiler does not support range-based for loops, and its libstdc++ does not provide std::string::back() or std::string::pop_back().
Avoid those constructs in the affected Unix/Linux code paths: use VeraCrypt's existing foreach helper when iterating PKCS#11 object handles, and use indexing plus erase() when trimming trailing slashes from PATH entries.
This keeps the code valid for newer Linux toolchains while restoring compatibility with the CentOS 6 build environment.
OpenBSD builds were relying on ggod to generate embedded resource
headers. That tool is not available on a stock OpenBSD 7.9 install,
and using base od directly is not a safe substitute because it emits
zero-padded decimal values such as 060 and 098. Those tokens are then
included in C++ source and parsed as octal constants, which either
changes values or fails compilation.
Use hexdump with an explicit unsigned-byte format for OpenBSD. It is
part of the base system and emits unpadded decimal byte values suitable
for the existing resource-header pipeline.
The text-mode binary also crashed on normal process exit on OpenBSD,
including after --version, --test, create, mount, list, and dismount.
GDB showed the crash in libpcsclite_real during SCardReleaseContext(),
called from the static SCardManager destructor. This happened even for
commands that did not use EMV or security-token support because the
static manager constructor eagerly initialized PC/SC at startup.
Avoid eager PC/SC initialization and exit-time finalization on OpenBSD.
The existing call sites still initialize PC/SC lazily when EMV/token
operations need it, while ordinary CLI commands no longer touch
pcsc-lite and no longer crash during static destruction.
Validated on OpenBSD 7.9 amd64 with:
- gmake NOGUI=1 -j2
- veracrypt --text --version
- veracrypt --text --test
- device-hosted create/mount/list/dismount smoke test through doas/vnd
Refs #1589.
Refs #1593.
When preparing UEFI system encryption, check for the standard Windows bootmgfw.efi path before reading it. If it is absent, show the existing VeraCrypt diagnostic instead of surfacing a generic file-not-found error from the elevated COM path.
Argon2id includes the requested output length in its computation, so deriving 192 bytes and using a prefix is not equivalent to deriving only the selected cipher's key material length. This differs from PBKDF2, where the prefix property made this detail invisible.
VeraCrypt derives the maximum header key material currently needed by the supported cipher/cascade set, which is 192 bytes, and then uses the required prefix for the selected encryption algorithm. For AES-XTS this means the first 64 bytes of the 192-byte Argon2id output are used.
Make this design rule explicit in code and documentation by introducing ARGON2_HEADER_KEYDATA_SIZE instead of relying implicitly on GetMaxPkcs5OutSize. If a future cipher or cascade requires more than 192 bytes, that must be handled as an explicit format/design change.
Document the 192-byte Argon2id header KDF output requirement so third-party implementations derive the same header key material.
References: https://github.com/veracrypt/VeraCrypt/issues/1614
Embed both Microsoft UEFI CA 2011 and 2023 signed DCS EFI sets and select the 2023 set only when the firmware db trusts the required 2023 third-party CAs.
Fall back to the 2011 EFI set when firmware db state cannot be determined, preserving pre-existing compatibility behavior and recording the reason in HKLM diagnostics.
Refresh installed ESP modules during PostOOBE repair, keep backups before replacing existing DCS modules, and use the selected EFI set when creating rescue media.
Record the selected EFI bootloader resource set and selection reason in HKLM, allow larger firmware db variables on systems with many Secure Boot certificates, and remove diagnostic registry keys on uninstall.
Fix MSI SetupDLL COM typelib version constants so unregister targets the current Main and Format COM typelib versions.
References: https://github.com/veracrypt/VeraCrypt/issues/1655
Keep the NTFS kernel-driver option as a generic in-kernel NTFS path rather than an ntfs3-specific path. Add --filesystem=kernel-ntfs and -m kernelntfs routes that select a registered or loadable kernel NTFS driver and mount with -i so mount.ntfs/ntfs-3g helpers are not invoked.
Preserve --filesystem=ntfs3 as a literal pin to the ntfs3 driver. Treat both ntfs3 and kernel-ntfs as mount-only selectors; volume creation continues to use filesystem type NTFS.
The preference and -m kernelntfs path only select an in-kernel NTFS driver when no explicit filesystem type was supplied and blkid detects NTFS.
Treat ntfs as the preferred in-kernel driver on Linux 7.1 and later, where the upstream read/write driver is expected. On earlier kernels, select ntfs only when module metadata identifies the standalone read/write driver and /sys/module confirms it loaded, avoiding ntfs3 read-only ntfs compatibility registrations. Fall back to ntfs3 otherwise, and report a generic kernel-driver error if neither supported driver is available or loadable.
Rename the internal preference/config field to MountNtfsWithKernelDriver, migrate the old MountNtfsWithNtfs3 preference key, and update UI strings, CLI help, documentation, release notes, and translation placeholders accordingly.
Reference: https://github.com/veracrypt/VeraCrypt/issues/1735
Keep device selection enumeration unchanged to avoid slow dialog loads.
In the format wizard, inspect only the selected target with diskutil info -plist and reject APFS synthesized devices, macOS system/support targets, read-only targets, and current APFS system stores. Add a read-only APFS hint for creation failures.
Remove the duplicate Shell_NotifyIconW(NIM_MODIFY) call from the tray balloon helper. On Windows 11, the shell can queue the repeated NIF_INFO request and show the same unmount notification twice.
Fixes#1630
Reject empty or truncated TLV buffers, unsupported indefinite lengths, and declared value lengths that exceed the remaining input or uint16 node storage. Parse BER long-form lengths in big-endian order before copying value bytes.
Report explicit progress stages while writing volume data, writing backup headers, and flushing data to disk so the wizard does not appear stuck at 100%.
Keep the wizard in progress during Unix post-creation formatting and show status for temporary mount/device setup, mkfs invocation, and dismount.