diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml
index a1afb4eec7..0121254e20 100644
--- a/Translations/Language.cs.xml
+++ b/Translations/Language.cs.xml
@@ -1683,8 +1683,8 @@
Vybrané fyzické úložiště APFS '{0}' obsahuje aktuálně připojený systémový svazek macOS a nelze jej použít jako hostitele svazku VeraCryptu.
macOS hlásí vybrané zařízení '{0}' jako pouze pro čtení. Vyberte zapisovatelný fyzický diskový oddíl nebo disk.
macOS oznámil, že vybrané zařízení je pouze pro čtení. Jde-li o disk APFS, ujistěte se, že jste vybrali fyzický diskový oddíl úložiště APFS, nikoli syntetizovaný svazek APFS. Pomocí Diskové utility nebo příkazu 'diskutil list' určete fyzický diskový oddíl a zkuste to znovu.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Tento svazek je zaregistrován jako systémový oblíbený svazek a jeho nastavení PIM a/nebo KDF byla změněna.\nChcete, aby VeraCrypt automaticky aktualizoval konfiguraci systémového oblíbeného svazku (jsou vyžadována oprávnění správce)?\n\nMějte prosím na paměti, že pokud odpovíte ne, budete muset systémový oblíbený svazek aktualizovat ručně.
+ Vybraný KDF používá jiné parametry PIM, takže VeraCrypt nepoužije aktuální vlastní PIM. Nová hlavička svazku použije výchozí PIM pro vybraný KDF, pokud v sekci „Nové” nezvolíte „Použít PIM” a nezadáte vlastní hodnotu.\n\nChcete pokračovat?
diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml
index b74e206802..3995c1bb73 100644
--- a/Translations/Language.es.xml
+++ b/Translations/Language.es.xml
@@ -1683,8 +1683,8 @@
El almacenamiento físico APFS seleccionado '{0}' contiene el volumen de sistema macOS actualmente montado y no puede usarse como host de volumen VeraCrypt.
macOS informa que el dispositivo seleccionado '{0}' es de sólo lectura. Seleccione una partición física o disco con permiso de escritura.
macOS informó que el dispositivo seleccionado es de sólo lectura. Si se trata de un disco APFS, asegúrese de haber seleccionado la partición física de almacenamiento APFS, no un volumen APFS sintetizado. Use la Utilidad de Discos o 'diskutil list' para identificar la partición física y luego reinténtelo.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Este volumen está registrado como volumen favorito del sistema y se ha modificado su configuración de PIM y/o KDF.\n¿Desea que VeraCrypt actualice automáticamente la configuración del volumen favorito del sistema (se requieren privilegios de administrador)?\n\nTenga en cuenta que si responde No, tendrá que actualizar manualmente el volumen favorito del sistema.
+ El KDF seleccionado usa parámetros de PIM diferentes, por lo que VeraCrypt no reutilizará el PIM personalizado actual. La nueva cabecera del volumen usará el PIM predeterminado para el KDF seleccionado a menos que seleccione "Usar PIM" en la sección "Nueva" e introduzca un valor personalizado.\n\n¿Desea continuar?
diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml
index 830315bc7d..5f2f8e1203 100644
--- a/Translations/Language.fi.xml
+++ b/Translations/Language.fi.xml
@@ -1683,8 +1683,8 @@
Valittu fyysinen APFS-tallennusosio '{0}' sisältää parhaillaan liitetyn macOS-järjestelmätaltion, eikä sitä voi käyttää VeraCrypt-taltion isäntänä.
macOS ilmoittaa valitun laitteen '{0}' olevan vain luku -tilassa. Valitse kirjoituskelpoinen fyysinen osio tai levy.
macOS ilmoitti valitun laitteen olevan vain luku -tilassa. Jos kyseessä on APFS-levy, varmista, että valitsit fyysisen APFS-tallennusosion etkä APFS:n syntetisoitua taltiota. Käytä Levytyökalua tai komentoa 'diskutil list' fyysisen osion tunnistamiseen ja yritä sitten uudelleen.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Tämä taltio on rekisteröity järjestelmän suosikkitaltioksi ja sen PIM- ja/tai KDF-asetukset on muutettu.\nHaluatko, että VeraCrypt päivittää järjestelmän suosikkitaltion kokoonpanon automaattisesti (vaatii järjestelmänvalvojan oikeudet)?\n\nHuomaa, että jos vastaat ei, sinun on päivitettävä järjestelmän suosikkitaltio manuaalisesti.
+ Valittu KDF käyttää eri PIM-parametreja, joten VeraCrypt ei käytä uudelleen nykyistä mukautettua PIM-arvoa. Uusi taltion otsikko käyttää valitun KDF:n oletus-PIM-arvoa, ellet valitse Uusi-osiossa vaihtoehtoa "Käytä PIM" ja syötä mukautettua arvoa.\n\nHaluatko jatkaa?
diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml
index 50d550f387..a98fdd68d4 100644
--- a/Translations/Language.fr.xml
+++ b/Translations/Language.fr.xml
@@ -1683,8 +1683,8 @@
Le support physique APFS sélectionné '{0}' contient le volume système macOS actuellement monté et ne peut pas être utilisé comme hôte de volume VeraCrypt.
macOS signale que le périphérique sélectionné '{0}' est en lecture seule. Sélectionnez une partition physique ou un disque accessible en écriture.
macOS a signalé que le périphérique sélectionné est en lecture seule. S’il s’agit d’un disque APFS, assurez-vous d’avoir sélectionné la partition physique de stockage APFS et non un volume APFS synthétisé. Utilisez l’Utilitaire de disque ou 'diskutil list' pour identifier la partition physique, puis réessayez.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Ce volume est enregistré comme favori système et ses paramètres PIM et/ou KDF ont été modifiés.\nVoulez-vous que VeraCrypt mette automatiquement à jour la configuration du favori système (privilèges administrateur requis) ?\n\nVeuillez noter que si vous répondez « Non », vous devrez mettre à jour le favori système manuellement.
+ Le KDF sélectionné utilise des paramètres PIM différents, VeraCrypt ne réutilisera donc pas le PIM personnalisé actuel. Le nouvel en-tête du volume utilisera le PIM par défaut du KDF sélectionné, sauf si vous sélectionnez « Saisir un PIM » dans la section « Nouveau » et saisissez une valeur personnalisée.\n\nVoulez-vous continuer ?
diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml
index 360cb34358..8c217c8a4e 100644
--- a/Translations/Language.it.xml
+++ b/Translations/Language.it.xml
@@ -1683,8 +1683,8 @@
Lo store fisico APFS selezionato '{0}' contiene il volume di sistema macOS attualmente montato e non può essere usato come host di un volume VeraCrypt.
macOS segnala il dispositivo selezionato '{0}' come di sola lettura. Seleziona una partizione fisica o un disco scrivibile.
macOS ha segnalato il dispositivo selezionato come di sola lettura. Se questo è un disco APFS, assicurati di aver selezionato la partizione dello store fisico APFS, non un volume APFS sintetizzato. Usa Utility Disco o 'diskutil list' per identificare la partizione fisica, quindi riprova.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Questo volume è registrato come volume preferito di sistema e le sue impostazioni PIM e/o KDF sono state modificate.\nVuoi che VeraCrypt aggiorni automaticamente la configurazione del volume preferito di sistema (sono richiesti privilegi di amministratore)?\n\nNota che se rispondi No, dovrai aggiornare manualmente il volume preferito di sistema.
+ Il KDF selezionato usa parametri PIM diversi, quindi VeraCrypt non riutilizzerà il PIM personalizzato attuale. La nuova intestazione del volume userà il PIM predefinito per il KDF selezionato, a meno che tu non selezioni "Usa PIM" nella sezione "Nuovo" e inserisca un valore personalizzato.\n\nVuoi continuare?
diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml
index be4c264a58..3a8e9d805b 100644
--- a/Translations/Language.ja.xml
+++ b/Translations/Language.ja.xml
@@ -1683,8 +1683,8 @@
選択された APFS 物理ストア '{0}' には現在マウントされている macOS システムボリュームが含まれているため、VeraCrypt ボリュームホストとして使用できません。
macOS は、選択されたデバイス '{0}' を読み取り専用として報告しています。書き込み可能な物理パーティションまたはディスクを選択してください。
macOS は、選択されたデバイスを読み取り専用として報告しました。これが APFS ディスクの場合は、APFS 合成ボリュームではなく物理 APFS ストアパーティションを選択していることを確認してください。ディスクユーティリティまたは 'diskutil list' を使用して物理パーティションを確認してから、再試行してください。
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ このボリュームはシステムお気に入りボリュームとして登録されており、PIM および/または KDF の設定が変更されています。\nVeraCrypt がシステムお気に入りボリュームの設定を自動的に更新しても良いですか(管理者権限が必要です)?\n\nいいえを選択した場合は、システムお気に入りボリュームを手動で更新する必要があります。
+ 選択した KDF は異なる PIM パラメータを使用するため、VeraCrypt は現在のカスタム PIM を再利用しません。新しいボリュームヘッダーは、「新規」セクションで「PIMを使用する」を選択してカスタム値を入力しない限り、選択した KDF のデフォルトの PIM を使用します。\n\n続行しますか?
diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml
index d9873037e2..b771ddf5a5 100644
--- a/Translations/Language.ko.xml
+++ b/Translations/Language.ko.xml
@@ -1683,8 +1683,8 @@
선택한 APFS 물리적 저장소 '{0}'에는 현재 마운트된 macOS 시스템 볼륨이 포함되어 있으므로 VeraCrypt 볼륨 호스트로 사용할 수 없습니다.
macOS에서 선택한 장치 '{0}'을 읽기 전용으로 보고했습니다. 쓰기 가능한 물리적 파티션 또는 디스크를 선택하세요.
macOS에서 선택한 장치를 읽기 전용으로 보고했습니다. APFS 디스크인 경우 APFS 합성 볼륨이 아니라 물리적 APFS 저장소 파티션을 선택했는지 확인하세요. 디스크 유틸리티 또는 'diskutil list'를 사용하여 물리적 파티션을 식별한 다음 다시 시도하세요.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ 이 볼륨은 시스템 즐겨찾기로 등록되어 있으며 PIM 및/또는 KDF 설정이 변경되었습니다.\nVeraCrypt가 시스템 즐겨찾기 설정을 자동으로 업데이트하도록 하시겠습니까(관리자 권한 필요)?\n\n아니요를 선택하면 시스템 즐겨찾기를 수동으로 업데이트해야 합니다.
+ 선택한 KDF는 다른 PIM 매개변수를 사용하므로 VeraCrypt는 현재 사용자 지정 PIM을 재사용하지 않습니다. 새 볼륨 헤더는 '신규' 섹션에서 'PIM 사용하기'를 선택하고 사용자 지정 값을 입력하지 않는 한, 선택한 KDF의 기본 PIM을 사용합니다.\n\n계속하시겠습니까?
diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml
index 8f62aed7fe..504dfe3321 100644
--- a/Translations/Language.pt-br.xml
+++ b/Translations/Language.pt-br.xml
@@ -1683,8 +1683,8 @@
O armazenamento físico APFS selecionado '{0}' contém o volume de sistema macOS atualmente montado e não pode ser usado como host de volume VeraCrypt.
O macOS informa que o dispositivo selecionado '{0}' é somente leitura. Selecione uma partição física ou disco gravável.
O macOS informou que o dispositivo selecionado é somente leitura. Se for um disco APFS, certifique-se de ter selecionado a partição física de armazenamento APFS, não um volume APFS sintetizado. Use o Utilitário de Disco ou 'diskutil list' para identificar a partição física e tente novamente.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Este volume está registrado como volume favorito do sistema e suas configurações de PIM e/ou KDF foram alteradas.\nDeseja que o VeraCrypt atualize automaticamente a configuração do volume favorito do sistema (privilégios de administrador necessários)?\n\nObserve que, se você responder Não, terá que atualizar manualmente o volume favorito do sistema.
+ O KDF selecionado usa parâmetros de PIM diferentes, portanto, o VeraCrypt não reutilizará o PIM personalizado atual. O novo cabeçalho do volume usará o PIM padrão para o KDF selecionado, a menos que você selecione "Usar PIM" na seção "Novo" e insira um valor personalizado.\n\nDeseja continuar?
diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml
index d47787992f..8a7702c1bb 100644
--- a/Translations/Language.sl.xml
+++ b/Translations/Language.sl.xml
@@ -1683,8 +1683,8 @@
Izbrana fizična shramba APFS '{0}' vsebuje trenutno priklopljen sistemski nosilec macOS in je ni mogoče uporabiti kot gostitelja nosilca VeraCrypt.
macOS poroča, da je izbrana naprava '{0}' samo za branje. Izberi zapisljivo fizično particijo ali disk.
macOS je poročal, da je izbrana naprava samo za branje. Če je to disk APFS, se prepričaj, da si izbral fizično particijo shrambe APFS, ne sintetiziranega nosilca APFS. S programom Disk Utility ali ukazom 'diskutil list' poišči fizično particijo in poskusi znova.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Ta nosilec je registriran kot sistemski priljubljeni nosilec in njegove nastavitve PIM in/ali KDF so bile spremenjene.\nAli želiš, da VeraCrypt samodejno posodobi konfiguracijo sistemskega priljubljenega nosilca (potrebne so skrbniške pravice)?\n\nUpoštevaj, da boš moral sistemski priljubljeni nosilec posodobiti ročno, če odgovoriš z ne.
+ Izbrani KDF uporablja drugačne parametre PIM, zato VeraCrypt ne bo znova uporabil trenutnega PIM po meri. Nova glava nosilca bo uporabila privzeti PIM za izbrani KDF, razen če v razdelku »Novo« izbereš »Uporabi PIM« in vneseš vrednost po meri.\n\nAli želiš nadaljevati?
diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml
index 5e8bdf64ef..4e0ed980d1 100644
--- a/Translations/Language.tr.xml
+++ b/Translations/Language.tr.xml
@@ -1683,8 +1683,8 @@
Seçilmiş fiziksel APFS deposu '{0}', şu anda bağlı olan macOS sistem birimini içeriyor ve VeraCrypt birimi barındırmak için kullanılamaz.
macOS, seçilmiş aygıtı '{0}' salt okunur olarak bildiriyor. Yazılabilir bir fiziksel bölüm ya da disk seçin.
macOS, seçilmiş aygıtı salt okunur olarak bildirdi. Bu bir APFS diskiyse, APFS sentezlenmiş birimi değil fiziksel APFS depolama bölümünü seçtiğinizden emin olun. Fiziksel bölümü belirlemek için Disk İzlencesi ya da 'diskutil list' komutunu kullanıp yeniden deneyin.
- This volume is registered as a System Favorite and its PIM and/or KDF settings were changed.\nDo you want VeraCrypt to automatically update the System Favorite configuration (administrator privileges required)?\n\nPlease note that if you answer no, you'll have to update the System Favorite manually.
- The selected KDF uses different PIM parameters, so VeraCrypt will not reuse the current custom PIM. The new volume header will use the default PIM for the selected KDF unless you select "Use PIM" in the New section and enter a custom value.\n\nDo you want to continue?
+ Bu birim, sistem sık kullanılan birimi olarak kayıtlı ve kişisel çevrim çarpanı (PIM) ve/veya KDF ayarları değiştirildi.\nVeraCrypt'in sistem sık kullanılan biriminin yapılandırmasını otomatik olarak güncellemesini ister misiniz (yönetici yetkileri gerekli)?\n\nHayır yanıtını verirseniz, sistem sık kullanılan birimini el ile güncellemeniz gerekeceğini unutmayın.
+ Seçilen KDF, farklı kişisel çevrim çarpanı (PIM) parametreleri kullandığından VeraCrypt geçerli özel PIM değerini yeniden kullanmayacak. 'Yeni' bölümünde 'Kişisel çevrim çarpanı (PIM) kullanılsın' seçeneğini seçip özel bir değer girmediğiniz sürece, yeni birim üst bilgisi seçilen KDF için varsayılan PIM değerini kullanacak.\n\nİlerlemek istiyor musunuz?
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 4f616688c1..aa91b9993f 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -2640,7 +2640,7 @@ namespace VeraCrypt
IDR_EFI_DCSINFO_2023
};
- static const wchar_t *EfiBootLoaderDiagnosticsRegistryKey = L"Software\\VeraCrypt\\Diagnostics\\EfiBootLoader";
+ static const wchar_t *EfiBootLoaderDiagnosticsRegistryKey = VC_EFI_BOOT_LOADER_DIAGNOSTICS_REGISTRY_KEY;
static bool ReadFirmwareEnvironmentVariableBuffer (const wchar_t* name, const wchar_t* guid, std::vector& value, DWORD* pLastError = NULL)
{
@@ -2732,6 +2732,75 @@ namespace VeraCrypt
return selection;
}
+ static bool ReadRecordedEfiBootLoaderResourceSet (DWORD& resourceSet)
+ {
+ resourceSet = 0;
+ return ReadLocalMachineRegistryDword (
+ (wchar_t *) EfiBootLoaderDiagnosticsRegistryKey,
+ (wchar_t *) VC_EFI_BOOT_LOADER_RESOURCE_SET_VALUE_NAME,
+ &resourceSet) && resourceSet != 0;
+ }
+
+ static DWORD ReadEfiBootLoaderRescueDiskPromptId ()
+ {
+ DWORD promptId = 0;
+ ReadLocalMachineRegistryDword (
+ (wchar_t *) EfiBootLoaderDiagnosticsRegistryKey,
+ (wchar_t *) VC_EFI_BOOT_LOADER_RESCUE_DISK_PROMPT_ID_VALUE_NAME,
+ &promptId);
+ return promptId;
+ }
+
+ static bool WriteEfiBootLoaderDiagnosticsRegistryDword (const wchar_t *valueName, DWORD value)
+ {
+#ifndef SETUP
+ if (!IsAdmin () && IsUacSupported ())
+ {
+ try
+ {
+ Elevator::WriteLocalMachineRegistryDwordValue ((wchar_t *) EfiBootLoaderDiagnosticsRegistryKey, (wchar_t *) valueName, value);
+ return true;
+ }
+ catch (...) { }
+
+ return false;
+ }
+#endif
+ return WriteLocalMachineRegistryDword ((wchar_t *) EfiBootLoaderDiagnosticsRegistryKey, (wchar_t *) valueName, value) ? true : false;
+ }
+
+ static void MarkEfiBootLoaderRescueDiskRecreationNeeded (const EfiBootLoaderImages& images)
+ {
+ if (!images.ResourceSet)
+ return;
+
+ DWORD previousLastError = GetLastError ();
+ DWORD promptId = ReadEfiBootLoaderRescueDiskPromptId () + 1;
+ if (promptId == 0)
+ promptId = 1;
+
+ WriteEfiBootLoaderDiagnosticsRegistryDword (VC_EFI_BOOT_LOADER_RESCUE_DISK_PROMPT_RESOURCE_SET_VALUE_NAME, images.ResourceSet);
+ WriteEfiBootLoaderDiagnosticsRegistryDword (VC_EFI_BOOT_LOADER_RESCUE_DISK_PROMPT_ID_VALUE_NAME, promptId);
+ SetLastError (previousLastError);
+ }
+
+ static void RecordEfiBootLoaderRescueDiskResourceSet (const EfiBootLoaderImages& images)
+ {
+ if (!images.ResourceSet)
+ return;
+
+ DWORD previousLastError = GetLastError ();
+ WriteEfiBootLoaderDiagnosticsRegistryDword (VC_EFI_BOOT_LOADER_RESCUE_DISK_RESOURCE_SET_VALUE_NAME, images.ResourceSet);
+ SetLastError (previousLastError);
+ }
+
+ static void ClearEfiBootLoaderDiagnosticsRegistry ()
+ {
+ DWORD previousLastError = GetLastError ();
+ ::DeleteRegistryKey (HKEY_LOCAL_MACHINE, EfiBootLoaderDiagnosticsRegistryKey);
+ SetLastError (previousLastError);
+ }
+
static void RecordEfiBootLoaderResourceSetSelection (const EfiBootLoaderImages& images)
{
if (!images.ResourceSet || !images.SelectionReason)
@@ -2744,7 +2813,7 @@ namespace VeraCrypt
StringCchPrintfW (selectionTimeUtc, ARRAYSIZE (selectionTimeUtc), L"%04u-%02u-%02uT%02u:%02u:%02uZ",
systemTime.wYear, systemTime.wMonth, systemTime.wDay, systemTime.wHour, systemTime.wMinute, systemTime.wSecond);
- WriteLocalMachineRegistryDword ((wchar_t *) EfiBootLoaderDiagnosticsRegistryKey, L"EfiBootLoaderResourceSet", images.ResourceSet);
+ WriteLocalMachineRegistryDword ((wchar_t *) EfiBootLoaderDiagnosticsRegistryKey, (wchar_t *) VC_EFI_BOOT_LOADER_RESOURCE_SET_VALUE_NAME, images.ResourceSet);
WriteLocalMachineRegistryDword ((wchar_t *) EfiBootLoaderDiagnosticsRegistryKey, L"EfiBootLoaderFirmwareDbLastError", images.FirmwareDbError);
WriteLocalMachineRegistryString (EfiBootLoaderDiagnosticsRegistryKey, L"EfiBootLoaderSelectionReason", images.SelectionReason, FALSE);
WriteLocalMachineRegistryString (EfiBootLoaderDiagnosticsRegistryKey, L"EfiBootLoaderSelectionTimeUtc", selectionTimeUtc, FALSE);
@@ -3003,18 +3072,18 @@ namespace VeraCrypt
if (TryFirmwareDbContainsMicrosoft2023UefiCAs (bContainsMicrosoft2023UefiCAs))
{
if (bContainsMicrosoft2023UefiCAs)
- return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2023, 2023, L"firmware db contains Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023", ERROR_SUCCESS);
+ return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2023, VC_EFI_BOOT_LOADER_RESOURCE_SET_2023, L"firmware db contains Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023", ERROR_SUCCESS);
- return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, 2011, L"firmware db does not contain both Microsoft 2023 UEFI CAs", ERROR_SUCCESS);
+ return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, VC_EFI_BOOT_LOADER_RESOURCE_SET_2011, L"firmware db does not contain both Microsoft 2023 UEFI CAs", ERROR_SUCCESS);
}
DWORD dwError = GetLastError ();
if (IsFirmwareDbUnavailableError (dwError))
- return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, 2011, L"firmware db is unavailable; using 2011 compatibility fallback", dwError);
+ return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, VC_EFI_BOOT_LOADER_RESOURCE_SET_2011, L"firmware db is unavailable; using 2011 compatibility fallback", dwError);
bool bSecureBootEnabled = false;
if (TryFirmwareSecureBootEnabled (bSecureBootEnabled) && !bSecureBootEnabled)
- return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, 2011, L"Secure Boot is disabled and firmware db could not be read; using 2011 compatibility fallback", dwError);
+ return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, VC_EFI_BOOT_LOADER_RESOURCE_SET_2011, L"Secure Boot is disabled and firmware db could not be read; using 2011 compatibility fallback", dwError);
#ifndef SETUP
if (!IsAdmin () && IsUacSupported ())
{
@@ -3024,13 +3093,13 @@ namespace VeraCrypt
BOOL bElevatedContainsMicrosoft2023UefiCAs = FALSE;
Elevator::GetEfiBootLoaderSigningSupport (&bElevatedContainsMicrosoft2023UefiCAs);
if (bElevatedContainsMicrosoft2023UefiCAs)
- return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2023, 2023, L"elevated helper reported Microsoft 2023 UEFI CA support", dwError);
+ return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2023, VC_EFI_BOOT_LOADER_RESOURCE_SET_2023, L"elevated helper reported Microsoft 2023 UEFI CA support", dwError);
- return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, 2011, L"elevated helper did not report Microsoft 2023 UEFI CA support", dwError);
+ return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, VC_EFI_BOOT_LOADER_RESOURCE_SET_2011, L"elevated helper did not report Microsoft 2023 UEFI CA support", dwError);
}
#endif
- return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, 2011, L"firmware db could not be read; using 2011 compatibility fallback", dwError);
+ return MakeEfiBootLoaderResourceSelection (EfiBootLoaderResources2011, VC_EFI_BOOT_LOADER_RESOURCE_SET_2011, L"firmware db could not be read; using 2011 compatibility fallback", dwError);
}
static void ThrowMissingEfiResource (const wchar_t* resourceName, bool rescueDisk)
@@ -3093,6 +3162,35 @@ namespace VeraCrypt
BackupEfiBootLoaderImageIfDifferent (efiBoot, L"\\EFI\\VeraCrypt\\DcsInfo.dcs", L"\\EFI\\VeraCrypt\\DcsInfo.dcs.vc_backup", images.DcsInfo, images.SizeDcsInfo);
}
+ static bool EfiBootLoaderImageDiffers (EfiBoot& efiBoot, const wchar_t* imageName, uint8* replacementData, DWORD replacementSize)
+ {
+ std::vector currentImage;
+ if (!efiBoot.ReadFileToBuffer (imageName, currentImage))
+ return false;
+
+ return (currentImage.size () != replacementSize)
+ || ((replacementSize != 0) && (memcmp (currentImage.data (), replacementData, replacementSize) != 0));
+ }
+
+ static bool EfiBootLoaderImagesDiffer (EfiBoot& efiBoot, const EfiBootLoaderImages& images)
+ {
+ return EfiBootLoaderImageDiffers (efiBoot, L"\\EFI\\VeraCrypt\\DcsBoot.efi", images.DcsBoot, images.SizeDcsBoot)
+ || EfiBootLoaderImageDiffers (efiBoot, L"\\EFI\\VeraCrypt\\DcsInt.dcs", images.DcsInt, images.SizeDcsInt)
+ || EfiBootLoaderImageDiffers (efiBoot, L"\\EFI\\VeraCrypt\\DcsCfg.dcs", images.DcsCfg, images.SizeDcsCfg)
+ || EfiBootLoaderImageDiffers (efiBoot, L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs", images.LegacySpeaker, images.SizeLegacySpeaker)
+ || EfiBootLoaderImageDiffers (efiBoot, L"\\EFI\\VeraCrypt\\DcsInfo.dcs", images.DcsInfo, images.SizeDcsInfo);
+ }
+
+ static bool EfiBootLoaderRefreshRequiresRescueDiskPrompt (EfiBoot& efiBoot, const EfiBootLoaderImages& images)
+ {
+ DWORD recordedResourceSet = 0;
+ bool bRecordedResourceSetKnown = ReadRecordedEfiBootLoaderResourceSet (recordedResourceSet);
+ if (bRecordedResourceSetKnown && recordedResourceSet == images.ResourceSet)
+ return false;
+
+ return EfiBootLoaderImagesDiffer (efiBoot, images);
+ }
+
static void SaveEfiBootLoaderImages (EfiBoot& efiBoot, const EfiBootLoaderImages& images, bool backupExistingImages = false)
{
if (backupExistingImages)
@@ -4158,6 +4256,7 @@ namespace VeraCrypt
const bool bRefreshMsBootloader = !bModifiedMsBoot
|| bMissingMsBoot
|| (EfiBootInst.FileExists (szStdMsBootloader) && EfiBootInst.IsVeraCryptBootLoader (szStdMsBootloader));
+ const bool bRescueDiskPromptRequired = EfiBootLoaderRefreshRequiresRescueDiskPrompt (EfiBootInst, efiImages);
// Keep the firmware-visible loader path valid before the larger module refresh.
if (bRefreshMsBootloader && !EfiBootInst.FileExists (szStdMsBootloader))
@@ -4215,6 +4314,8 @@ namespace VeraCrypt
EfiBootInst.CopyFile (L"\\EFI\\VeraCrypt\\DcsBoot.efi", szStdEfiBootloader);
}
}
+ if (bRescueDiskPromptRequired)
+ MarkEfiBootLoaderRescueDiskRecreationNeeded (efiImages);
return;
}
}
@@ -4575,6 +4676,7 @@ namespace VeraCrypt
{
File isoFile (isoImagePath, false, true);
isoFile.Write (RescueZipData, RescueZipSize);
+ RecordEfiBootLoaderRescueDiskResourceSet (efiImages);
}
}
else
@@ -5324,6 +5426,8 @@ namespace VeraCrypt
device.Write (bootLoaderBuf, sizeof (bootLoaderBuf));
}
+ ClearEfiBootLoaderDiagnosticsRegistry ();
+
if (!IsAdmin() && IsUacSupported())
{
Elevator::UpdateSetupConfigFile (false);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 4fb8db68eb..ed03e5b4df 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -3739,9 +3739,56 @@ void SavePostInstallTasksSettings (int command)
}
+static BOOL ReadEfiBootLoaderDiagnosticsDword (const wchar_t *valueName, DWORD *value)
+{
+ return ReadLocalMachineRegistryDword (
+ (wchar_t *) VC_EFI_BOOT_LOADER_DIAGNOSTICS_REGISTRY_KEY,
+ (wchar_t *) valueName,
+ value);
+}
+
+
+static BOOL EfiBootLoaderRescueDiskResourceSetMatches (DWORD resourceSet)
+{
+ DWORD rescueDiskResourceSet = 0;
+
+ return resourceSet != 0
+ && ReadEfiBootLoaderDiagnosticsDword (VC_EFI_BOOT_LOADER_RESCUE_DISK_RESOURCE_SET_VALUE_NAME, &rescueDiskResourceSet)
+ && rescueDiskResourceSet == resourceSet;
+}
+
+
+static BOOL IsEfiBootLoaderRescueDiskPromptPending (void)
+{
+ DWORD promptId = 0;
+ DWORD recordedResourceSet = 0;
+ DWORD promptResourceSet = 0;
+
+ if (ReadEfiBootLoaderDiagnosticsDword (VC_EFI_BOOT_LOADER_RESCUE_DISK_PROMPT_ID_VALUE_NAME, &promptId) && promptId != 0)
+ {
+ if (!ReadEfiBootLoaderDiagnosticsDword (VC_EFI_BOOT_LOADER_RESCUE_DISK_PROMPT_RESOURCE_SET_VALUE_NAME, &promptResourceSet))
+ {
+ if (!ReadEfiBootLoaderDiagnosticsDword (VC_EFI_BOOT_LOADER_RESOURCE_SET_VALUE_NAME, &promptResourceSet))
+ return FALSE;
+ }
+
+ return !EfiBootLoaderRescueDiskResourceSetMatches (promptResourceSet);
+ }
+
+ if (ReadEfiBootLoaderDiagnosticsDword (VC_EFI_BOOT_LOADER_RESOURCE_SET_VALUE_NAME, &recordedResourceSet)
+ && recordedResourceSet == VC_EFI_BOOT_LOADER_RESOURCE_SET_2023)
+ {
+ return !EfiBootLoaderRescueDiskResourceSetMatches (recordedResourceSet);
+ }
+
+ return FALSE;
+}
+
+
void DoPostInstallTasks (HWND hwndDlg)
{
BOOL bDone = FALSE;
+ BOOL bEfiBootLoaderRescueDiskPromptPending = IsEfiBootLoaderRescueDiskPromptPending ();
if (FileExists (GetConfigPath (TC_APPD_FILENAME_POST_INSTALL_TASK_TUTORIAL)))
{
@@ -3759,7 +3806,7 @@ void DoPostInstallTasks (HWND hwndDlg)
bDone = TRUE;
}
- if (FileExists (GetConfigPath (TC_APPD_FILENAME_POST_INSTALL_TASK_RESCUE_DISK)))
+ if (FileExists (GetConfigPath (TC_APPD_FILENAME_POST_INSTALL_TASK_RESCUE_DISK)) || bEfiBootLoaderRescueDiskPromptPending)
{
if (AskYesNo ("AFTER_UPGRADE_RESCUE_DISK", hwndDlg) == IDYES)
PostMessage (hwndDlg, VC_APPMSG_CREATE_RESCUE_DISK, 0, 0);
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 88e171d62a..eef51754c4 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -82,6 +82,14 @@ enum
#define TC_APPD_FILENAME_POST_INSTALL_TASK_RELEASE_NOTES L"Post-Install Task - Release Notes"
#define TC_APPD_FILENAME_POST_INSTALL_TASK_RESCUE_DISK L"Post-Install Task - Rescue Disk"
+#define VC_EFI_BOOT_LOADER_DIAGNOSTICS_REGISTRY_KEY L"Software\\VeraCrypt\\Diagnostics\\EfiBootLoader"
+#define VC_EFI_BOOT_LOADER_RESOURCE_SET_2011 2011
+#define VC_EFI_BOOT_LOADER_RESOURCE_SET_2023 2023
+#define VC_EFI_BOOT_LOADER_RESOURCE_SET_VALUE_NAME L"EfiBootLoaderResourceSet"
+#define VC_EFI_BOOT_LOADER_RESCUE_DISK_PROMPT_ID_VALUE_NAME L"EfiBootLoaderRescueDiskPromptId"
+#define VC_EFI_BOOT_LOADER_RESCUE_DISK_PROMPT_RESOURCE_SET_VALUE_NAME L"EfiBootLoaderRescueDiskPromptResourceSet"
+#define VC_EFI_BOOT_LOADER_RESCUE_DISK_RESOURCE_SET_VALUE_NAME L"EfiBootLoaderRescueDiskResourceSet"
+
#define VC_FILENAME_RENAMED_SUFFIX L"_old"
/* customer service control code to build device list */