[ciphershed] Re: Reviewed commit e8529e95d89d3f519a31ef7de5bd7f0d0d318e8c

  • From: Rocki Hack <rocki.hack@xxxxxxxxx>
  • To: ciphershed@xxxxxxxxxxxxx
  • Date: Thu, 3 Jul 2014 11:21:03 +0200

The point is that if you migrate from truecrypt to ciphershed with windows
system encryption enabled
you must run the setup provided by ciphershed just on top of truecrypt.

The setup makes use of the code base and I think with rebranding it will
fail to detect that truecrypt is installed and/or can't read truecrypt's
settings.
I think the best solution is to document all changes very carefully and
also note how they affect truecrypt / ciphershed.
Then adjust the setup to properly migrate from truecrypt.

This is a first draft of functions / constants we need to look at very
carefully.


Common/Apidrvr.h

#define TC_UNIQUE_ID_PREFIX "TrueCryptVolume"
#define TC_MOUNT_PREFIX L"\\Device\\TrueCryptVolume"

#define NT_MOUNT_PREFIX DRIVER_STR("\\Device\\TrueCryptVolume")
#define NT_ROOT_PREFIX DRIVER_STR("\\Device\\TrueCrypt")
#define DOS_MOUNT_PREFIX DRIVER_STR("\\DosDevices\\")
#define DOS_ROOT_PREFIX DRIVER_STR("\\DosDevices\\TrueCrypt")
#define WIN32_ROOT_PREFIX DRIVER_STR("\\\\.\\TrueCrypt")

#define TC_DRIVER_CONFIG_REG_VALUE_NAME DRIVER_STR("TrueCryptConfig")
#define TC_ENCRYPTION_FREE_CPU_COUNT_REG_VALUE_NAME
DRIVER_STR("TrueCryptEncryptionFreeCpuCount")


Common\BootEncryption.cpp

DWORD BootEncryption::GetDriverServiceStartType ()
void BootEncryption::SetDriverServiceStartType (DWORD startType)
void BootEncryption::RegisterFilter (bool registerFilter, FilterType
filterType, const GUID *deviceClassGuid)
void BootEncryption::SetDriverConfigurationFlag (uint32 flag, bool state)
uint32 BootEncryption::ReadDriverConfigurationFlags ()


Common\Dlgcode.c

BOOL IsTrueCryptInstallerRunning (void)
uint32 ReadDriverConfigurationFlags ()
uint32 ReadEncryptionThreadPoolFreeCpuCountLimit ()
BOOL DoDriverInstall (HWND hwndDlg)
static int DriverLoad ()
BOOL IsNonInstallMode ()
void ManageStartupSeq (void)
void ManageStartupSeqWiz (BOOL bRemove, const char *arg)
char *GetConfigPath (char *fileName)
char *GetProgramConfigPath (char *fileName)
int DriverAttach (void)
BOOL CreateDriverSetupMutex (void)
BOOL CreateAppSetupMutex (void)


Driver\Ntdriver.c

BOOL IsVolumeClassFilterRegistered ()
NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
NTSTATUS WriteRegistryConfigFlags (uint32 flags)


2014-07-02 21:35 GMT+02:00 Bill Cox <waywardgeek@xxxxxxxxxxxxxx>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 7/2/2014 11:02 AM, Rocki Hack wrote:
> > IsVolumeClassFilterRegistered() is actually a problematic
> > function. We might already broke backward compatibility (e.g. for
> > system encryption) because of rebranding.
> ...
> > It's used in DriveFilter.c:
> >
> https://github.com/CipherShed/CipherShed/blob/master/src/Driver/DriveFilter.c#L527
> >
> >  You can find the volume filter here:
> >
> https://github.com/CipherShed/CipherShed/blob/master/src/Driver/VolumeFilter.c
>
> Excellent
> >
> catch!  I'll take a look, but it looks like you are our
> resident Windows API expert.  It probably makes more sense for you to
> fix the code, while the rest of us try to verify it.
>
> Bill
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJTtF8YAAoJEL9an3rWhBk+8UoP/AhTj8/nNJJP43cLBnNf/CBR
> GSRk3CoKE1JHJr995Z0CMkOqj6UXcn3OhvXusqXe4nELva/e8uQUZffp9JK09OGe
> qqyQr80cZ+L4O6ODFCfYS8NrWDM2Bht9fdcOglNcW4gMCTBIs+VCSrKw0gLnaw6s
> QMGkbFrwutjnzjZVrINw7LNVSVahssp/6mTSw2cTT4mJ0oLHu+kDOKMKzF80FWnB
> XYiuGF7+UJT9Zk1PMU233Xf1GwaRr0Z2/C2W8ETrVYYRNL9fXhwFdeHB1lluV38F
> 4u+nGU50e2vRwTsuWMoQGBbvLoCgHoq0K0AuJU8tFurcKOXaAfTW2Pti/EitqYv4
> gCP0g+6gNTb1BW2hgG8KsFrFCdGWf1h1A/7q0tMsyt7NDwoMFA29vNBXPM0zRsal
> tHdT19ndCffLmgKQudNAY+kead2Unzqf+jQnnGCPOByg+2SRR28wF0jsqflPO9oG
> ElQY3moxhNXx5d9MeII4dZKc6Rtg0wd0w5BswF6otzkvrg8w90vvTdmRGhGMB8X9
> IJNEGc4EhWcKmZwk08y5MoYYJC1ktU0HVOrefo3XNTWnclK+fm6Ur2JEkgfHx9vx
> bsj/g1HBaGLVNvTuBZ43bmHr2wJK0miJfzgYjj2w+b64UIhcr9zjliAFXTP9NAd7
> uIIjlsHjoJHnp/ERycE0
> =fg4o
> -----END PGP SIGNATURE-----
>
>

Other related posts:

  1. Home
  2. ciphershed
  3. Archive
  4. 07-2014