I have the same problem like Fallen, but I've tried two wired keyboards and both randomly type the character twice in the bootloader. So I don't think the problem are wireless keyboards. Maybe it's USB-keyboards causing this behavior?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Weird laptop keyboard behavior on my end, too. Pressing any alphanumeric key on the password prompt fills it with several dozen asterisks which cannot be deleted or displayed with F5. The PIM prompt appears already filled with asterisks. I've tried a couple of USB keyboards, but they gave me the same result. I can type just fine in GRUB through UEFI so it doesn't look like a hardware problem.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Same problem here, using an expensive mechanical usb keyboard aswell so it is not the problem for sure. Also I've noticed that pressing alt+F1-F12 will also sometimes cause an asterisk to appear.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have uploaded the last BETA of 1.18 (BETA 11) to the nightly builds folder.
Now, the standard installer and the EFI installer are identical.
I'm still working on various details before releasing the final 1.18 which will have the same features as the BETA-11.
Most important changes in this last BETA:
Fix a privately reported TrueCrypt vulnerability that also affects VeraCrypt and that allows an attacker to detect the presence of a hidden volume. Reported by Ivanov Aleksey Mikhailovich (alekc96 [at] mail dot ru).
Solve hibernate issue that affected EFI system encryption.
Fix some keyboard issues that affected EFI bootloader.
Implemented Rescue Disk for EFI system encryption (a zip file that has to be extracted into a FAT USB key).
Tests are welcomed a usual.
I hope I will be able to finalized the 1.18 for tomorrow.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
To solve the issue I've added flush of input after each key press for 0.1s. Probably the value(0.1s) has to be configured via cfg.
The flush is added to password only. Probably it need update of PIM also.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The video demonstrates following scenario:
1. Picture password. (If touch screen is available)
2. OS key on a separate disk. (vbox_hiddenos_key.vhd)
3. OS key connected -> ask password -> password from encrypted OS (veraen) -> boot OS from disk 1
4. OS key connected -> ask password -> password from hidden OS (verahid) -> boot OS from disk 2
5. OS key disconnected -> boot Linux
Notes:
1. Button “Plt lck”: Means platform lock. To lock password need to change password and choose “Plt lck”. It adds platform key file to password (BIOS id and USB id if available)
2. Disk partitions: GPT on disk 2 contains the only MS reserved partition with hidden OS. It is possible to mount it from VeraCrypt but the MSR partition is not visible from Windows Disk Manager.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We decided to postpone modification of VeraCrypt driver to keep stability.
Also installation of the configuration from video is not easy. It requires several steps from Windows, EFI shell, WinPE. It is necessary to create wizard to simplify the installation (it is possible) but the wizard is not simple.
Note: My current interest is TPM/TCG support.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for sharing this issue.
I didn't have time to work on the Redstone release and clearly this is a big problem since it started to be deployed since August 2nd.
Big issue: signed driver will work only on Windows 10. This means VeraCrypt will have to ship two different versions of the driver and most importantly the VeraCrypt setup must correctly detect Windows 10...the last point is not as simple as it seems.
extra work while I'm lacking time to finish the other tasks :-(
I will keep you informed.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Which build version of Windows 10 are you running on your PCs? Click the lower left hand side Windows icon and type "winver" and press enter. Hopefully this will provide the Version.
Did you deinstall VeraCrypt and attempt to install VeraCrypt on Windows 10 Anniversary edition build 1607?
Microsoft is rolling out the Windows 10 Anniversary edition in stages and this is why your Windows Update shows that the OS is up-to-date. That is why you are still on the 1511 version.
BTW: I am running Windows 10 Pro 64-bit 1511 version and my Windows Update shows my PC as up-to-date.
Hence, this is why you are not see the problem that is being reported for 1607 version.
You can try getting the Windows 10 Anniversary edition by Google searching "Windows 10 Download" to see link to Microsoft site. Once on the Microsoft site, click on "Download tool now". Run the MediaCreationTool.exe and create a USB/DVD bootable disk to perform the upgrade. Hopefully this will upgrade you to 1607 version so you can see the error being reported when attempting to fresh install, not upgrade VeraCrypt.
Last edit: Enigma2Illusion 2016-08-15
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The change only applies to clean installations of 1607 (RS1) with Secure Boot enabled, so even if he upgrades he would still be able to use the current driver without problems.
The issue causing the failure to upgrade to 1607 is probably a different one, because people have been able to upgrade by decrypting and rencrypting after the upgrade.
Last edit: int god 2016-08-15
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Could you explain connection of Secure Boot option in UEFI and sign of the driver?
Does it mean that all drivers are signed by MS key for UEFI?
Could you check Signing Certificate Chain of binaries signed by MS service?
Does the chain include http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt?
to check:
signtool verify /v <drv.sys>
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hm, weird. The layout in windows is German, but English in BIOS. And yes it's a wireless one.
This happens only in bootloader. Is there an option to show characters?
Press F5 at the bootloader screen.
Nothing happens with F5. But I found an old PS2 keyboard and it worked fine. The issue is caused by my wireless keyboard.
Thank you guys :)
But I still am wondering, what characters my wireless keyboard writes. Even when I press Enter...
Nothing happens with F5, but I found an old PS2 keyboard and it works fine on boot loader. So the issue is caused by my wireless keyboard.
Thank you guys :)
Nevertheless, I still am wondering what characters my wireless keyboard puts, even by pressing Enter ^^
I have the same problem like Fallen, but I've tried two wired keyboards and both randomly type the character twice in the bootloader. So I don't think the problem are wireless keyboards. Maybe it's USB-keyboards causing this behavior?
Weird laptop keyboard behavior on my end, too. Pressing any alphanumeric key on the password prompt fills it with several dozen asterisks which cannot be deleted or displayed with F5. The PIM prompt appears already filled with asterisks. I've tried a couple of USB keyboards, but they gave me the same result. I can type just fine in GRUB through UEFI so it doesn't look like a hardware problem.
Same problem here, using an expensive mechanical usb keyboard aswell so it is not the problem for sure. Also I've noticed that pressing alt+F1-F12 will also sometimes cause an asterisk to appear.
Very interesting. I hope Mounir can reproduce this bug and is ablte to find the cause.
@Bee Cee the filled PIM field may be caused by return key. So by pressing return, the bootloader reads the return key as an input character, too
I have uploaded the last BETA of 1.18 (BETA 11) to the nightly builds folder.
Now, the standard installer and the EFI installer are identical.
I'm still working on various details before releasing the final 1.18 which will have the same features as the BETA-11.
Most important changes in this last BETA:
Tests are welcomed a usual.
I hope I will be able to finalized the 1.18 for tomorrow.
I've tried encrypting my EFI system.
The random double keystrokes are nearly gone,
but in the PIM-Field the key is still typed twice sometimes.
Last edit: Civury 2016-08-15
To solve the issue I've added flush of input after each key press for 0.1s. Probably the value(0.1s) has to be configured via cfg.
The flush is added to password only. Probably it need update of PIM also.
@Mounir, when can we expect the integration and publication of the source code for the EFI bootloader?
Thanks for all the good work you're doing with VC.
Last edit: int god 2016-08-15
I'm working towards the publication of the source code of EFI bootloader today.
It will be licensed as LGPL.
Thanks!
Out of curiosity: why the different license? Is it because the bootloader is derived from LGPL code?
We discussed license for DCS with Mounir. LGPL was my decision.
DCS is very flexible. Demo video
http://sendvid.com/px9jirm6
The video demonstrates following scenario:
1. Picture password. (If touch screen is available)
2. OS key on a separate disk. (vbox_hiddenos_key.vhd)
3. OS key connected -> ask password -> password from encrypted OS (veraen) -> boot OS from disk 1
4. OS key connected -> ask password -> password from hidden OS (verahid) -> boot OS from disk 2
5. OS key disconnected -> boot Linux
Notes:
1. Button “Plt lck”: Means platform lock. To lock password need to change password and choose “Plt lck”. It adds platform key file to password (BIOS id and USB id if available)
2. Disk partitions: GPT on disk 2 contains the only MS reserved partition with hidden OS. It is possible to mount it from VeraCrypt but the MSR partition is not visible from Windows Disk Manager.
Interesting. Looking forward to seeing the code behind it.
Thanks for your work on the bootloader.
Last edit: int god 2016-08-16
All code of the loader is published.
We decided to postpone modification of VeraCrypt driver to keep stability.
Also installation of the configuration from video is not easy. It requires several steps from Windows, EFI shell, WinPE. It is necessary to create wizard to simplify the installation (it is possible) but the wizard is not simple.
Note: My current interest is TPM/TCG support.
Can't test Veracrypt on Windows 10 Redstone because all kernel drivers need to be signed by Microsoft.
Installation always fails. See https://msdn.microsoft.com/en-us/windows/hardware/drivers/develop/attestation-signing-a-kernel-driver-for-public-release
Is there a work around? This protection is always enabled for new Windows installations.
Last edit: Min 2016-08-15
Thank you for sharing this issue.
I didn't have time to work on the Redstone release and clearly this is a big problem since it started to be deployed since August 2nd.
Big issue: signed driver will work only on Windows 10. This means VeraCrypt will have to ship two different versions of the driver and most importantly the VeraCrypt setup must correctly detect Windows 10...the last point is not as simple as it seems.
extra work while I'm lacking time to finish the other tasks :-(
I will keep you informed.
Hi,
Very strange. I'm working with Windows 10 Pro + VeraCrypt on my main computer.
My version of driver(development) is signed ordinary way via signtool. It is OK.
My main test and development platform is Fujitsu T732 with UEFI.
Could you write more details about your configuration?
Hello Alex,
Which build version of Windows 10 are you running on your PCs? Click the lower left hand side Windows icon and type "winver" and press enter. Hopefully this will provide the Version.
Did you deinstall VeraCrypt and attempt to install VeraCrypt on Windows 10 Anniversary edition build 1607?
https://veracrypt.codeplex.com/workitem/497
My version of Microsoft Windows 1511 (OS Build 10586.545)
Windows Update shows that my device is up to date
Microsoft is rolling out the Windows 10 Anniversary edition in stages and this is why your Windows Update shows that the OS is up-to-date. That is why you are still on the 1511 version.
BTW: I am running Windows 10 Pro 64-bit 1511 version and my Windows Update shows my PC as up-to-date.
Hence, this is why you are not see the problem that is being reported for 1607 version.
You can try getting the Windows 10 Anniversary edition by Google searching "Windows 10 Download" to see link to Microsoft site. Once on the Microsoft site, click on "Download tool now". Run the MediaCreationTool.exe and create a USB/DVD bootable disk to perform the upgrade. Hopefully this will upgrade you to 1607 version so you can see the error being reported when attempting to fresh install, not upgrade VeraCrypt.
Last edit: Enigma2Illusion 2016-08-15
The change only applies to clean installations of 1607 (RS1) with Secure Boot enabled, so even if he upgrades he would still be able to use the current driver without problems.
The issue causing the failure to upgrade to 1607 is probably a different one, because people have been able to upgrade by decrypting and rencrypting after the upgrade.
Last edit: int god 2016-08-15
Thank you for clarification.
I'll try to reproduce the issue in VBOX.
Could you explain connection of Secure Boot option in UEFI and sign of the driver?
Does it mean that all drivers are signed by MS key for UEFI?
Could you check Signing Certificate Chain of binaries signed by MS service?
Does the chain include http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt?
to check:
signtool verify /v <drv.sys>