I have uploaded an installer for version 1.19-BETA1 into nightly builds folder that include the fix of Alex for EFI keyboard issue. This build also solves a crash on 32-bit machine when creating a volume that uses Streebog PRF.
Does it work better?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've been testing for the last hour and found this out on my own, lol.
I've changed my Yubikey input to delay it by 60ms. It now works, I would like the option if possible to have it running at "max speed".
As for the "USB ID" this sounds good, but I have 2 Yubikeys 1 as a backup locked away in my safe. Would it be possible to register more then 1 USB ID? For example a list of trusted keys, kind of like the U2F with Google etc.
Keep up the good work guys!
Last edit: madtbh 2016-08-20
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
No problem, was my pleasure! I would probably try to intigrate that certificate installer script and the keys themselves into the main VeraCrypt application. It would be nice to have everything together in one piece :-)
Last edit: Viktor 2016-08-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is it possible to improve the appearance of the login?
Now displayed in the line of the login password in the left upper corner with no logos, etc.
Well it looked like in the middle of the old TrueCrypt.
Last edit: personal 2016-08-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Enhancements to EFI Boot loader screen are planed. This include adding more text for presentation and help and also a graphic mode for touch screens where password can be typed without the need of a physical keyboard.
Last edit: Mounir IDRASSI 2016-08-21
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for the information.
It was nice to enter the options:
1. Hidden bootloader.
2. Visible bootloader version veracrypt etc. As pictured (without additional verification of PIM, etc.). If you turn them off.
I am a user who wants to protect data by thieves (idiots) I do not need at this time to fight the NSA, FBI, etc :).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have uploaded an installer for version 1.19-BETA2 into nightly builds folder that fixes a regression in the volume creation wizard that was causing a crash.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for your awesome work, I monitored this thread for a very long time. I was finally able to encrypt my Surface Pro 3, it was impossible to protect it with Truecrypt, Veracrypt or any other open source tool (which was sad because there's always a high risk that a tablet gets stolen).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am unable to encrypt the system partition on Windows 10 Pro Build 10586 using the 1.18a installer. It fails the pretest and I do not get prompted for the password. After I disabled secure boot, It does work.
Thanks for all your efforts on this.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for the feedback. Indeed, if Secure Boot is enabled, VeraCrypt can't encrypt the system unless VeraCrypt-DCS certificates are loaded into the motherboards firmware (instructions here, confirmed to work by many users).
Disabling Secure Boot is also a solution for those who can't load VeraCrypt-DCS certificates.
It is planned to add a warning about this in the encryption wizard when Secure Boot is enabled on the system.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I successfully encrypted my Windows 10 Version 1607 Build 14939.82, an HP laptop, using VeraCyprt 1.19-BETA2. I disabled Secure Boot in the BIOS.
However when I reboot I don't get the password screen for VeraCrypt. HP immediately starts trying to repair the system, fails and I eventually get the option to boot from USB.
I'm able to load the Veracrypt rescue disk and tried option "m, Restore Veracrypt loader to boot menu". That didn't seem to make any difference. I couldn't find documentation on the options in the rescue disk and so didn't try any of the other options other than decrypting the drive.
The decryption worked so even though I wasn't able to encrypt and use the computer, I was able to remove the encryption and restore it to a usable state.
Any ideas on what the problem is or what I could do differently?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After re-reading your post I see what you're asking. I've stopped the encryption process and started decrypion. Should be done in a few minutes. Then I'll run through the system encryption process again as you suggest and report back with the results.
Thanks for all your work on this! Awesome software!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the quick reply Alex! I've started the Veracrypt 1.19-BETA2 system encryption again (third times the charm hopefully). Estimate to complete encryption is 12 hours.
I've checked the current boot order and it says:
OS boot Manager (UEFI) - Windows Boot Manager (WDC WD10JDIX-60HD4J0)
Internal CD/DVD ROM Drive
USB Diskette on Key/USB Hard Disk
USB CD/DVD ROM Drive
After the encryption completes should there be another entry for Veracrypt? What should I look for?
Any other details I can give you to help debug?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It was not necessary to start encryption! At first we need to check setup of loader!
If you start encryption it is necessary to finish it. 12 hours.
It looks like VeraCrypt loader is not installed in boot menu.
Probably the BIOS have option to lock modification of boot menu.
BOOTICE is the simplest tool to modify EFI boot menu. Try to modify boot menu and add new menu item with VeraCrypt loader.
Could you experiment with BOOTICE or EFI Shell? To start Veracrypt loader it is necessary to execute EFI\VeraCrypt\DcsBoot.efi (from boot menu or from EFI shell)
To start shell.efi:
Copy the shell.efi to rescue disk EFI\Shell\shell.efi
Boot from the rescue disk and select "s"
(https://github.com/tianocore/edk2/blob/master/ShellBinPkg/UefiShell/X64/Shell.efi)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Do not decrypt disk! The only problem is boot loader menu. There are several possibilities to add it.
1. Rescue disk
2. Shell.efi (command: bcfg boot add ...)
3. BOOTICE
4. linux efi boot manager
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, sorry Alex. Its too late. I'd already gone ahead with what I said before I saw your replies. I'm not getting an email notification from sourceforge when you reply so I have to check back manually.
Where things are at now:
3% of drive had been encrypted
Stopped encryption
Selected Permanently Decrypt Drive
Decryption completed
Restarted system 3 times.
Do you want me to do your first suggestion?
After successful check of pwd postpone encrypt. Reboot or shutdown several times. Enter BIOS. Check boot order.
Or the second?
It looks like VeraCrypt loader is not installed in boot menu.
Probably the BIOS have option to lock modification of boot menu.
BOOTICE is the simplest tool to modify EFI boot menu. Try to modify boot menu and add new menu item with VeraCrypt loader.
Could you experiment with BOOTICE or EFI Shell? To start Veracrypt loader it is necessary to execute EFI\VeraCrypt\DcsBoot.efi (from boot menu or from EFI shell)
To start shell.efi:
Copy the shell.efi to rescue disk EFI\Shell\shell.efi
Boot from the rescue disk and select "s"
(https://github.com/tianocore/edk2/blob/master/ShellBinPkg/UefiShell/X64/Shell.efi)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have uploaded an installer for version 1.19-BETA1 into nightly builds folder that include the fix of Alex for EFI keyboard issue. This build also solves a crash on 32-bit machine when creating a volume that uses Streebog PRF.
Does it work better?
I've updated to the 1.19-BETA1 the keyboard issue is fixed, but I'm still having an issue with my Yubikey with a static password.
It's a 50 character password in total, 12 memorized characters and 38 via Yubikey static input.
It looks like it's only accepting the first 13 characters even when entered on it's own.
Last edit: madtbh 2016-08-20
I've added flush very fast input to protect from multiple keystrokes. Probably it can be removed.
Need to test.
Note: For extra security factor we are testing possibility to use external USB for key. USB ID is used to extend password.
Hi Alex,
I've been testing for the last hour and found this out on my own, lol.
I've changed my Yubikey input to delay it by 60ms. It now works, I would like the option if possible to have it running at "max speed".
As for the "USB ID" this sounds good, but I have 2 Yubikeys 1 as a backup locked away in my safe. Would it be possible to register more then 1 USB ID? For example a list of trusted keys, kind of like the U2F with Google etc.
Keep up the good work guys!
Last edit: madtbh 2016-08-20
Thank you for the info and workaround for Yuibikey.
USB ID works like key file in ordinary mount.
The only difference - it is more difficult to copy it.
Last edit: Alex 2016-08-20
I can confirm the successful testing. Well done everybody!
Thank you for your help to improve VeraCrypt.
No problem, was my pleasure! I would probably try to intigrate that certificate installer script and the keys themselves into the main VeraCrypt application. It would be nice to have everything together in one piece :-)
Last edit: Viktor 2016-08-21
Is it possible to improve the appearance of the login?
Now displayed in the line of the login password in the left upper corner with no logos, etc.
Well it looked like in the middle of the old TrueCrypt.
Last edit: personal 2016-08-21
Enhancements to EFI Boot loader screen are planed. This include adding more text for presentation and help and also a graphic mode for touch screens where password can be typed without the need of a physical keyboard.
Last edit: Mounir IDRASSI 2016-08-21
Thank you for the information.
It was nice to enter the options:
1. Hidden bootloader.
2. Visible bootloader version veracrypt etc. As pictured (without additional verification of PIM, etc.). If you turn them off.
I am a user who wants to protect data by thieves (idiots) I do not need at this time to fight the NSA, FBI, etc :).
We are testing new version of system login.
Details:
https://veracrypt.codeplex.com/discussions/656304#post1481662
I have uploaded an installer for version 1.19-BETA2 into nightly builds folder that fixes a regression in the volume creation wizard that was causing a crash.
Thanks for your awesome work, I monitored this thread for a very long time. I was finally able to encrypt my Surface Pro 3, it was impossible to protect it with Truecrypt, Veracrypt or any other open source tool (which was sad because there's always a high risk that a tablet gets stolen).
Mounir,
I am unable to encrypt the system partition on Windows 10 Pro Build 10586 using the 1.18a installer. It fails the pretest and I do not get prompted for the password. After I disabled secure boot, It does work.
Thanks for all your efforts on this.
Thank you for the feedback. Indeed, if Secure Boot is enabled, VeraCrypt can't encrypt the system unless VeraCrypt-DCS certificates are loaded into the motherboards firmware (instructions here, confirmed to work by many users).
Disabling Secure Boot is also a solution for those who can't load VeraCrypt-DCS certificates.
It is planned to add a warning about this in the encryption wizard when Secure Boot is enabled on the system.
Ahhh there is it. Thank you!
I successfully encrypted my Windows 10 Version 1607 Build 14939.82, an HP laptop, using VeraCyprt 1.19-BETA2. I disabled Secure Boot in the BIOS.
However when I reboot I don't get the password screen for VeraCrypt. HP immediately starts trying to repair the system, fails and I eventually get the option to boot from USB.
I'm able to load the Veracrypt rescue disk and tried option "m, Restore Veracrypt loader to boot menu". That didn't seem to make any difference. I couldn't find documentation on the options in the rescue disk and so didn't try any of the other options other than decrypting the drive.
The decryption worked so even though I wasn't able to encrypt and use the computer, I was able to remove the encryption and restore it to a usable state.
Any ideas on what the problem is or what I could do differently?
Hello,
Need more info.
Probably Windows changes boot order. You can check it in BIOS.
After successful check of pwd postpone encrypt. Reboot or shutdown several times. Enter BIOS. Check boot order.
After re-reading your post I see what you're asking. I've stopped the encryption process and started decrypion. Should be done in a few minutes. Then I'll run through the system encryption process again as you suggest and report back with the results.
Thanks for all your work on this! Awesome software!
Ok. The scenario with stop and decrypt has to work but I do not check it.
Thanks for the quick reply Alex! I've started the Veracrypt 1.19-BETA2 system encryption again (third times the charm hopefully). Estimate to complete encryption is 12 hours.
I've checked the current boot order and it says:
OS boot Manager (UEFI) - Windows Boot Manager (WDC WD10JDIX-60HD4J0)
Internal CD/DVD ROM Drive
USB Diskette on Key/USB Hard Disk
USB CD/DVD ROM Drive
After the encryption completes should there be another entry for Veracrypt? What should I look for?
Any other details I can give you to help debug?
It was not necessary to start encryption! At first we need to check setup of loader!
If you start encryption it is necessary to finish it. 12 hours.
It looks like VeraCrypt loader is not installed in boot menu.
Probably the BIOS have option to lock modification of boot menu.
BOOTICE is the simplest tool to modify EFI boot menu. Try to modify boot menu and add new menu item with VeraCrypt loader.
Could you experiment with BOOTICE or EFI Shell? To start Veracrypt loader it is necessary to execute EFI\VeraCrypt\DcsBoot.efi (from boot menu or from EFI shell)
To start shell.efi:
Copy the shell.efi to rescue disk EFI\Shell\shell.efi
Boot from the rescue disk and select "s"
(https://github.com/tianocore/edk2/blob/master/ShellBinPkg/UefiShell/X64/Shell.efi)
Do not decrypt disk! The only problem is boot loader menu. There are several possibilities to add it.
1. Rescue disk
2. Shell.efi (command: bcfg boot add ...)
3. BOOTICE
4. linux efi boot manager
Ok, sorry Alex. Its too late. I'd already gone ahead with what I said before I saw your replies. I'm not getting an email notification from sourceforge when you reply so I have to check back manually.
Where things are at now:
3% of drive had been encrypted
Stopped encryption
Selected Permanently Decrypt Drive
Decryption completed
Restarted system 3 times.
Do you want me to do your first suggestion?
Or the second?