Felis

Hi, Experimenting with PKCS#11 option in Windows, stuck, need help and fresh ideas) I have created a Virtual Smart Card in TPM. Then installed OpenSC Project In settings->security tokens selected opensc-pkcs11.dll Started creating container and generated random 64byte keyfile Then selected keyfiles->add token files and tried to import keyfile to token but whatever I try I get Security token error: Data invalid Is there any required structure for this keyfile? Or can it be a problem of OpenSC Project?...

Update. *I am mounting EFI system partiotion as Z:* I was wrong about launching unsigned files: It turns out that Lenovo UEFI tries to start, fails once, and then overwrites files on Z:\EFI\Veracrypt with original microsoft signed .efi and .dcs files. Even if I delete everything from this folder - UEFI just restores them during boot! What is going on? Where does it store the files? Tried same scenario on older ASUS laptop: when I delete all from Z:\EFI\Veracrypt - folder stays empty and I have to...

Update. *I am mounting EFI system partiotion as Z:* I was wrong about launching unsigned files: It turns out that Lenovo UEFI tries to start, fails once, and then overwrites files on Z:\EFI\Veracrypt with original microsoft signed .efi and .dcs files. Even if I delete everything from this folder - UEFI just restores them during boot! What is going on? Where does it store the files? Tried same scenario on older ASUS laptop: when I delete all from Z:\EFI\Veracrypt - folder stays empty and I have to...

Hi everyone, I spent some time discovering secure boot functionality, and need help with theory: For starters I installed VeraCrypt (from Sourceforge binary) on my laptop (fresh UEFI dated 2020-10). And enabled secure boot with factory certificates. I thought Vera bootlader will be declined because it's not signed, but it worked. So I extracted bootlader binaries from disk, and it turned out they were signed by Microsoft: "Microsoft Windows UEFI Driver Publisher" but certificate was valid to: Sunday,...

Exectly the same problem I had. SR and password work correctly but maybe H_ESP partition is damaged. To check this you may create WinPE USB and launch VC portable from it. Then go to system->mount without preboot authentification. Note: if you will try to "mount without pre-boot authentification" from decoy os you'll see the next error message:

I have not found "No media" error message on VC sources on github, and have no idea how to reproduce that error. Maybe you've got a screenshot or more info?

Here goes V1.0 of the manual The instruction is totaly checked on my system and working. Added some Q&A and hints, mainly from this topic. Well this journey took me through EFI operation theory, bootloaders and still have lots of questions I'd like to cover. For example: 1. How to save DcsProp to SR? 2. Does the existence of authorisation USB (with SR) prove the existence of hidden OS in the system? And theoretical questions like: 3. Is it safe to use system encryption on SSD (due it's regions hidden...

Decrypted gpt_enc to gpt_dec and checked "-pl" and "-pexec": all in place and seems to be correct. But still "Can't open start partition ... status - unsupported" Can you explain how "-pa" works? I thought it just overwrites GPT but seems like it's more sofisticated... WinPE on the same USB stick is a good idea, I'll definitely try that!