This project has moved and is read-only. For the latest updates, please go here.
2
Vote

Allow a longer arbitrary message at boot (on an encrypted system volume)

description

VeraCrypt has inherited the TrueCrypt capability of displaying a message when booting an encrypted system drive (by setting Settings -> System Encryption -> Boot Loader Screen Options).

But as in the original, this string is limited to 24 characters. That's fine for users who think they can fool an adversary by displaying a phony error message such as "Missing operating system", but it does me no good, since I want to display a legal warning such as the following, which one of my former employers displayed on the login screens of all its computers:

"Unauthorized access to or use of this system is a violation of law, subject to civil and criminal penalties."

Other things I might want to display are a menu of boot options (alternative operating systems) or a password hint, or some combination of the above.

Therefore I suggest that this string should allow at least 256 characters, and preferably more. I propose 2048, which is enough for a full 80x24 character screen.

comments

RandomNameforCode wrote Sep 23, 2015 at 9:46 AM

Even if you can display a list of boot options - it would be just text, no boot option?!

jdgalt wrote Sep 23, 2015 at 6:40 PM

That's all I was asking. A multi-boot system is already going to display its own menu, but sometimes it can use some explanation.

Enigma2Illusion wrote Sep 24, 2015 at 9:15 PM

The issue with this valid request is that the bootloader does not have the free space to add the additional characters. The bootloader size limit is 31232 bytes or 30.5 KB.

http://sourceforge.net/p/veracrypt/code/ci/41e810d652863b94dfc20a991347c480f2d99e15/

Unless additional efficiencies can be found the in the bootloader code or the removal of RIPEMD-160 which removes backward compatibility with TrueCrypt and older volumes of VeraCrypt for system encryption in order to reduce its footprint, it will not be possible to add the additional characters.

jdgalt wrote Sep 24, 2015 at 10:18 PM

How much free space is there? Would 80 characters work?

idrassi wrote Oct 11, 2015 at 9:39 PM

Actually, the custom message is stored in VeraCrypt boot sector directly: its maximum usable size is 440 bytes with veracrypt code and flags are taking around 408 bytes. So, we have at best 32 bytes for a custom message but it is better to leave some bytes in case other things must be added in the future. So, 24 bytes for the custom message are the maximum length we can afford now.

After the boot sector, the other 62 sectors are occupied by the boot loader and we can't write any custom data their. In total, VeraCrypt uses 63 sectors at the beginning of the disk and we can't use more before the following sectors can be taken by the first disk partition.

So, it is impossible to add more length to the custom message unless we squeeze the boot loader to take 61 sectors instead of 62. This may be possible by adding some extra compression but there is a risk of creating incompatibilities on some machines with the risk of not being able to boot after an update.

Anyway, this is the only possible solution and it is worth testing.