This project has moved and is read-only. For the latest updates, please go here.
1
Vote

Veracrypt upgrade from 1.0f-1 to 1.16 possible corrupting boot loader (possible cause)

description

Hi guys,

Upgrading from VeraCrypt Setup 1.0f-1 directly to VeraCrypt Setup 1.16 while using full system encryption will not allow you to boot at all, it will upgrade but when you reboot and after entering your password it will not boot at all, it just stays on the password screen.

When upgrading at first the program tells you to create a new rescue disk, but you must restart first before creating a new rescue disk, when you restart it, VeraCrypt will not decrypt your system when entering the correct password.

I was able to restore the old boot loader from version 1.0f-1 from old rescue disk and I have access now, but I have a problem with it saying that the version of VeraCrypt installed does not match the boot loader version, and that an evil maid attack might have happened, obviously its a false positive.

On a brighter note, we can see the evil maid attack detection work perfectly here :)

Downgrading is not an option as the program will not allow that when using full system encryption.

UPDATE: I ran tests within a VM and can confirm a clean install of 1.16 will work, however the bug needs fixing for those upgrading from 1.0f-1 who are using full system encryption, otherwise expect to decrypt full system/uninstall old version and install new version/ encrypt again/ create new rescue disk (very lengthy process)

UPDATE:

possible cause: if you have a message displayed in VC version 1.0f-1 before you upgrade to 1.16 on boot which blanks out all data entered as you enter it, these settings save and in the newer version and you still have your old message displayed but it also asks you for a PIM which you cannot see its asking, and if you do not enter a PIM in the newer version of VeraCrypt it uses the default, but it will still ask for a PIM, you just need to press enter, but instead of pressing enter once you now need to press it twice, and when using a message at boot you do not know it will ask you for a PIM, meaning you press enter once for the password and not for the PIM, leading some to think that the boot loader is corrupt.

I have not tested this, so there is still a possibility of boot loader corruption.

file attachments

comments