n l i t e d


Thread Links

Testing Secure Boot

📢 PUBLIC Page 1066:6/6 | edit | chip 2018-01-28 13:49:29
Tags: CryptDisk

October 11 2017

Testing CryptDisk on different versions of Windows.

Windows 10 1703

I am creating a new VM (Win10_1703) from a fresh installation.

The new installation uses Cortana (in her sexiest voice) which is both jarring and annoying.

I should have specified no network adapter for the initial installation to avoid downloading updates.

Microsoft is continually dumbing down Windows. Now "join a domain" is called "Connect to school or work".

Download Remote Tools and install.

Run CryptDisk. It appeared to load the driver, but creating a new volume printed this error message:
WRN[-1]: DiskOpen(C:\Test\CryptDisk\media.dsk) failed. [1006:The volume for a file has been externally altered so that the opened file is no longer valid.]
I don't want to use WinDbg as this would require enabling debug mode, and the whole point is to determine whether CryptDisk will run on a stock installation of the current version of Windows. Instead, I downloaded DebugView.

I confirmed that the CryptDisk driver is indeed loading (Yay!)
CryptDriver has arrived! CryptDriver version 2.2.635 [VS12] VS12

My bug. The code I added yesterday to prevent mounting the same media file multiple times is blocking it.

SUCCESS! CryptDisk runs on a virgin (non-debug) installation of Windows 10 1703 64bit.

Windows Update on Win10-1703 is now hogging my entire network bandwidth. Windows Update is a virus.

I bought ($150) an upgrade from VMware Workstation 12.0 to 14.0, required to enable secure boot. CryptDisk loads, even with secure boot enabled. I can confirm the Secure Boot state using Start > Windows Administrative Accessories > System Information:


UPDATE 20180128: This was a false positive. It turns out Workstation supports EFI not UEFI, so it does not actually support Secure Boot. It seems Windows thinks it is using Secure Boot (as reported by Start > Windows Administrative Accessories > System Information) but it actually is not. ALSO, Windows was accepting my driver because I was using a signing certificate that predated the introduction of Secure Boot so it was "grandfathered". When the certificate expired and I created a new one, Windows no longer accepted it with Secure Boot enabled.

Secure boot is "sort of" enabled by adding these lines to the .VMX configuration:
firmware = "efi" uefi.secureBoot.enabled = "TRUE"

close comments Comments are closed.

Comments are moderated. Anonymous comments are not visible to other users until approved. The content of comments remains the intellectual property of the poster. Comments may be removed or reused (but not modified) by this site at any time without notice.

  1. [] ok delete

Page rendered by tikope in 213.649ms