Windows: compatibility with multi-OS boot configuration by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one.

src/Common/BootEncryption.cpp

@@ -2824,11 +2824,30 @@ namespace VeraCrypt
 
 		if (setBootEntry)
 		{
+			// check if first entry in BootOrder is Windows one
+			bool bFirstEntryIsWindows = false;
+			if (startOrderNumPos != 0)
+			{
+				wchar_t	varName[256];
+				StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, startOrder[0]);
+
+				byte* existingVar = new byte[512];
+				DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, 512);
+				if (existingVarLen > 0)
+				{
+					if (BufferContainsWideString (existingVar, existingVarLen, L"EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+						bFirstEntryIsWindows = true;
+				}
+
+				delete [] existingVar;
+			}
+
+
 			// Create new entry if absent
 			if (startOrderNumPos == UINT_MAX) {
 				if (bDeviceInfoValid)
 				{
-					if (forceFirstBootEntry)
+					if (forceFirstBootEntry && bFirstEntryIsWindows)
 					{
 						for (uint32 i = startOrderLen / 2; i > 0; --i) {
 							startOrder[i] = startOrder[i - 1];
@@ -2842,7 +2861,7 @@ namespace VeraCrypt
 					startOrderLen += 2;
 					startOrderUpdate = true;
 				}
-			} else if ((startOrderNumPos > 0) && forceFirstBootEntry) {
+			} else if ((startOrderNumPos > 0) && forceFirstBootEntry && bFirstEntryIsWindows) {
 				for (uint32 i = startOrderNumPos; i > 0; --i) {
 					startOrder[i] = startOrder[i - 1];
 				}

src/Common/Dlgcode.c

@@ -12685,19 +12685,16 @@ void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors)
 	ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", cmdPath, param, NULL, SW_SHOW);
 }
 
-
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize)
-BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
 {
-	size_t strLen = strlen (str);
+	if (bufferSize < patternSize)
-
-	if (bufferSize < strLen)
 		return FALSE;
 
-	bufferSize -= strLen;
+	bufferSize -= patternSize;
 
 	for (size_t i = 0; i < bufferSize; ++i)
 	{
-		if (memcmp (buffer + i, str, strLen) == 0)
+		if (memcmp (buffer + i, pattern, patternSize) == 0)
 			return TRUE;
 	}
 
@@ -12705,6 +12702,17 @@ BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *st
 }
 
 
+BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
+{
+	return BufferContainsPattern (buffer, bufferSize, (const byte*) str, strlen (str));
+}
+
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str)
+{
+	return BufferContainsPattern (buffer, bufferSize, (const byte*) str, 2 * wcslen (str));
+}
+
+
 #ifndef SETUP
 
 int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL *pbDecrypt)

src/Common/Dlgcode.h

@@ -509,7 +509,9 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg);
 BOOL FileHasReadOnlyAttribute (const wchar_t *path);
 BOOL IsFileOnReadOnlyFilesystem (const wchar_t *path);
 void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors);
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize);
 BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str);
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str);
 int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL* pbDecrypt);
 BOOL RemoveDeviceWriteProtection (HWND hwndDlg, wchar_t *devicePath);
 void EnableElevatedCursorChange (HWND parent);