• BuildOnWin

Building on Windows

Currently, we are using the build process as documented in the original Readme.txt file. A lot of this software is outdated. As we continue, we will work on updating everything one-by-one to the end result of a modern build platform and libraries.

Digital Signature Note

The 64-bit editions of Windows Vista and later versions, and in some cases the 32-bit editions, do not allow the system driver to run without an appropriate digital signature. At the current time, CipherShed does not have a official certificate issued by a certificate authority. Keep this in mind if you compile CipherShed and compare your binaries with the official TrueCrypt binaries. The sizes of the TrueCrypt binaries will usually be approximately 10 KB greater than sizes of your binaries. There may be further differences if you use a different version of the compiler, if you install a different (or no) service pack for Visual Studio, you have different hotfixes for Visual Studio, or if you use different versions of the SDKs.

Prerequisites

• Microsoft Visual Studio 2008 Professional, SP1

  • VS2008Pro is not free, however SP1 is freely available from Microsoft here (exe).

  • Apply any updates from Windows Update.

• Microsoft Visual C++ 1.52c

  • Archived version available here (zip).

  • SHA1Sum: 266b04a8a7e692fa59ef459928f14e48de7f3883.

• Microsoft Windows SDK for Windows 7

  • Freely available from Microsoft here (exe, web installer).

• Microsoft Windows Driver Kit 7.1.0

  • Freely available from Microsoft here (iso).

• RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki), header files version 2.20

  • Included in the source code distribution under the Pkcs11 directory.

  • Three files are needed, pkcs11.h, pkcs11f.h, and pkcs11t.h.

  • Freely available from RSA Security's website here.

• NASM assembler 2.08

  • Included in the source code distribution under the nasm-2.08 directory.

  • Freely available from the official website (zip).

• gzip.exe and dd.exe

  • Included in the source code distribution under the GnuWin32 directory.

  • Freely available from the GnuWin32 project, here (binaries zip) and here (binaries zip), respectively.

Prerequisite Installation and Configuration

Installation of Visual Studio, the SDK, and the Driver Kit are pretty self-explanatory. You can use the default settings or uncheck some options to strip down the installation a bit. A few other dependencies are included in the source code and have to be set up.

• Microsoft Visual C++ 1.52c

  • You do not need to install or execute any files, including the SETUP.EXE file.

  • Unzip Microsoft - Visual C++ 1.52c - Installation CD.zip, then copy the MSVC15 directory to C:\, so you have C:\MSVC15\. The MSVCCDK directory is not used.

  • Create an environment variable 'MSVC16_ROOT' pointing to that directory (yes, 16 not 15).

    • Go into your Advanced System Settings and add a new Environment Variable named MSVC16_ROOT with a value of C:\MSVC15.

• Microsoft Windows SDK

  • The SDK must be set to use Version 7.1 instead of Version 6. Go to Start Menu > Microsoft Windows SDK v7.1 > Visual Studio Registration > Windows SDK Configuration Tool. Select v7.1 and press Make Current.

• Microsoft Windows Driver Kit

  • Build Environments is all we need, so you can uncheck everything except that when installing.

  • If you installed the WDDK someplace other than C:\WinDDK, create an environment variable named 'WINDDK_ROOT' with a value pointing to the WDDK installation directory.

• PKCS11 header files

  • The three header files are included in the Pkcs11 directory. Create an environment variable named PKCS11_INC with a value pointing to the directory.

• NASM, gzip, and dd

  • The three executable files are included in the nasm-2.08 and GnuWin32 directories. Those two directories need to be added to the PATH environment variable.

    • To add it to your PATH, use the same process above, but instead of creating a new environment variable, edit the PATH variable and add the two directories (separated by a semicolon) to the end of it.

Building the Source

• Open TrueCrypt.sln in Visual Studio.

• Select Build > Build Solution.

(The newly-built binaries will be in the Release directory.)

CipherShed 0.7.3 Windows Build Notes

These notes document how Bill Cox built the his version of the 0.7.3 Windows binaries. This process needs to be duplicated in the community to verify our binaries!

• Build on a Windows 7 SP1 Home Premium 64-bit machine, preferably air-gapped

• Bill builds in a VirtualBox VM hosted by Ubuntu 14.04, which supports snapshots

• Download Visual Studio 2008 Pro Trial version rather than 2008 Pro, because that's all that is currently available on the internet
• Verify that all downloads match the hash values below
• Use ISOs rather than setup executables to aid air-gapping your machine
• Create C:\bin, add it to end of Path variable, and copy dd.exe, gzip.exe, libiconv2.dll, libintl3.dll, and nasm.exe there

• Copy the CipherShed git repo from Github, (currently commit e8529e95d89d3f519a31ef7de5bd7f0d0d318e8c)

• Installed VS2012 *first*, before other ISOs

• If using VirtualBox and an air-gapped machine, Used NAT networking and shared folder for file copying to/from Windows

• In Visual Studio, select the "All" rather than "Debug" build

After building, the code wont run because the drivers are not signed. Enable "test signing" mode in windows boot with from an admin cmd prompt with:

• bcdedit -set TESTSIGNING ON

To enable test signing, create a test certificate with:

• MakeCert -r -ss PrivateCertStore -n "CN=CipherShed(Test)" ciphershedtest.cer

Then run the Certificate manager (certmgr) and import the cert into "Trusted Root Certificate Authorities", and "Trusted Publishers"

In the src/Release/Setup run CMD as administrator and do:

• signtool sign /s PrivateCertStore /n "CipherShed(Test)" ciphershed.sys

and

• signtool sign /s PrivateCertStore /n "CipherShed(Test)" ciphershed-x64.sys

Finally, you must "pack" the installer, using this command, in the src/Release/Setup Files directory:

• "CipherShed Setup.exe" /p

The new installer should be there, called "CipherShed Setup 7.1a.exe". All executables should be test-signed as well.

This is an evolving process! Look back here after the CipherShed 0.7.3 rebranding release for updates.

Download hashes

5edc723b50ea28a070cad361dd0927df402b7a861a036bbcf11d27ebba77657d GRMWDK_EN_7600_1.ISO b2af877700a7bf4ee693b9ae02bf9c2f5513125d93934e0fae030b56b3386c4b Microsoft - Visual C++ 1.52c - Installation CD.zip 9f495e52f33d68125277cbca3565ce57904af7d506758a14691fa6e2479ad65c GRMSDKX_EN_DVD.iso 580f717269faa10cf668140ef0a1a264cec194e20a0083cb0d0004a897cc675e VS2008SP1ENUX1512962.iso 380875dc5d266786dd737fe52a9c87bff9f6f4c159ade5b8bb01473b8291fcac VS2008ProEdition90dayTrialENUX1435622.iso d08670e116c5ef9444f85fef273a28ce71d30b7da0ba8817a1a0e21f159425c8 coreutils-5.3.0.exe