From 2af6c896807d301ffea37a126a6bc42988427c06 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Tue, 3 Sep 2024 12:14:23 -0400 Subject: [PATCH 1/3] Add documentation for VBS in CngKeyCreationOptions --- .../Security/Cryptography/CngKeyCreationOptions.cs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs index f3f3e7fb42321..0ce01cd7dcab4 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs @@ -15,8 +15,21 @@ public enum CngKeyCreationOptions : int None = 0x00000000, MachineKey = 0x00000020, // NCRYPT_MACHINE_KEY_FLAG OverwriteExistingKey = 0x00000080, // NCRYPT_OVERWRITE_KEY_FLAG + + /// + /// Indicates a key should be protected with Virtualization-based security (VBS). + /// PreferVbs = 0x00010000, // NCRYPT_PREFER_VBS_FLAG + + /// + /// Indicates a key must be protected with Virtualization-based security (VBS). + /// RequireVbs = 0x00020000, // NCRYPT_REQUIRE_VBS_FLAG + + /// + /// An additional flag that can be used along with or . + /// Instructs Virtualization-based security (VBS) to protect the client key with a per-boot key. + /// UsePerBootKey = 0x00040000, // NCRYPT_USE_PER_BOOT_KEY_FLAG } } From 315b2c0cec8b49ee7da60a7ce490b6cfdb147356 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Tue, 3 Sep 2024 12:44:20 -0400 Subject: [PATCH 2/3] Reorder description. Co-authored-by: Jeremy Barton --- .../System/Security/Cryptography/CngKeyCreationOptions.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs index 0ce01cd7dcab4..8f6ea23d7b7f1 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs @@ -27,8 +27,9 @@ public enum CngKeyCreationOptions : int RequireVbs = 0x00020000, // NCRYPT_REQUIRE_VBS_FLAG /// - /// An additional flag that can be used along with or . - /// Instructs Virtualization-based security (VBS) to protect the client key with a per-boot key. + /// Instructs Virtualization-based security (VBS) to protect the client key with a per-boot key + /// when combined with or . + /// UsePerBootKey = 0x00040000, // NCRYPT_USE_PER_BOOT_KEY_FLAG } From 680b98136148695eb0414b44cf7fd633aa01e763 Mon Sep 17 00:00:00 2001 From: Jeremy Barton Date: Tue, 3 Sep 2024 09:52:01 -0700 Subject: [PATCH 3/3] Update src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs --- .../src/System/Security/Cryptography/CngKeyCreationOptions.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs index 8f6ea23d7b7f1..9a7155b09022a 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/CngKeyCreationOptions.cs @@ -29,7 +29,6 @@ public enum CngKeyCreationOptions : int /// /// Instructs Virtualization-based security (VBS) to protect the client key with a per-boot key /// when combined with or . - /// UsePerBootKey = 0x00040000, // NCRYPT_USE_PER_BOOT_KEY_FLAG }