diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
index 67ee8d87..0eaa8de6 100644
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -645,8 +645,7 @@ See also section 7 of the FAQ and \fBhttp://loop-aes.sourceforge.net\fR
 for more information regarding loop-AES.
 .SH TCRYPT (TrueCrypt-compatible and VeraCrypt) EXTENSION
 cryptsetup supports mapping of TrueCrypt, tcplay or VeraCrypt
-(with \fB\-\-veracrypt\fR option) encrypted partition
-using a native Linux kernel API.
+encrypted partition using a native Linux kernel API.
 Header formatting and TCRYPT header change is not supported, cryptsetup
 never changes TCRYPT header on-device.
 
@@ -663,20 +662,21 @@ Cryptsetup should recognize all header variants, except legacy cipher chains
 using LRW encryption mode with 64 bits encryption block (namely Blowfish
 in LRW mode is not recognized, this is limitation of kernel crypto API).
 
-To recognize a VeraCrypt device use the \fB\-\-veracrypt\fR option.
 VeraCrypt is just extension of TrueCrypt header with increased
 iteration count so unlocking can take quite a lot of time (in comparison
 with TCRYPT device).
 
 To open a VeraCrypt device with a custom Personal Iteration Multiplier (PIM)
-value, \fBadditionally to \-\-veracrypt \fR use either the
-\fB\-\-veracrypt\-pim=<PIM>\fR option to directly specify the PIM on the command-
-line or use \fB\-\-veracrypt\-query\-pim\fR to be prompted for the PIM.
+value, use either the \fB\-\-veracrypt\-pim=<PIM>\fR option to directly specify
+the PIM on the command- line or use \fB\-\-veracrypt\-query\-pim\fR to be
+prompted for the PIM.
 
 The PIM value affects the number of iterations applied during key derivation. Please refer to
 \fBhttps://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20%28PIM%29.html\fR
 for more detailed information.
 
+If you need to disable VeraCrypt device support, use \fB\-\-disable\-veracrypt\fR option.
+
 \fBNOTE:\fR Activation with \fBtcryptOpen\fR is supported only for cipher chains
 using LRW or XTS encryption modes.
 
@@ -720,7 +720,7 @@ a mapping <name>.
 
 \fB<options>\fR can be [\-\-key\-file, \-\-tcrypt\-hidden,
 \-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase,
-\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim,
+\-\-allow-discards, \-\-disable\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim,
 \-\-header, \-\-cipher, \-\-hash].
 
 The keyfile parameter allows a combination of file content with the
@@ -1450,8 +1450,11 @@ Specify which TrueCrypt on-disk header will be used to open the device.
 See \fITCRYPT\fR section for more info.
 .TP
 .B "\-\-veracrypt"
-Allow VeraCrypt compatible mode. Only for TCRYPT extension.
-See \fITCRYPT\fR section for more info.
+This option is ignored as VeraCrypt compatible mode is supported by default.
+.TP
+.B "\-\-disable\-veracrypt"
+This option can be used to disable VeraCrypt compatible mode (only TrueCrypt devices
+are recognized). Only for TCRYPT extension. See \fITCRYPT\fR section for more info.
 .TP
 .B "\-\-veracrypt\-pim"
 .B "\-\-veracrypt\-query\-pim"
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 0e900e17..a797e907 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -448,7 +448,7 @@ static int action_open_tcrypt(void)
 		.keyfiles = CONST_CAST(const char **)keyfiles,
 		.keyfiles_count = keyfiles_count,
 		.flags = CRYPT_TCRYPT_LEGACY_MODES |
-			 (ARG_SET(OPT_VERACRYPT_ID) ? CRYPT_TCRYPT_VERA_MODES : 0),
+			 (ARG_SET(OPT_DISABLE_VERACRYPT_ID) ? 0 : CRYPT_TCRYPT_VERA_MODES),
 		.veracrypt_pim = ARG_UINT32(OPT_VERACRYPT_PIM_ID),
 		.hash_name = ARG_STR(OPT_HASH_ID),
 		.cipher = ARG_STR(OPT_CIPHER_ID),
@@ -586,7 +586,7 @@ static int action_tcryptDump(void)
 		.keyfiles = CONST_CAST(const char **)keyfiles,
 		.keyfiles_count = keyfiles_count,
 		.flags = CRYPT_TCRYPT_LEGACY_MODES |
-			 (ARG_SET(OPT_VERACRYPT_ID) ? CRYPT_TCRYPT_VERA_MODES : 0),
+			 (ARG_SET(OPT_DISABLE_VERACRYPT_ID) ? 0: CRYPT_TCRYPT_VERA_MODES),
 		.veracrypt_pim = ARG_UINT32(OPT_VERACRYPT_PIM_ID),
 		.hash_name = ARG_STR(OPT_HASH_ID),
 		.cipher = ARG_STR(OPT_CIPHER_ID),
@@ -3877,18 +3877,18 @@ int main(int argc, const char **argv)
 		_("Option --tcrypt-hidden cannot be combined with --allow-discards."),
 		poptGetInvocationName(popt_context));
 
-	if (ARG_SET(OPT_VERACRYPT_ID) && (!device_type || strcmp(device_type, "tcrypt")))
+	if ((ARG_SET(OPT_VERACRYPT_ID) || ARG_SET(OPT_DISABLE_VERACRYPT_ID)) && (!device_type || strcmp(device_type, "tcrypt")))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --veracrypt is supported only for TCRYPT device type."),
+		_("Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."),
 		poptGetInvocationName(popt_context));
 
-	if (ARG_SET(OPT_VERACRYPT_PIM_ID) && !ARG_SET(OPT_VERACRYPT_ID))
+	if (ARG_SET(OPT_VERACRYPT_PIM_ID) && ARG_SET(OPT_DISABLE_VERACRYPT_ID))
 		usage(popt_context, EXIT_FAILURE,
 		_("Option --veracrypt-pim is supported only for VeraCrypt compatible devices."),
 		poptGetInvocationName(popt_context));
 
 	if (ARG_SET(OPT_VERACRYPT_QUERY_PIM_ID)) {
-		if (!ARG_SET(OPT_VERACRYPT_ID)) {
+		if (ARG_SET(OPT_DISABLE_VERACRYPT_ID)) {
 			usage(popt_context, EXIT_FAILURE,
 			_("Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."),
 			poptGetInvocationName(popt_context));
diff --git a/src/cryptsetup_arg_list.h b/src/cryptsetup_arg_list.h
index d73f564b..ba80de22 100644
--- a/src/cryptsetup_arg_list.h
+++ b/src/cryptsetup_arg_list.h
@@ -49,6 +49,8 @@ ARG(OPT_DISABLE_KEYRING, '\0', POPT_ARG_NONE, N_("Disable loading volume keys vi
 
 ARG(OPT_DISABLE_LOCKS, '\0', POPT_ARG_NONE, N_("Disable locking of on-disk metadata"), NULL, CRYPT_ARG_BOOL, {}, {})
 
+ARG(OPT_DISABLE_VERACRYPT, '\0', POPT_ARG_NONE, N_("Do not scan for VeraCrypt compatible device"), NULL, CRYPT_ARG_BOOL, {}, {})
+
 ARG(OPT_DUMP_JSON, '\0', POPT_ARG_NONE, N_("Dump info in JSON format (LUKS2 only)"), NULL, CRYPT_ARG_BOOL, {}, {})
 
 ARG(OPT_DUMP_MASTER_KEY, '\0', POPT_ARG_NONE, N_("Dump volume (master) key instead of keyslots info"), NULL, CRYPT_ARG_BOOL, {}, {})
diff --git a/src/utils_arg_names.h b/src/utils_arg_names.h
index 53be52d3..57ab2a3c 100644
--- a/src/utils_arg_names.h
+++ b/src/utils_arg_names.h
@@ -44,6 +44,7 @@
 #define OPT_DISABLE_EXTERNAL_TOKENS	"disable-external-tokens"
 #define OPT_DISABLE_KEYRING		"disable-keyring"
 #define OPT_DISABLE_LOCKS		"disable-locks"
+#define OPT_DISABLE_VERACRYPT		"disable-veracrypt"
 #define OPT_DUMP_JSON			"dump-json-metadata"
 #define OPT_DUMP_MASTER_KEY		"dump-master-key"
 #define OPT_ENCRYPT			"encrypt"
diff --git a/tests/compat-test-args b/tests/compat-test-args
index 62fc875c..6b3c38cc 100755
--- a/tests/compat-test-args
+++ b/tests/compat-test-args
@@ -208,12 +208,11 @@ exp_fail open DEV NAME --veracrypt
 exp_pass open DEV NAME --type tcrypt --veracrypt
 exp_pass open DEV NAME --type tcrypt --veracrypt --veracrypt-pim 1
 exp_fail open DEV NAME --type tcrypt --veracrypt --veracrypt-pim -2
-exp_fail open DEV NAME --type tcrypt --veracrypt-pim 1
-# bug
-# exp_fail open DEV NAME --type tcrypt --veracrypt --veracrypt-pim -1
-exp_fail open DEV NAME --type tcrypt --veracrypt-query-pim
-exp_fail open DEV NAME --type tcrypt --veracrypt-query-pim --veracrypt-pim 1
-exp_fail open DEV NAME --veracrypt-query-pim
+exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-pim 1
+exp_fail open DEV NAME --type tcrypt --veracrypt --veracrypt-pim -1
+exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-query-pim
+exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-query-pim --veracrypt-pim 1
+exp_fail open DEV NAME --disable-veracrypt --veracrypt-query-pim
 
 # bug
 # exp_fail open DEV NAME --priority normal
diff --git a/tests/tcrypt-compat-test b/tests/tcrypt-compat-test
index 60e950b8..407fc605 100755
--- a/tests/tcrypt-compat-test
+++ b/tests/tcrypt-compat-test
@@ -128,19 +128,28 @@ for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
 	[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
 	SYS_OPT=""
 	[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
-	echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT $file >/dev/null || fail
+	echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT $file >/dev/null || fail
 	if [[ $file =~ .*-sha512-xts-aes$ ]] ; then
-		echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT -h sha512 -c aes $file >/dev/null || fail
-		echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT -h xxxx $file 2>/dev/null && fail
-		echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT -h sha512 -c xxx $file 2>/dev/null && fail
+		echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c aes $file >/dev/null || fail
+		echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h xxxx $file 2>/dev/null && fail
+		echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c xxx $file 2>/dev/null && fail
 	fi
 	echo " [OK]"
 done
 
+echo "HEADER CHECK (TCRYPT only)"
+for file in $(ls $TST_DIR/vc_* $TST_DIR/vcpim_*) ; do
+	echo -n " $file"
+	PIM_OPT=""
+	[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
+	echo $PASSWORD | $CRYPTSETUP tcryptDump --disable-veracrypt $PIM_OPT $file >/dev/null 2>&1 && fail
+	echo " [OK]"
+done
+
 echo "HEADER CHECK (HIDDEN)"
 for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
 	echo -n " $file (hidden)"
-	echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail
+	echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden $file >/dev/null || fail
 	echo " [OK]"
 done
 
@@ -150,7 +159,7 @@ for file in $(ls $TST_DIR/[tv]ck_*) ; do
 	PWD=$PASSWORD
 	[[ $file =~ vck_1_nopw.* ]] && PWD=""
 	[[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
-	echo $PWD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
+	echo $PWD | $CRYPTSETUP tcryptDump -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
 	echo " [OK]"
 done
 
@@ -167,7 +176,7 @@ for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
 	[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
 	SYS_OPT=""
 	[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
-	out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt $SYS_OPT $PIM_OPT -r $file $MAP 2>&1)
+	out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen $SYS_OPT $PIM_OPT -r $file $MAP 2>&1)
 	ret=$?
 	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
 	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
@@ -183,7 +192,7 @@ done
 echo "ACTIVATION FS UUID (HIDDEN) CHECK"
 for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
 	echo -n " $file"
-	out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1)
+	out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen -r $file $MAP --tcrypt-hidden 2>&1)
 	ret=$?
 	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
 	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue