mirror of
https://github.com/pbatard/rufus.git
synced 2024-08-14 23:57:05 +00:00
[wue] revert to inserting the bypass registry keys directly where possible
* The use of an unattend.xml to create the TPM/Secure Boot/Disk/RAM bypass keys was prompted by Microsoft restricting the ability of Windows Store app from manipulating offline registry hives. * However, the use of a windowsPE phase in unattend.xml to insert the keys results in a windows command prompt briefly appearing when setup launches, as well as slightly different Windows setup screens from the default. * So we are now reverting to trying to edit the boot.wim registry hive offline (which should work for the non Store version of Rufus) while falling back to using a PE unattend section if that doesn't work. * Closes #1971
This commit is contained in:
parent
2be4470bc5
commit
14f19e5275
4 changed files with 100 additions and 37 deletions
72
src/format.c
72
src/format.c
|
@ -71,10 +71,12 @@ extern const int nb_steps[FS_MAX];
|
|||
extern uint32_t dur_mins, dur_secs;
|
||||
extern uint32_t wim_nb_files, wim_proc_files, wim_extra_files;
|
||||
static int actual_fs_type, wintogo_index = -1, wininst_index = 0;
|
||||
extern int unattend_xml_selection;
|
||||
extern BOOL force_large_fat32, enable_ntfs_compression, lock_drive, zero_drive, fast_zeroing, enable_file_indexing;
|
||||
extern BOOL write_as_image, use_vds, write_as_esp, is_vds_available, enable_inplace, set_drives_offline;
|
||||
extern BOOL write_as_image, use_vds, write_as_esp, is_vds_available;
|
||||
extern const grub_patch_t grub_patch[2];
|
||||
extern char* unattend_xml_path;
|
||||
extern const char* bypass_name[4];
|
||||
uint8_t *grub2_buf = NULL, *sec_buf = NULL;
|
||||
long grub2_len;
|
||||
|
||||
|
@ -1470,7 +1472,7 @@ static BOOL SetupWinToGo(DWORD DriveIndex, const char* drive_name, BOOL use_esp)
|
|||
// "upgrade" the ReFS version on all drives to v3.7, thereby preventing you from being able to mount
|
||||
// those volumes back on Windows 10 ever again. Yes, I have been stung by this Microsoft bullshit!
|
||||
// See: https://gist.github.com/0xbadfca11/da0598e47dd643d933dc#Mountability
|
||||
if (set_drives_offline) {
|
||||
if (unattend_xml_selection & UNATTEND_OFFLINE_INTERNAL_DRIVES) {
|
||||
uprintf("Setting the target's internal drives offline using command:");
|
||||
// This applies the "offlineServicing" section of the unattend.xml (while ignoring the other sections)
|
||||
static_sprintf(cmd, "dism /Image:%s\\ /Apply-Unattend:%s", drive_name, unattend_xml_path);
|
||||
|
@ -1499,12 +1501,17 @@ static BOOL SetupWinToGo(DWORD DriveIndex, const char* drive_name, BOOL use_esp)
|
|||
*/
|
||||
BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
|
||||
{
|
||||
BOOL r = FALSE;
|
||||
BOOL r = FALSE, is_hive_mounted = FALSE;
|
||||
int i;
|
||||
const int wim_index = 2;
|
||||
char boot_wim_path[] = "?:\\sources\\boot.wim";
|
||||
const char* offline_hive_name = "RUFUS_OFFLINE_HIVE";
|
||||
char boot_wim_path[] = "?:\\sources\\boot.wim", key_path[64];
|
||||
char appraiserres_dll_src[] = "?:\\sources\\appraiserres.dll";
|
||||
char appraiserres_dll_dst[] = "?:\\sources\\appraiserres.bak";
|
||||
char *mount_path = NULL, path[MAX_PATH];
|
||||
HKEY hKey = NULL, hSubKey = NULL;
|
||||
LSTATUS status;
|
||||
DWORD dwDisp, dwVal = 1;
|
||||
|
||||
assert(unattend_xml_path != NULL);
|
||||
uprintf("Applying Windows customization:");
|
||||
|
@ -1522,7 +1529,7 @@ BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
|
|||
uprintf("Added '%s'", path);
|
||||
} else {
|
||||
boot_wim_path[0] = drive_letter;
|
||||
if (enable_inplace) {
|
||||
if (unattend_xml_selection & UNATTEND_WINPE_SETUP_MASK) {
|
||||
// Create a backup of sources\appraiserres.dll and then create an empty file to
|
||||
// allow in-place upgrades without TPM/SB. Note that we need to create an empty,
|
||||
// appraiserres.dll otherwise setup.exe extracts its own.
|
||||
|
@ -1542,6 +1549,53 @@ BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
|
|||
if (mount_path == NULL)
|
||||
goto out;
|
||||
|
||||
if (unattend_xml_selection & UNATTEND_WINPE_SETUP_MASK) {
|
||||
// Try to create the registry keys directly, and fallback to using unattend
|
||||
// if that fails (which the Windows Store version is expected to do).
|
||||
static_sprintf(path, "%s\\Windows\\System32\\config\\SYSTEM", mount_path);
|
||||
if (!MountRegistryHive(HKEY_LOCAL_MACHINE, offline_hive_name, path)) {
|
||||
uprintf("Falling back to creating the registry keys through unattend.xml");
|
||||
goto copy_unattend;
|
||||
}
|
||||
UpdateProgressWithInfoForce(OP_PATCH, MSG_325, 101, PATCH_PROGRESS_TOTAL);
|
||||
is_hive_mounted = TRUE;
|
||||
|
||||
static_sprintf(key_path, "%s\\Setup", offline_hive_name);
|
||||
status = RegOpenKeyExA(HKEY_LOCAL_MACHINE, key_path, 0, KEY_READ | KEY_CREATE_SUB_KEY, &hKey);
|
||||
if (status != ERROR_SUCCESS) {
|
||||
SetLastError(status);
|
||||
uprintf("Could not open 'HKLM\\SYSTEM\\Setup' registry key: %s", WindowsErrorString());
|
||||
goto copy_unattend;
|
||||
}
|
||||
|
||||
status = RegCreateKeyExA(hKey, "LabConfig", 0, NULL, 0,
|
||||
KEY_SET_VALUE | KEY_QUERY_VALUE | KEY_CREATE_SUB_KEY, NULL, &hSubKey, &dwDisp);
|
||||
if (status != ERROR_SUCCESS) {
|
||||
SetLastError(status);
|
||||
uprintf("Could not create 'HKLM\\SYSTEM\\Setup\\LabConfig' registry key: %s", WindowsErrorString());
|
||||
goto copy_unattend;
|
||||
}
|
||||
|
||||
for (i = 0; i < ARRAYSIZE(bypass_name); i++) {
|
||||
if (!(unattend_xml_selection & (1 << (i / 2))))
|
||||
continue;
|
||||
status = RegSetValueExA(hSubKey, bypass_name[i], 0, REG_DWORD, (LPBYTE)&dwVal, sizeof(DWORD));
|
||||
if (status != ERROR_SUCCESS) {
|
||||
SetLastError(status);
|
||||
uprintf("Could not set 'HKLM\\SYSTEM\\Setup\\LabConfig\\%s' registry key: %s",
|
||||
bypass_name[i], WindowsErrorString());
|
||||
goto copy_unattend;
|
||||
}
|
||||
uprintf("Created 'HKLM\\SYSTEM\\Setup\\LabConfig\\%s' registry key", bypass_name[i]);
|
||||
}
|
||||
// We were successfull in creating the keys so disable the windowsPE section from unattend.xml
|
||||
// We do this by replacing '<settings pass="windowsPE">' with '<settings pass="disabled">'
|
||||
if (replace_in_token_data(unattend_xml_path, "<settings", "windowsPE", "disabled", FALSE) == NULL)
|
||||
uprintf("Warning: Could not disable 'windowsPE' pass from unattend.xml");
|
||||
UpdateProgressWithInfoForce(OP_PATCH, MSG_325, 102, PATCH_PROGRESS_TOTAL);
|
||||
}
|
||||
|
||||
copy_unattend:
|
||||
static_sprintf(path, "%s\\Autounattend.xml", mount_path);
|
||||
if (!CopyFileU(unattend_xml_path, path, TRUE)) {
|
||||
uprintf("Could not create boot.wim 'Autounattend.xml': %s", WindowsErrorString());
|
||||
|
@ -1553,6 +1607,14 @@ BOOL ApplyWindowsCustomization(char drive_letter, BOOL windows_to_go)
|
|||
r = TRUE;
|
||||
|
||||
out:
|
||||
if (hSubKey != NULL)
|
||||
RegCloseKey(hSubKey);
|
||||
if (hKey != NULL)
|
||||
RegCloseKey(hKey);
|
||||
if (is_hive_mounted) {
|
||||
UnmountRegistryHive(HKEY_LOCAL_MACHINE, offline_hive_name);
|
||||
UpdateProgressWithInfoForce(OP_PATCH, MSG_325, 104, PATCH_PROGRESS_TOTAL);
|
||||
}
|
||||
if (mount_path) {
|
||||
uprintf("Unmounting '%s'...", boot_wim_path, wim_index);
|
||||
WimUnmountImage(boot_wim_path, wim_index);
|
||||
|
|
41
src/rufus.c
41
src/rufus.c
|
@ -60,19 +60,6 @@ enum bootcheck_return {
|
|||
BOOTCHECK_GENERAL_ERROR = -3,
|
||||
};
|
||||
|
||||
#define UNATTEND_SECUREBOOT_TPM_MASK 0x01
|
||||
#define UNATTEND_MINRAM_MINDISK_MASK 0x02
|
||||
#define UNATTEND_NO_ONLINE_ACCOUNT_MASK 0x04
|
||||
#define UNATTEND_NO_DATA_COLLECTION_MASK 0x08
|
||||
#define UNATTEND_OFFLINE_INTERNAL_DRIVES 0x10
|
||||
#define UNATTEND_DEFAULT_MASK 0x1F
|
||||
|
||||
#define UNATTEND_WINPE_SETUP_MASK (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_MINRAM_MINDISK_MASK)
|
||||
#define UNATTEND_SPECIALIZE_DEPLOYMENT_MASK (UNATTEND_NO_ONLINE_ACCOUNT_MASK)
|
||||
#define UNATTEND_OOBE_SHELL_SETUP (UNATTEND_NO_DATA_COLLECTION_MASK)
|
||||
#define UNATTEND_OFFLINE_SERVICING (UNATTEND_OFFLINE_INTERNAL_DRIVES)
|
||||
#define UNATTEND_DEFAULT_SELECTION (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_NO_ONLINE_ACCOUNT_MASK | UNATTEND_OFFLINE_INTERNAL_DRIVES)
|
||||
|
||||
static const char* cmdline_hogger = "rufus.com";
|
||||
static const char* ep_reg = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer";
|
||||
static const char* vs_reg = "Software\\Microsoft\\VisualStudio";
|
||||
|
@ -128,17 +115,17 @@ DWORD MainThreadId;
|
|||
HWND hDeviceList, hPartitionScheme, hTargetSystem, hFileSystem, hClusterSize, hLabel, hBootType, hNBPasses, hLog = NULL;
|
||||
HWND hImageOption, hLogDialog = NULL, hProgress = NULL, hDiskID;
|
||||
HANDLE dialog_handle = NULL;
|
||||
BOOL is_x86_32, use_own_c32[NB_OLD_C32] = { FALSE, FALSE }, mbr_selected_by_user = FALSE;
|
||||
BOOL op_in_progress = TRUE, right_to_left_mode = FALSE, has_uefi_csm = FALSE, its_a_me_mario = FALSE, enable_inplace = FALSE;
|
||||
BOOL enable_HDDs = FALSE, enable_VHDs = TRUE, enable_ntfs_compression = FALSE, no_confirmation_on_cancel = FALSE, lock_drive = TRUE;
|
||||
BOOL advanced_mode_device, advanced_mode_format, allow_dual_uefi_bios, detect_fakes, enable_vmdk, force_large_fat32, usb_debug;
|
||||
BOOL use_fake_units, preserve_timestamps = FALSE, fast_zeroing = FALSE, app_changed_size = FALSE;
|
||||
BOOL is_x86_32, use_own_c32[NB_OLD_C32] = { FALSE, FALSE }, mbr_selected_by_user = FALSE, lock_drive = TRUE;
|
||||
BOOL op_in_progress = TRUE, right_to_left_mode = FALSE, has_uefi_csm = FALSE, its_a_me_mario = FALSE;
|
||||
BOOL enable_HDDs = FALSE, enable_VHDs = TRUE, enable_ntfs_compression = FALSE, no_confirmation_on_cancel = FALSE;
|
||||
BOOL advanced_mode_device, advanced_mode_format, allow_dual_uefi_bios, detect_fakes, enable_vmdk, force_large_fat32;
|
||||
BOOL usb_debug, use_fake_units, preserve_timestamps = FALSE, fast_zeroing = FALSE, app_changed_size = FALSE;
|
||||
BOOL zero_drive = FALSE, list_non_usb_removable_drives = FALSE, enable_file_indexing, large_drive = FALSE;
|
||||
BOOL write_as_image = FALSE, write_as_esp = FALSE, use_vds = FALSE, ignore_boot_marker = FALSE;
|
||||
BOOL appstore_version = FALSE, is_vds_available = TRUE, set_drives_offline = FALSE;
|
||||
BOOL appstore_version = FALSE, is_vds_available = TRUE;
|
||||
float fScale = 1.0f;
|
||||
int dialog_showing = 0, selection_default = BT_IMAGE, persistence_unit_selection = -1, imop_win_sel = 0;
|
||||
int default_fs, fs_type, boot_type, partition_type, target_type;
|
||||
int default_fs, fs_type, boot_type, partition_type, target_type, unattend_xml_selection = 0;
|
||||
int force_update = 0, default_thread_priority = THREAD_PRIORITY_ABOVE_NORMAL;
|
||||
char szFolderPath[MAX_PATH], app_dir[MAX_PATH], system_dir[MAX_PATH], temp_dir[MAX_PATH], sysnative_dir[MAX_PATH];
|
||||
char app_data_dir[MAX_PATH], user_dir[MAX_PATH];
|
||||
|
@ -151,6 +138,7 @@ StrArray BlockingProcess, ImageList;
|
|||
// Number of steps for each FS for FCC_STRUCTURE_PROGRESS
|
||||
const int nb_steps[FS_MAX] = { 5, 5, 12, 1, 10, 1, 1, 1, 1 };
|
||||
const char* flash_type[BADLOCKS_PATTERN_TYPES] = { "SLC", "MLC", "TLC" };
|
||||
const char* bypass_name[4] = { "BypassTPMCheck", "BypassSecureBootCheck", "BypassRAMCheck", "BypassStorageCheck" };
|
||||
RUFUS_DRIVE rufus_drive[MAX_DRIVES] = { 0 };
|
||||
|
||||
// TODO: Remember to update copyright year in stdlg's AboutCallback() WM_INITDIALOG,
|
||||
|
@ -1268,7 +1256,7 @@ static char* CreateUnattendXml(int arch, int mask)
|
|||
FILE* fd;
|
||||
int i, order;
|
||||
const char* xml_arch_names[5] = { "x86", "amd64", "arm", "arm64" };
|
||||
const char* bypass_name[4] = { "BypassTPMCheck", "BypassSecureBootCheck", "BypassRAMCheck", "BypassStorageCheck" };
|
||||
unattend_xml_selection = mask;
|
||||
if (arch < ARCH_X86_32 || arch >= ARCH_ARM_64 || mask == 0)
|
||||
return NULL;
|
||||
arch--;
|
||||
|
@ -1282,10 +1270,11 @@ static char* CreateUnattendXml(int arch, int mask)
|
|||
fprintf(fd, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
|
||||
fprintf(fd, "<unattend xmlns=\"urn:schemas-microsoft-com:unattend\">\n");
|
||||
|
||||
// This part produces the unbecoming display of a command prompt window during initial setup, which
|
||||
// may scare users... But the Windows Store version doesn't allow us to edit an offline registry...
|
||||
// This part produces the unbecoming display of a command prompt window during initial setup as well
|
||||
// as alters the layout and options of the initial Windows installer screens, which may scare users.
|
||||
// So, in format.c, we'll try to insert the registry keys directly and drop this section. However,
|
||||
// because Microsoft prevents Store apps from editing an offline registry, we do need this fallback.
|
||||
if (mask & UNATTEND_WINPE_SETUP_MASK) {
|
||||
enable_inplace = TRUE;
|
||||
order = 1;
|
||||
fprintf(fd, " <settings pass=\"windowsPE\">\n");
|
||||
fprintf(fd, " <component name=\"Microsoft-Windows-Setup\" processorArchitecture=\"%s\" language=\"neutral\" "
|
||||
|
@ -1351,7 +1340,6 @@ static char* CreateUnattendXml(int arch, int mask)
|
|||
if (mask & UNATTEND_OFFLINE_SERVICING) {
|
||||
fprintf(fd, " <settings pass=\"offlineServicing\">\n");
|
||||
if (mask & UNATTEND_OFFLINE_INTERNAL_DRIVES) {
|
||||
set_drives_offline = TRUE;
|
||||
fprintf(fd, " <component name=\"Microsoft-Windows-PartitionManager\" processorArchitecture=\"%s\" language=\"neutral\" "
|
||||
"xmlns:wcm=\"http://schemas.microsoft.com/WMIConfig/2002/State\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" "
|
||||
"publicKeyToken=\"31bf3856ad364e35\" versionScope=\"nonSxS\">\n", xml_arch_names[arch]);
|
||||
|
@ -2768,8 +2756,7 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
|
|||
fs_type = (int)ComboBox_GetCurItemData(hFileSystem);
|
||||
write_as_image = FALSE;
|
||||
write_as_esp = FALSE;
|
||||
enable_inplace = FALSE;
|
||||
set_drives_offline = FALSE;
|
||||
unattend_xml_selection = 0;
|
||||
// Disable all controls except Cancel
|
||||
EnableControls(FALSE, FALSE);
|
||||
FormatStatus = 0;
|
||||
|
|
14
src/rufus.h
14
src/rufus.h
|
@ -494,6 +494,20 @@ enum ArchType {
|
|||
ARCH_MAX
|
||||
};
|
||||
|
||||
// Windows User Experience (unattend.xml) options
|
||||
#define UNATTEND_SECUREBOOT_TPM_MASK 0x01
|
||||
#define UNATTEND_MINRAM_MINDISK_MASK 0x02
|
||||
#define UNATTEND_NO_ONLINE_ACCOUNT_MASK 0x04
|
||||
#define UNATTEND_NO_DATA_COLLECTION_MASK 0x08
|
||||
#define UNATTEND_OFFLINE_INTERNAL_DRIVES 0x10
|
||||
#define UNATTEND_DEFAULT_MASK 0x1F
|
||||
|
||||
#define UNATTEND_WINPE_SETUP_MASK (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_MINRAM_MINDISK_MASK)
|
||||
#define UNATTEND_SPECIALIZE_DEPLOYMENT_MASK (UNATTEND_NO_ONLINE_ACCOUNT_MASK)
|
||||
#define UNATTEND_OOBE_SHELL_SETUP (UNATTEND_NO_DATA_COLLECTION_MASK)
|
||||
#define UNATTEND_OFFLINE_SERVICING (UNATTEND_OFFLINE_INTERNAL_DRIVES)
|
||||
#define UNATTEND_DEFAULT_SELECTION (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_NO_ONLINE_ACCOUNT_MASK | UNATTEND_OFFLINE_INTERNAL_DRIVES)
|
||||
|
||||
/*
|
||||
* Globals
|
||||
*/
|
||||
|
|
10
src/rufus.rc
10
src/rufus.rc
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
|||
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
EXSTYLE WS_EX_ACCEPTFILES
|
||||
CAPTION "Rufus 3.20.1916"
|
||||
CAPTION "Rufus 3.20.1917"
|
||||
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
||||
BEGIN
|
||||
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
||||
|
@ -395,8 +395,8 @@ END
|
|||
//
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION 3,20,1916,0
|
||||
PRODUCTVERSION 3,20,1916,0
|
||||
FILEVERSION 3,20,1917,0
|
||||
PRODUCTVERSION 3,20,1917,0
|
||||
FILEFLAGSMASK 0x3fL
|
||||
#ifdef _DEBUG
|
||||
FILEFLAGS 0x1L
|
||||
|
@ -414,13 +414,13 @@ BEGIN
|
|||
VALUE "Comments", "https://rufus.ie"
|
||||
VALUE "CompanyName", "Akeo Consulting"
|
||||
VALUE "FileDescription", "Rufus"
|
||||
VALUE "FileVersion", "3.20.1916"
|
||||
VALUE "FileVersion", "3.20.1917"
|
||||
VALUE "InternalName", "Rufus"
|
||||
VALUE "LegalCopyright", "© 2011-2022 Pete Batard (GPL v3)"
|
||||
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
||||
VALUE "OriginalFilename", "rufus-3.20.exe"
|
||||
VALUE "ProductName", "Rufus"
|
||||
VALUE "ProductVersion", "3.20.1916"
|
||||
VALUE "ProductVersion", "3.20.1917"
|
||||
END
|
||||
END
|
||||
BLOCK "VarFileInfo"
|
||||
|
|
Loading…
Reference in a new issue