mirror of https://github.com/pbatard/rufus.git
[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders. * As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as long as Microsoft themselves haven't entered the enforcing phase of their Black Lotus mitigation (currently planned for early 2024). * Because of this, while we add some revocation detection for post 1703 bootloaders, we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows 10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b. * Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders. * Also remove the now unused comdlg32 library from the linker.
This commit is contained in:
Pete Batard
parent
3329304e67
commit
64e85ed09a
|
|
@ -19,7 +19,7 @@ TARGET := $(word 1,$(subst -, ,$(TUPLE)))
|
||||||
DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64)
|
DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64)
|
||||||
|
|
||||||
.PHONY: all
|
.PHONY: all
|
||||||
all: dwmapi-delaylib.lib wintrust-delaylib.lib
|
all: dwmapi-delaylib.lib version-delaylib.lib wintrust-delaylib.lib
|
||||||
|
|
||||||
%.def64: %.def
|
%.def64: %.def
|
||||||
$(AM_V_SED) "s/@.*//" $< >$@
|
$(AM_V_SED) "s/@.*//" $< >$@
|
||||||
|
|
|
||||||
|
|
@ -367,7 +367,7 @@ uninstall-am:
|
||||||
|
|
||||||
|
|
||||||
.PHONY: all
|
.PHONY: all
|
||||||
all: dwmapi-delaylib.lib wintrust-delaylib.lib
|
all: dwmapi-delaylib.lib version-delaylib.lib wintrust-delaylib.lib
|
||||||
|
|
||||||
%.def64: %.def
|
%.def64: %.def
|
||||||
$(AM_V_SED) "s/@.*//" $< >$@
|
$(AM_V_SED) "s/@.*//" $< >$@
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
EXPORTS
|
||||||
|
GetFileVersionInfoSizeW@8
|
||||||
|
GetFileVersionInfoW@16
|
||||||
|
VerQueryValueA@16
|
||||||
|
|
@ -133,12 +133,12 @@
|
||||||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<TargetMachine>MachineX86</TargetMachine>
|
<TargetMachine>MachineX86</TargetMachine>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
@ -162,12 +162,12 @@
|
||||||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm</AdditionalLibraryDirectories>
|
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm</AdditionalLibraryDirectories>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
@ -193,12 +193,12 @@
|
||||||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64</AdditionalLibraryDirectories>
|
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64</AdditionalLibraryDirectories>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
@ -229,12 +229,12 @@
|
||||||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<TargetMachine>MachineX64</TargetMachine>
|
<TargetMachine>MachineX64</TargetMachine>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
@ -260,13 +260,13 @@
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<TargetMachine>MachineX86</TargetMachine>
|
<TargetMachine>MachineX86</TargetMachine>
|
||||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
@ -292,13 +292,13 @@
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm</AdditionalLibraryDirectories>
|
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm</AdditionalLibraryDirectories>
|
||||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
@ -326,13 +326,13 @@
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64</AdditionalLibraryDirectories>
|
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64</AdditionalLibraryDirectories>
|
||||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
@ -363,13 +363,13 @@
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<TargetMachine>MachineX64</TargetMachine>
|
<TargetMachine>MachineX64</TargetMachine>
|
||||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||||
</Link>
|
</Link>
|
||||||
<ResourceCompile>
|
<ResourceCompile>
|
||||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc
|
SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc
|
||||||
# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version:
|
# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version:
|
||||||
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid
|
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomctl32 -luuid
|
||||||
# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement:
|
# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement:
|
||||||
# Ideally there would also be virtdisk and wininet as delaylib's below, but the MinGW folks haven't quite sorted out delay-loading
|
# Ideally there would also be virtdisk and wininet as delaylib's below, but the MinGW folks haven't quite sorted out delay-loading
|
||||||
# for x86_32 so as soon as you try to call APIs from these, the application will crash!
|
# for x86_32 so as soon as you try to call APIs from these, the application will crash!
|
||||||
# See https://github.com/pbatard/rufus/issues/1877#issuecomment-1109683039 as well as https://github.com/pbatard/rufus/issues/2272
|
# See https://github.com/pbatard/rufus/issues/1877#issuecomment-1109683039 as well as https://github.com/pbatard/rufus/issues/2272
|
||||||
VULNERABLE_LIBS = -ldwmapi-delaylib -lwintrust-delaylib
|
VULNERABLE_LIBS = -ldwmapi-delaylib -lversion-delaylib -lwintrust-delaylib
|
||||||
|
|
||||||
noinst_PROGRAMS = rufus
|
noinst_PROGRAMS = rufus
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -275,12 +275,12 @@ top_builddir = @top_builddir@
|
||||||
top_srcdir = @top_srcdir@
|
top_srcdir = @top_srcdir@
|
||||||
SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc
|
SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc
|
||||||
# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version:
|
# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version:
|
||||||
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid
|
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomctl32 -luuid
|
||||||
# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement:
|
# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement:
|
||||||
# Ideally there would also be virtdisk and wininet as delaylib's below, but the MinGW folks haven't quite sorted out delay-loading
|
# Ideally there would also be virtdisk and wininet as delaylib's below, but the MinGW folks haven't quite sorted out delay-loading
|
||||||
# for x86_32 so as soon as you try to call APIs from these, the application will crash!
|
# for x86_32 so as soon as you try to call APIs from these, the application will crash!
|
||||||
# See https://github.com/pbatard/rufus/issues/1877#issuecomment-1109683039 as well as https://github.com/pbatard/rufus/issues/2272
|
# See https://github.com/pbatard/rufus/issues/1877#issuecomment-1109683039 as well as https://github.com/pbatard/rufus/issues/2272
|
||||||
VULNERABLE_LIBS = -ldwmapi-delaylib -lwintrust-delaylib
|
VULNERABLE_LIBS = -ldwmapi-delaylib -lversion-delaylib -lwintrust-delaylib
|
||||||
AM_V_WINDRES_0 = @echo " RC $@";$(WINDRES)
|
AM_V_WINDRES_0 = @echo " RC $@";$(WINDRES)
|
||||||
AM_V_WINDRES_1 = $(WINDRES)
|
AM_V_WINDRES_1 = $(WINDRES)
|
||||||
AM_V_WINDRES_ = $(AM_V_WINDRES_$(AM_DEFAULT_VERBOSITY))
|
AM_V_WINDRES_ = $(AM_V_WINDRES_$(AM_DEFAULT_VERBOSITY))
|
||||||
|
|
|
||||||
|
|
@ -2119,8 +2119,10 @@ BOOL IsFileInDB(const char* path)
|
||||||
|
|
||||||
int IsBootloaderRevoked(const char* path)
|
int IsBootloaderRevoked(const char* path)
|
||||||
{
|
{
|
||||||
|
version_t* ver;
|
||||||
uint32_t i;
|
uint32_t i;
|
||||||
uint8_t hash[SHA256_HASHSIZE];
|
uint8_t hash[SHA256_HASHSIZE];
|
||||||
|
|
||||||
if (!PE256File(path, hash))
|
if (!PE256File(path, hash))
|
||||||
return -1;
|
return -1;
|
||||||
for (i = 0; i < ARRAYSIZE(pe256dbx); i += SHA256_HASHSIZE)
|
for (i = 0; i < ARRAYSIZE(pe256dbx); i += SHA256_HASHSIZE)
|
||||||
|
|
@ -2129,6 +2131,12 @@ int IsBootloaderRevoked(const char* path)
|
||||||
for (i = 0; i < pe256ssp_size * SHA256_HASHSIZE; i += SHA256_HASHSIZE)
|
for (i = 0; i < pe256ssp_size * SHA256_HASHSIZE; i += SHA256_HASHSIZE)
|
||||||
if (memcmp(hash, &pe256ssp[i], SHA256_HASHSIZE) == 0)
|
if (memcmp(hash, &pe256ssp[i], SHA256_HASHSIZE) == 0)
|
||||||
return 2;
|
return 2;
|
||||||
|
ver = GetExecutableVersion(path);
|
||||||
|
// Blanket filter for Windows 10 1607 (excluded) to Windows 10 20H1 (excluded)
|
||||||
|
// TODO: Revoke all bootloaders prior to 2023.05 once Microsoft does
|
||||||
|
// uprintf("Found UEFI bootloader version: %d.%d.%d.%d", ver->Major, ver->Minor, ver->Micro, ver->Nano);
|
||||||
|
if (ver != NULL && ver->Major == 10 && ver->Minor == 0 && ver->Micro > 14393 && ver->Micro < 19041)
|
||||||
|
return 3;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ static unsigned int timer;
|
||||||
static char uppercase_select[2][64], uppercase_start[64], uppercase_close[64], uppercase_cancel[64];
|
static char uppercase_select[2][64], uppercase_start[64], uppercase_close[64], uppercase_cancel[64];
|
||||||
|
|
||||||
extern HANDLE update_check_thread, wim_thread;
|
extern HANDLE update_check_thread, wim_thread;
|
||||||
extern BOOL enable_iso, enable_joliet, enable_rockridge, enable_extra_hashes;
|
extern BOOL enable_iso, enable_joliet, enable_rockridge, enable_extra_hashes, is_bootloader_revoked;
|
||||||
extern BYTE* fido_script;
|
extern BYTE* fido_script;
|
||||||
extern HWND hFidoDlg;
|
extern HWND hFidoDlg;
|
||||||
extern uint8_t* grub2_buf;
|
extern uint8_t* grub2_buf;
|
||||||
|
|
@ -1432,6 +1432,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param)
|
||||||
char tmp[MAX_PATH], tmp2[MAX_PATH], c;
|
char tmp[MAX_PATH], tmp2[MAX_PATH], c;
|
||||||
|
|
||||||
syslinux_ldlinux_len[0] = 0; syslinux_ldlinux_len[1] = 0;
|
syslinux_ldlinux_len[0] = 0; syslinux_ldlinux_len[1] = 0;
|
||||||
|
is_bootloader_revoked = FALSE;
|
||||||
safe_free(grub2_buf);
|
safe_free(grub2_buf);
|
||||||
|
|
||||||
if (ComboBox_GetCurSel(hDeviceList) == CB_ERR)
|
if (ComboBox_GetCurSel(hDeviceList) == CB_ERR)
|
||||||
|
|
@ -1631,6 +1632,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param)
|
||||||
}
|
}
|
||||||
r = IsBootloaderRevoked(tmp);
|
r = IsBootloaderRevoked(tmp);
|
||||||
if (r > 0) {
|
if (r > 0) {
|
||||||
|
is_bootloader_revoked = TRUE;
|
||||||
r = MessageBoxExU(hMainDialog, lmprintf(MSG_339,
|
r = MessageBoxExU(hMainDialog, lmprintf(MSG_339,
|
||||||
(r == 1) ? lmprintf(MSG_340) : lmprintf(MSG_341, "Error code: 0xc0000428")),
|
(r == 1) ? lmprintf(MSG_340) : lmprintf(MSG_341, "Error code: 0xc0000428")),
|
||||||
lmprintf(MSG_338), MB_OKCANCEL | MB_ICONWARNING | MB_IS_RTL, selected_langid);
|
lmprintf(MSG_338), MB_OKCANCEL | MB_ICONWARNING | MB_IS_RTL, selected_langid);
|
||||||
|
|
|
||||||
|
|
@ -546,6 +546,13 @@ enum WindowsVersion {
|
||||||
WINDOWS_MAX = 0xFFFF,
|
WINDOWS_MAX = 0xFFFF,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
DWORD Major;
|
||||||
|
DWORD Minor;
|
||||||
|
DWORD Micro;
|
||||||
|
DWORD Nano;
|
||||||
|
} version_t;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
DWORD Version;
|
DWORD Version;
|
||||||
DWORD Major;
|
DWORD Major;
|
||||||
|
|
@ -608,6 +615,7 @@ extern char sysnative_dir[MAX_PATH], app_data_dir[MAX_PATH], *image_path, *fido_
|
||||||
* Shared prototypes
|
* Shared prototypes
|
||||||
*/
|
*/
|
||||||
extern void GetWindowsVersion(windows_version_t* WindowsVersion);
|
extern void GetWindowsVersion(windows_version_t* WindowsVersion);
|
||||||
|
extern version_t* GetExecutableVersion(const char* path);
|
||||||
extern const char* WindowsErrorString(void);
|
extern const char* WindowsErrorString(void);
|
||||||
extern void DumpBufferHex(void *buf, size_t size);
|
extern void DumpBufferHex(void *buf, size_t size);
|
||||||
extern void PrintStatusInfo(BOOL info, BOOL debug, unsigned int duration, int msg_id, ...);
|
extern void PrintStatusInfo(BOOL info, BOOL debug, unsigned int duration, int msg_id, ...);
|
||||||
|
|
|
||||||
10
src/rufus.rc
10
src/rufus.rc
|
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
||||||
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
||||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||||
EXSTYLE WS_EX_ACCEPTFILES
|
EXSTYLE WS_EX_ACCEPTFILES
|
||||||
CAPTION "Rufus 4.2.2071"
|
CAPTION "Rufus 4.2.2072"
|
||||||
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
||||||
BEGIN
|
BEGIN
|
||||||
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
||||||
|
|
@ -392,8 +392,8 @@ END
|
||||||
//
|
//
|
||||||
|
|
||||||
VS_VERSION_INFO VERSIONINFO
|
VS_VERSION_INFO VERSIONINFO
|
||||||
FILEVERSION 4,2,2071,0
|
FILEVERSION 4,2,2072,0
|
||||||
PRODUCTVERSION 4,2,2071,0
|
PRODUCTVERSION 4,2,2072,0
|
||||||
FILEFLAGSMASK 0x3fL
|
FILEFLAGSMASK 0x3fL
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
FILEFLAGS 0x1L
|
FILEFLAGS 0x1L
|
||||||
|
|
@ -411,13 +411,13 @@ BEGIN
|
||||||
VALUE "Comments", "https://rufus.ie"
|
VALUE "Comments", "https://rufus.ie"
|
||||||
VALUE "CompanyName", "Akeo Consulting"
|
VALUE "CompanyName", "Akeo Consulting"
|
||||||
VALUE "FileDescription", "Rufus"
|
VALUE "FileDescription", "Rufus"
|
||||||
VALUE "FileVersion", "4.2.2071"
|
VALUE "FileVersion", "4.2.2072"
|
||||||
VALUE "InternalName", "Rufus"
|
VALUE "InternalName", "Rufus"
|
||||||
VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)"
|
VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)"
|
||||||
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
||||||
VALUE "OriginalFilename", "rufus-4.2.exe"
|
VALUE "OriginalFilename", "rufus-4.2.exe"
|
||||||
VALUE "ProductName", "Rufus"
|
VALUE "ProductName", "Rufus"
|
||||||
VALUE "ProductVersion", "4.2.2071"
|
VALUE "ProductVersion", "4.2.2072"
|
||||||
END
|
END
|
||||||
END
|
END
|
||||||
BLOCK "VarFileInfo"
|
BLOCK "VarFileInfo"
|
||||||
|
|
|
||||||
40
src/stdfn.c
40
src/stdfn.c
|
|
@ -453,6 +453,46 @@ void GetWindowsVersion(windows_version_t* windows_version)
|
||||||
safe_sprintf(vptr, vlen, " (Build %lu)", windows_version->BuildNumber);
|
safe_sprintf(vptr, vlen, " (Build %lu)", windows_version->BuildNumber);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Why oh why does Microsoft make it so convoluted to retrieve a measly executable's version number ?
|
||||||
|
*/
|
||||||
|
version_t* GetExecutableVersion(const char* path)
|
||||||
|
{
|
||||||
|
static version_t version, *r = NULL;
|
||||||
|
uint8_t* buf = NULL;
|
||||||
|
UINT uLen;
|
||||||
|
DWORD dwSize, dwHandle;
|
||||||
|
VS_FIXEDFILEINFO* version_info;
|
||||||
|
|
||||||
|
memset(&version, 0, sizeof(version));
|
||||||
|
|
||||||
|
dwSize = GetFileVersionInfoSizeU(path, &dwHandle);
|
||||||
|
if (dwSize == 0)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
buf = malloc(dwSize);
|
||||||
|
if (buf == NULL)
|
||||||
|
goto out;;
|
||||||
|
if (!GetFileVersionInfoU(path, dwHandle, dwSize, buf))
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
if (!VerQueryValueA(buf, "\\", (LPVOID*)&version_info, &uLen) || uLen == 0)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
if (version_info->dwSignature != 0xfeef04bd)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
version.Major = (version_info->dwFileVersionMS >> 16) & 0xffff;
|
||||||
|
version.Minor = (version_info->dwFileVersionMS >> 0) & 0xffff;
|
||||||
|
version.Micro = (version_info->dwFileVersionLS >> 16) & 0xffff;
|
||||||
|
version.Nano = (version_info->dwFileVersionLS >> 0) & 0xffff;
|
||||||
|
r = &version;
|
||||||
|
|
||||||
|
out:
|
||||||
|
free(buf);
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* String array manipulation
|
* String array manipulation
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,7 @@ const char* bypass_name[] = { "BypassTPMCheck", "BypassSecureBootCheck", "Bypass
|
||||||
int unattend_xml_flags = 0, wintogo_index = -1, wininst_index = 0;
|
int unattend_xml_flags = 0, wintogo_index = -1, wininst_index = 0;
|
||||||
int unattend_xml_mask = UNATTEND_DEFAULT_SELECTION_MASK;
|
int unattend_xml_mask = UNATTEND_DEFAULT_SELECTION_MASK;
|
||||||
char *unattend_xml_path = NULL, unattend_username[MAX_USERNAME_LENGTH];
|
char *unattend_xml_path = NULL, unattend_username[MAX_USERNAME_LENGTH];
|
||||||
|
BOOL is_bootloader_revoked = FALSE;
|
||||||
|
|
||||||
extern uint32_t wim_nb_files, wim_proc_files, wim_extra_files;
|
extern uint32_t wim_nb_files, wim_proc_files, wim_extra_files;
|
||||||
|
|
||||||
|
|
@ -481,7 +482,9 @@ BOOL CopySKUSiPolicy(const char* drive_name)
|
||||||
char src[MAX_PATH], dst[MAX_PATH];
|
char src[MAX_PATH], dst[MAX_PATH];
|
||||||
struct __stat64 stat64 = { 0 };
|
struct __stat64 stat64 = { 0 };
|
||||||
|
|
||||||
if ((target_type != TT_UEFI) || !IS_WINDOWS_1X(img_report) || pe256ssp_size == 0)
|
// Only copy SkuPolicy if we warned about the bootloader being revoked.
|
||||||
|
if ((target_type != TT_UEFI) || !IS_WINDOWS_1X(img_report) ||
|
||||||
|
(pe256ssp_size == 0) || !is_bootloader_revoked)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
static_sprintf(src, "%s\\SecureBootUpdates\\SKUSiPolicy.p7b", system_dir);
|
static_sprintf(src, "%s\\SecureBootUpdates\\SKUSiPolicy.p7b", system_dir);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue