mirror of
https://github.com/pbatard/rufus.git
synced 2024-08-14 23:57:05 +00:00
[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders. * As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as long as Microsoft themselves haven't entered the enforcing phase of their Black Lotus mitigation (currently planned for early 2024). * Because of this, while we add some revocation detection for post 1703 bootloaders, we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows 10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b. * Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders. * Also remove the now unused comdlg32 library from the linker.
This commit is contained in:
Pete Batard
parent
3329304e67
commit
64e85ed09a
12 changed files with 94 additions and 29 deletions
|
|
@ -19,7 +19,7 @@ TARGET := $(word 1,$(subst -, ,$(TUPLE)))
|
|||
DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64)
|
||||
|
||||
.PHONY: all
|
||||
all: dwmapi-delaylib.lib wintrust-delaylib.lib
|
||||
all: dwmapi-delaylib.lib version-delaylib.lib wintrust-delaylib.lib
|
||||
|
||||
%.def64: %.def
|
||||
$(AM_V_SED) "s/@.*//" $< >$@
|
||||
|
|
|
|||
|
|
@ -367,7 +367,7 @@ uninstall-am:
|
|||
|
||||
|
||||
.PHONY: all
|
||||
all: dwmapi-delaylib.lib wintrust-delaylib.lib
|
||||
all: dwmapi-delaylib.lib version-delaylib.lib wintrust-delaylib.lib
|
||||
|
||||
%.def64: %.def
|
||||
$(AM_V_SED) "s/@.*//" $< >$@
|
||||
|
|
|
|||
4
.mingw/version.def
Normal file
4
.mingw/version.def
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
EXPORTS
|
||||
GetFileVersionInfoSizeW@8
|
||||
GetFileVersionInfoW@16
|
||||
VerQueryValueA@16
|
||||
|
|
@ -133,12 +133,12 @@
|
|||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<TargetMachine>MachineX86</TargetMachine>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
@ -162,12 +162,12 @@
|
|||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm</AdditionalLibraryDirectories>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
@ -193,12 +193,12 @@
|
|||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64</AdditionalLibraryDirectories>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
@ -229,12 +229,12 @@
|
|||
<AdditionalOptions>/utf-8 $(ExternalCompilerOptions) %(AdditionalOptions)</AdditionalOptions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<TargetMachine>MachineX64</TargetMachine>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
@ -260,13 +260,13 @@
|
|||
<StringPooling>true</StringPooling>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<TargetMachine>MachineX86</TargetMachine>
|
||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
@ -292,13 +292,13 @@
|
|||
<StringPooling>true</StringPooling>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm</AdditionalLibraryDirectories>
|
||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
@ -326,13 +326,13 @@
|
|||
<StringPooling>true</StringPooling>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64</AdditionalLibraryDirectories>
|
||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
@ -363,13 +363,13 @@
|
|||
<StringPooling>true</StringPooling>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>advapi32.lib;comctl32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;version.lib;wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<TargetMachine>MachineX64</TargetMachine>
|
||||
<AdditionalOptions>/BREPRO %(AdditionalOptions)</AdditionalOptions>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
<DelayLoadDLLs>advapi32.dll;comctl32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;version.dll;wintrust.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
|
||||
</Link>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc
|
||||
# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version:
|
||||
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid
|
||||
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomctl32 -luuid
|
||||
# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement:
|
||||
# Ideally there would also be virtdisk and wininet as delaylib's below, but the MinGW folks haven't quite sorted out delay-loading
|
||||
# for x86_32 so as soon as you try to call APIs from these, the application will crash!
|
||||
# See https://github.com/pbatard/rufus/issues/1877#issuecomment-1109683039 as well as https://github.com/pbatard/rufus/issues/2272
|
||||
VULNERABLE_LIBS = -ldwmapi-delaylib -lwintrust-delaylib
|
||||
VULNERABLE_LIBS = -ldwmapi-delaylib -lversion-delaylib -lwintrust-delaylib
|
||||
|
||||
noinst_PROGRAMS = rufus
|
||||
|
||||
|
|
|
|||
|
|
@ -275,12 +275,12 @@ top_builddir = @top_builddir@
|
|||
top_srcdir = @top_srcdir@
|
||||
SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc
|
||||
# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version:
|
||||
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid
|
||||
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomctl32 -luuid
|
||||
# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement:
|
||||
# Ideally there would also be virtdisk and wininet as delaylib's below, but the MinGW folks haven't quite sorted out delay-loading
|
||||
# for x86_32 so as soon as you try to call APIs from these, the application will crash!
|
||||
# See https://github.com/pbatard/rufus/issues/1877#issuecomment-1109683039 as well as https://github.com/pbatard/rufus/issues/2272
|
||||
VULNERABLE_LIBS = -ldwmapi-delaylib -lwintrust-delaylib
|
||||
VULNERABLE_LIBS = -ldwmapi-delaylib -lversion-delaylib -lwintrust-delaylib
|
||||
AM_V_WINDRES_0 = @echo " RC $@";$(WINDRES)
|
||||
AM_V_WINDRES_1 = $(WINDRES)
|
||||
AM_V_WINDRES_ = $(AM_V_WINDRES_$(AM_DEFAULT_VERBOSITY))
|
||||
|
|
|
|||
|
|
@ -2119,8 +2119,10 @@ BOOL IsFileInDB(const char* path)
|
|||
|
||||
int IsBootloaderRevoked(const char* path)
|
||||
{
|
||||
version_t* ver;
|
||||
uint32_t i;
|
||||
uint8_t hash[SHA256_HASHSIZE];
|
||||
|
||||
if (!PE256File(path, hash))
|
||||
return -1;
|
||||
for (i = 0; i < ARRAYSIZE(pe256dbx); i += SHA256_HASHSIZE)
|
||||
|
|
@ -2129,6 +2131,12 @@ int IsBootloaderRevoked(const char* path)
|
|||
for (i = 0; i < pe256ssp_size * SHA256_HASHSIZE; i += SHA256_HASHSIZE)
|
||||
if (memcmp(hash, &pe256ssp[i], SHA256_HASHSIZE) == 0)
|
||||
return 2;
|
||||
ver = GetExecutableVersion(path);
|
||||
// Blanket filter for Windows 10 1607 (excluded) to Windows 10 20H1 (excluded)
|
||||
// TODO: Revoke all bootloaders prior to 2023.05 once Microsoft does
|
||||
// uprintf("Found UEFI bootloader version: %d.%d.%d.%d", ver->Major, ver->Minor, ver->Micro, ver->Nano);
|
||||
if (ver != NULL && ver->Major == 10 && ver->Minor == 0 && ver->Micro > 14393 && ver->Micro < 19041)
|
||||
return 3;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ static unsigned int timer;
|
|||
static char uppercase_select[2][64], uppercase_start[64], uppercase_close[64], uppercase_cancel[64];
|
||||
|
||||
extern HANDLE update_check_thread, wim_thread;
|
||||
extern BOOL enable_iso, enable_joliet, enable_rockridge, enable_extra_hashes;
|
||||
extern BOOL enable_iso, enable_joliet, enable_rockridge, enable_extra_hashes, is_bootloader_revoked;
|
||||
extern BYTE* fido_script;
|
||||
extern HWND hFidoDlg;
|
||||
extern uint8_t* grub2_buf;
|
||||
|
|
@ -1432,6 +1432,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param)
|
|||
char tmp[MAX_PATH], tmp2[MAX_PATH], c;
|
||||
|
||||
syslinux_ldlinux_len[0] = 0; syslinux_ldlinux_len[1] = 0;
|
||||
is_bootloader_revoked = FALSE;
|
||||
safe_free(grub2_buf);
|
||||
|
||||
if (ComboBox_GetCurSel(hDeviceList) == CB_ERR)
|
||||
|
|
@ -1631,6 +1632,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param)
|
|||
}
|
||||
r = IsBootloaderRevoked(tmp);
|
||||
if (r > 0) {
|
||||
is_bootloader_revoked = TRUE;
|
||||
r = MessageBoxExU(hMainDialog, lmprintf(MSG_339,
|
||||
(r == 1) ? lmprintf(MSG_340) : lmprintf(MSG_341, "Error code: 0xc0000428")),
|
||||
lmprintf(MSG_338), MB_OKCANCEL | MB_ICONWARNING | MB_IS_RTL, selected_langid);
|
||||
|
|
|
|||
|
|
@ -546,6 +546,13 @@ enum WindowsVersion {
|
|||
WINDOWS_MAX = 0xFFFF,
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
DWORD Major;
|
||||
DWORD Minor;
|
||||
DWORD Micro;
|
||||
DWORD Nano;
|
||||
} version_t;
|
||||
|
||||
typedef struct {
|
||||
DWORD Version;
|
||||
DWORD Major;
|
||||
|
|
@ -608,6 +615,7 @@ extern char sysnative_dir[MAX_PATH], app_data_dir[MAX_PATH], *image_path, *fido_
|
|||
* Shared prototypes
|
||||
*/
|
||||
extern void GetWindowsVersion(windows_version_t* WindowsVersion);
|
||||
extern version_t* GetExecutableVersion(const char* path);
|
||||
extern const char* WindowsErrorString(void);
|
||||
extern void DumpBufferHex(void *buf, size_t size);
|
||||
extern void PrintStatusInfo(BOOL info, BOOL debug, unsigned int duration, int msg_id, ...);
|
||||
|
|
|
|||
10
src/rufus.rc
10
src/rufus.rc
|
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
|||
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
EXSTYLE WS_EX_ACCEPTFILES
|
||||
CAPTION "Rufus 4.2.2071"
|
||||
CAPTION "Rufus 4.2.2072"
|
||||
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
||||
BEGIN
|
||||
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
||||
|
|
@ -392,8 +392,8 @@ END
|
|||
//
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION 4,2,2071,0
|
||||
PRODUCTVERSION 4,2,2071,0
|
||||
FILEVERSION 4,2,2072,0
|
||||
PRODUCTVERSION 4,2,2072,0
|
||||
FILEFLAGSMASK 0x3fL
|
||||
#ifdef _DEBUG
|
||||
FILEFLAGS 0x1L
|
||||
|
|
@ -411,13 +411,13 @@ BEGIN
|
|||
VALUE "Comments", "https://rufus.ie"
|
||||
VALUE "CompanyName", "Akeo Consulting"
|
||||
VALUE "FileDescription", "Rufus"
|
||||
VALUE "FileVersion", "4.2.2071"
|
||||
VALUE "FileVersion", "4.2.2072"
|
||||
VALUE "InternalName", "Rufus"
|
||||
VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)"
|
||||
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
||||
VALUE "OriginalFilename", "rufus-4.2.exe"
|
||||
VALUE "ProductName", "Rufus"
|
||||
VALUE "ProductVersion", "4.2.2071"
|
||||
VALUE "ProductVersion", "4.2.2072"
|
||||
END
|
||||
END
|
||||
BLOCK "VarFileInfo"
|
||||
|
|
|
|||
40
src/stdfn.c
40
src/stdfn.c
|
|
@ -453,6 +453,46 @@ void GetWindowsVersion(windows_version_t* windows_version)
|
|||
safe_sprintf(vptr, vlen, " (Build %lu)", windows_version->BuildNumber);
|
||||
}
|
||||
|
||||
/*
|
||||
* Why oh why does Microsoft make it so convoluted to retrieve a measly executable's version number ?
|
||||
*/
|
||||
version_t* GetExecutableVersion(const char* path)
|
||||
{
|
||||
static version_t version, *r = NULL;
|
||||
uint8_t* buf = NULL;
|
||||
UINT uLen;
|
||||
DWORD dwSize, dwHandle;
|
||||
VS_FIXEDFILEINFO* version_info;
|
||||
|
||||
memset(&version, 0, sizeof(version));
|
||||
|
||||
dwSize = GetFileVersionInfoSizeU(path, &dwHandle);
|
||||
if (dwSize == 0)
|
||||
goto out;
|
||||
|
||||
buf = malloc(dwSize);
|
||||
if (buf == NULL)
|
||||
goto out;;
|
||||
if (!GetFileVersionInfoU(path, dwHandle, dwSize, buf))
|
||||
goto out;
|
||||
|
||||
if (!VerQueryValueA(buf, "\\", (LPVOID*)&version_info, &uLen) || uLen == 0)
|
||||
goto out;
|
||||
|
||||
if (version_info->dwSignature != 0xfeef04bd)
|
||||
goto out;
|
||||
|
||||
version.Major = (version_info->dwFileVersionMS >> 16) & 0xffff;
|
||||
version.Minor = (version_info->dwFileVersionMS >> 0) & 0xffff;
|
||||
version.Micro = (version_info->dwFileVersionLS >> 16) & 0xffff;
|
||||
version.Nano = (version_info->dwFileVersionLS >> 0) & 0xffff;
|
||||
r = &version;
|
||||
|
||||
out:
|
||||
free(buf);
|
||||
return r;
|
||||
}
|
||||
|
||||
/*
|
||||
* String array manipulation
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ const char* bypass_name[] = { "BypassTPMCheck", "BypassSecureBootCheck", "Bypass
|
|||
int unattend_xml_flags = 0, wintogo_index = -1, wininst_index = 0;
|
||||
int unattend_xml_mask = UNATTEND_DEFAULT_SELECTION_MASK;
|
||||
char *unattend_xml_path = NULL, unattend_username[MAX_USERNAME_LENGTH];
|
||||
BOOL is_bootloader_revoked = FALSE;
|
||||
|
||||
extern uint32_t wim_nb_files, wim_proc_files, wim_extra_files;
|
||||
|
||||
|
|
@ -481,7 +482,9 @@ BOOL CopySKUSiPolicy(const char* drive_name)
|
|||
char src[MAX_PATH], dst[MAX_PATH];
|
||||
struct __stat64 stat64 = { 0 };
|
||||
|
||||
if ((target_type != TT_UEFI) || !IS_WINDOWS_1X(img_report) || pe256ssp_size == 0)
|
||||
// Only copy SkuPolicy if we warned about the bootloader being revoked.
|
||||
if ((target_type != TT_UEFI) || !IS_WINDOWS_1X(img_report) ||
|
||||
(pe256ssp_size == 0) || !is_bootloader_revoked)
|
||||
return r;
|
||||
|
||||
static_sprintf(src, "%s\\SecureBootUpdates\\SKUSiPolicy.p7b", system_dir);
|
||||
|
|
|
|||
Loading…
Reference in a new issue