[efi] update UEFI:NTFS to latest

* Also remove Secure Boot notice since (outside of 32-bit ARM and exFAT) our bootloaders and NTFS drivers are now Secure Boot signed.
2021-10-23 02:49:15 +01:00 · 2021-10-23 02:49:15 +01:00 · b30e3b387a
parent 05382d8c7d
commit b30e3b387a
6 changed files with 32 additions and 23 deletions
--- a/res/appstore/Package.appxmanifest
+++ b/res/appstore/Package.appxmanifest
@ -11,7 +11,7 @@
  <Identity
    Name="19453.net.Rufus"
    Publisher="CN=7AC86D13-3E5A-491A-ADD5-80095C212740"
-    Version="3.17.1841.0" />
+    Version="3.17.1842.0" />

  <Properties>
    <DisplayName>Rufus</DisplayName>
--- a/res/uefi/readme.txt
+++ b/res/uefi/readme.txt
@ -5,14 +5,31 @@ See https://github.com/pbatard/uefi-ntfs for more details.

 This image, which you can mount as FAT filesystem or open in 7-zip, contains
 the following data:
-o The NTFS and exFAT UEFI drivers from EfiFs (https://github.com/pbatard/efifs).
-  These are the \EFI\Rufus\[exfat|ntfs]_[ia32|x64|arm|aa64].efi files, which are
-  identical to the v1.7 EfiFs binaries published at https://efi.akeo.ie.
-o The UEFI:NTFS binaries (https://github.com/pbatard/uefi-ntfs), which were
-  compiled using Visual Studio 2019 Community Edition.
-  These are the \EFI\Boot\boot[ia32|x64|arm|aa64].efi files.
+
+o Secure Boot signed NTFS UEFI drivers, derived from ntfs-3g [1].
+  These drivers are the exact same as the read-only binaries from release 1.2,
+  except for the addition of Microsoft's Secure Boot signature.
+  Note that, per Microsoft's current Secure Boot signing policies, the 32-bit
+  ARM driver (ntfs_arm.efi) is not Secure Boot signed.
+
+o Non Secure Boot signed exFAT UEFI drivers from EfiFs [2].
+  These drivers are the exact same as the binaries from EfiFs release 1.8 and
+  because they are licensed under GPLv3, they cannot be Secure Boot signed.
+
+o Secure Boot signed UEFI:NTFS bootloader binaries [3].
+  These drivers are the exact same as the binaries from release 2.2, except for
+  the addition of Microsoft's Secure Boot signature.
+  Note that, per Microsoft's current Secure Boot signing policies, the 32-bit
+  ARM bootloader (bootarm.efi) is not Secure Boot signed.
+
+The above means that, if booting an NTFS partition on an x86_32, x86_64 or ARM64
+system, Secure Boot does not need to be disabled.

 The FAT partition was created on Debian GNU/Linux using the following commands
-  dd if=/dev/zero of=uefi-ntfs.img bs=512 count=1024
+  dd if=/dev/zero of=uefi-ntfs.img bs=512 count=2048
  mkfs.vfat -n UEFI_NTFS uefi-ntfs.img
 and then mounting the uefi-ntfs.img image and copying the relevant files.
+
+[1] https://github.com/pbatard/ntfs-3g
+[2] https://github.com/pbatard/efifs
+[3] https://github.com/pbatard/uefi-ntfs
--- a/res/uefi/uefi-ntfs.img
+++ b/res/uefi/uefi-ntfs.img
--- a/src/drive.c
+++ b/src/drive.c
@ -72,7 +72,7 @@ PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryVolumeInformationFile, (HANDLE, PIO_STATUS_
 * Globals
 */
 RUFUS_DRIVE_INFO SelectedDrive;
-extern BOOL installed_uefi_ntfs, write_as_esp;
+extern BOOL write_as_esp;
 extern int nWindowsVersion, nWindowsBuildNumber;
 uint64_t partition_offset[PI_MAX];
 uint64_t persistence_size = 0;
@ -2271,7 +2271,6 @@ BOOL CreatePartition(HANDLE hDrive, int partition_style, int file_system, BOOL m
 				uprintf("Write error: %s", WindowsErrorString());
 				return FALSE;
 			}
-			installed_uefi_ntfs = TRUE;
 		}
 		pn++;
 	}
--- a/src/rufus.c
+++ b/src/rufus.c
@ -120,7 +120,7 @@ BOOL enable_HDDs = FALSE, enable_VHDs = TRUE, enable_ntfs_compression = FALSE, n
 BOOL advanced_mode_device, advanced_mode_format, allow_dual_uefi_bios, detect_fakes, enable_vmdk, force_large_fat32, usb_debug;
 BOOL use_fake_units, preserve_timestamps = FALSE, fast_zeroing = FALSE, app_changed_size = FALSE;
 BOOL zero_drive = FALSE, list_non_usb_removable_drives = FALSE, enable_file_indexing, large_drive = FALSE;
-BOOL write_as_image = FALSE, write_as_esp = FALSE, installed_uefi_ntfs = FALSE, use_vds = FALSE, ignore_boot_marker = FALSE;
+BOOL write_as_image = FALSE, write_as_esp = FALSE, use_vds = FALSE, ignore_boot_marker = FALSE;
 BOOL appstore_version = FALSE, is_vds_available = TRUE;
 float fScale = 1.0f;
 int dialog_showing = 0, selection_default = BT_IMAGE, persistence_unit_selection = -1, imop_win_sel = 0;
@ -2606,7 +2606,6 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
 			fs_type = (int)ComboBox_GetCurItemData(hFileSystem);
 			write_as_image = FALSE;
 			write_as_esp = FALSE;
-			installed_uefi_ntfs = FALSE;
 			// Disable all controls except Cancel
 			EnableControls(FALSE, FALSE);
 			FormatStatus = 0;
@ -3067,12 +3066,6 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
 			PrintInfo(0, MSG_210);
 			MessageBeep(MB_OK);
 			FlashTaskbar(dialog_handle);
-			if (installed_uefi_ntfs && (!ReadSettingBool(SETTING_DISABLE_SECURE_BOOT_NOTICE))) {
-				notification_info more_info;
-				more_info.id = MORE_INFO_URL;
-				more_info.url = SECURE_BOOT_MORE_INFO_URL;
-				Notification(MSG_INFO, SETTING_DISABLE_SECURE_BOOT_NOTICE, &more_info, lmprintf(MSG_128, "Secure Boot"), lmprintf(MSG_129));
-			}
 		} else if (SCODE_CODE(FormatStatus) == ERROR_CANCELLED) {
 			SendMessage(hProgress, PBM_SETSTATE, (WPARAM)PBST_PAUSED, 0);
 			SetTaskbarProgressState(TASKBAR_PAUSED);
--- a/src/rufus.rc
+++ b/src/rufus.rc
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.17.1841"
+CAPTION "Rufus 3.17.1842"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
    LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -395,8 +395,8 @@ END
 //

 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,17,1841,0
- PRODUCTVERSION 3,17,1841,0
+ FILEVERSION 3,17,1842,0
+ PRODUCTVERSION 3,17,1842,0
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -414,13 +414,13 @@ BEGIN
            VALUE "Comments", "https://rufus.ie"
            VALUE "CompanyName", "Akeo Consulting"
            VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.17.1841"
+            VALUE "FileVersion", "3.17.1842"
            VALUE "InternalName", "Rufus"
            VALUE "LegalCopyright", "© 2011-2021 Pete Batard (GPL v3)"
            VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
            VALUE "OriginalFilename", "rufus-3.17.exe"
            VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.17.1841"
+            VALUE "ProductVersion", "3.17.1842"
        END
    END
    BLOCK "VarFileInfo"