nerd/rufus
1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Code Issues 1 Projects Releases Wiki Activity

[uefi] factorize SkuSiPolicy.p7b copying code and apply it for Windows To Go

Browse source 
* Also don't forget to credit the original authors of the PowerShell gist we derived our code from!
This commit is contained in:
Pete Batard 2023-06-19 00:04:08 +02:00
parent 7eb9a6f16b
commit c59e9209eb
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
6 changed files with 40 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/format.c
View file

@ -1908,19 +1908,8 @@ DWORD WINAPI FormatThread(void* param)
FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|APPERR(ERROR_CANT_PATCH); FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|APPERR(ERROR_CANT_PATCH);
} }
} }
} else if ((target_type == TT_UEFI) && IS_WINDOWS_1X(img_report) && pe256ssp_size > 0) {
// Copy this system's SkuSiPolicy.p7b to the target drive so that UEFI bootloaders
// revoked by Windows through WDAC policy do get flagged as revoked.
char src[MAX_PATH], dst[MAX_PATH];
struct __stat64 stat64 = { 0 };
static_sprintf(src, "%s\\SecureBootUpdates\\SKUSiPolicy.p7b", system_dir);
static_sprintf(dst, "%s\\efi\\microsoft\\boot\\SKUSiPolicy.p7b", drive_name);
if ((_stat64U(dst, &stat64) != 0) && (_stat64U(src, &stat64) == 0)) {
uprintf("Copying: %s (%s) (from %s)", dst, SizeToHumanReadable(stat64.st_size, FALSE, FALSE), src);
if (!CopyFileU(src, dst, TRUE))
uprintf(" Error writing file: %s", WindowsErrorString());
}
} }
CopySKUSiPolicy(drive_name);
if ( (target_type == TT_BIOS) && HAS_WINPE(img_report) ) { if ( (target_type == TT_BIOS) && HAS_WINPE(img_report) ) {
// Apply WinPE fixup // Apply WinPE fixup
if (!SetupWinPE(drive_name[0])) if (!SetupWinPE(drive_name[0]))

5
src/license.h
View file

@ -134,6 +134,11 @@ const char* additional_copyrights =
"https://github.com/u-boot/u-boot\\line\n" "https://github.com/u-boot/u-boot\\line\n"
"GNU General Public License (GPL) v2 or later\\line\n" "GNU General Public License (GPL) v2 or later\\line\n"
"\\line\n" "\\line\n"
"SkuSiPolicy.p7b parsing derived from:\\line\n"
"https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e\\line\n"
"by Matthew Graeber, with contributions by James Forshaw\\line\n"
"BSD 3-Clause\\line\n"
"\\line\n"
"About and License dialogs inspired by WinSCP by Martin Prikryl\\line\n" "About and License dialogs inspired by WinSCP by Martin Prikryl\\line\n"
"https://winscp.net/\\line\n" "https://winscp.net/\\line\n"
"GNU General Public License (GPL) v3 or later\\line\n" "GNU General Public License (GPL) v3 or later\\line\n"

3
src/pki.c
View file

@ -792,6 +792,9 @@ out:
return r; return r;
} }
// The following SkuSiPolicy.p7b parsing code is derived from:
// https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e
// by Matthew Graeber, with contributions by James Forshaw.
BOOL ParseSKUSiPolicy(void) BOOL ParseSKUSiPolicy(void)
{ {
char path[MAX_PATH]; char path[MAX_PATH];

1
src/rufus.h
View file

@ -643,6 +643,7 @@ extern BOOL ExtractAppIcon(const char* filename, BOOL bSilent);
extern BOOL ExtractDOS(const char* path); extern BOOL ExtractDOS(const char* path);
extern BOOL ExtractISO(const char* src_iso, const char* dest_dir, BOOL scan); extern BOOL ExtractISO(const char* src_iso, const char* dest_dir, BOOL scan);
extern int64_t ExtractISOFile(const char* iso, const char* iso_file, const char* dest_file, DWORD attributes); extern int64_t ExtractISOFile(const char* iso, const char* iso_file, const char* dest_file, DWORD attributes);
extern BOOL CopySKUSiPolicy(const char* drive_name);
extern BOOL HasEfiImgBootLoaders(void); extern BOOL HasEfiImgBootLoaders(void);
extern BOOL DumpFatDir(const char* path, int32_t cluster); extern BOOL DumpFatDir(const char* path, int32_t cluster);
extern char* MountISO(const char* path); extern char* MountISO(const char* path);

10
src/rufus.rc
View file

@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
IDD_DIALOG DIALOGEX 12, 12, 232, 326 IDD_DIALOG DIALOGEX 12, 12, 232, 326
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_ACCEPTFILES EXSTYLE WS_EX_ACCEPTFILES
CAPTION "Rufus 4.2.2052" CAPTION "Rufus 4.2.2053"
FONT 9, "Segoe UI Symbol", 400, 0, 0x0 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
BEGIN BEGIN
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -392,8 +392,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 4,2,2052,0 FILEVERSION 4,2,2053,0
PRODUCTVERSION 4,2,2052,0 PRODUCTVERSION 4,2,2053,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@ -411,13 +411,13 @@ BEGIN
VALUE "Comments", "https://rufus.ie" VALUE "Comments", "https://rufus.ie"
VALUE "CompanyName", "Akeo Consulting" VALUE "CompanyName", "Akeo Consulting"
VALUE "FileDescription", "Rufus" VALUE "FileDescription", "Rufus"
VALUE "FileVersion", "4.2.2052" VALUE "FileVersion", "4.2.2053"
VALUE "InternalName", "Rufus" VALUE "InternalName", "Rufus"
VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)" VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)"
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
VALUE "OriginalFilename", "rufus-4.2.exe" VALUE "OriginalFilename", "rufus-4.2.exe"
VALUE "ProductName", "Rufus" VALUE "ProductName", "Rufus"
VALUE "ProductVersion", "4.2.2052" VALUE "ProductVersion", "4.2.2053"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"

25
src/wue.c
View file

@ -473,6 +473,29 @@ out:
return ((img_report.win_version.major != 0) && (img_report.win_version.build != 0)); return ((img_report.win_version.major != 0) && (img_report.win_version.build != 0));
} }
// Copy this system's SkuSiPolicy.p7b to the target drive so that UEFI bootloaders
// revoked by Windows through WDAC policy do get flagged as revoked.
BOOL CopySKUSiPolicy(const char* drive_name)
{
BOOL r = FALSE;
char src[MAX_PATH], dst[MAX_PATH];
struct __stat64 stat64 = { 0 };
if ((target_type != TT_UEFI) || !IS_WINDOWS_1X(img_report) || pe256ssp_size == 0)
return r;
static_sprintf(src, "%s\\SecureBootUpdates\\SKUSiPolicy.p7b", system_dir);
static_sprintf(dst, "%s\\efi\\microsoft\\boot\\SKUSiPolicy.p7b", drive_name);
if ((_stat64U(dst, &stat64) != 0) && (_stat64U(src, &stat64) == 0)) {
uprintf("Copying: %s (%s) (from %s)", dst, SizeToHumanReadable(stat64.st_size, FALSE, FALSE), src);
r = CopyFileU(src, dst, TRUE);
if (!r)
uprintf(" Error writing file: %s", WindowsErrorString());
}
return r;
}
/// <summary> /// <summary>
/// Checks which versions of Windows are available in an install image /// Checks which versions of Windows are available in an install image
/// to set our extraction index. Asks the user to select one if needed. /// to set our extraction index. Asks the user to select one if needed.
@ -687,6 +710,8 @@ BOOL SetupWinToGo(DWORD DriveIndex, const char* drive_name, BOOL use_esp)
FormatStatus = ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | APPERR(ERROR_ISO_EXTRACT); FormatStatus = ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | APPERR(ERROR_ISO_EXTRACT);
} }
CopySKUSiPolicy((use_esp) ? ms_efi : drive_name);
UpdateProgressWithInfo(OP_FILE_COPY, MSG_267, wim_proc_files + 2 * wim_extra_files, wim_nb_files); UpdateProgressWithInfo(OP_FILE_COPY, MSG_267, wim_proc_files + 2 * wim_extra_files, wim_nb_files);
// Setting internal drives offline for Windows To Go is crucial if, for instance, you are using ReFS // Setting internal drives offline for Windows To Go is crucial if, for instance, you are using ReFS