* Instead of embedding the content of the most recent revoked bootloader hashes in db.h
we now parse the system's SkuSiPolicy.p7b to do so. This has the drawback of not alerting
users running Rufus on systems where SkuSiPolicy.p7b is not up to date, but I believe the
trade-off is worth it.
* We now also copy the system's SkuSiPolicy.p7b to the created media when possible (for
Windows 10 or later), so that Microsoft's WDAC UEFI revocations can apply during boot.
* Considering that alerting users to potential security breaches that may be
exploited by boot media should also be performed by application that create
them, we add detection for all the currently known revoked UEFI bootloaders,
be it the ones from the official UEFI DBX as well as the ones from Windows'
SkuSiPolicy.p7b, and warn the user when one such bootloader is detected on
their source media.
* Note that, to actually be revoked, the bootloaders flagged through SkuSiPolicy
require the copying of the .p7b to the boot media, which we are currently
not enacting but will perform in a subsequent commit.
* Also fix a Coverity warning in hash.c.
* Also revert GRUB 2 core.img to vanilla 2.06, with the hope that GRUB will
*ACTUALLY* bother to release in 2023 and we will be able to update to
GRUB 2.12 (or whatever non-sequential version they decide to go with) to
say a most welcome goodbye to this whole 2.06 incompatibility crap!
* This reverts most of 3528ca773d in order to download 'core.img' from our server instead of patching it.
* Also solve the issue of downloading a custom 'core.img' for Fedora 37, that introduced
a new 'grub_debug_is_enabled' symbol without altering their GRUB version string.
* This is accomplished by doing what the distro maintainers should have done on their
own, by appending a custom suffix to the GRUB version string.
* Of course, since Grub4DOS's grldr.mbr hasn't changed from previous releases
there's not much to update there, but then again, people like version bumps.
* GRUB have cherry-picked patches from the "BootHole" vulnerability fix at
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html and
have applied them to their 2.04 GRUB loader.
* This results in breakage with "error: symbol 'grub_calloc' not found" when
using the release GRUB 2.04 version of core.img.
* Therefore, we too cherry-picked some patches to apply on top of GRUB 2.04
release to make our core.img compatible with Ubuntu 20.10.
* Closes#1616
* Also increase the maximum write stride for ms-sys to 64 KB (required to
write the GRUB 2.05 bootloader which is larger than 32 KB) and update hash DB.
* Just update the headers really, since all the core.img
from 2.02~rc1 upwards have been binary identical.
* Also fix a potential small issue in process.c
* Since, despite what Microsoft states, having 'requireAdministrator' in a manifest STILL isn't
enough to prevent an app from launching as non elevated for some weird account configurations...
* Closes#757
* Downloadable content will now be indicating, in the log, whether it can be trusted with ✓ (validated) or ✗ (caution)
* Of course this validation only applies for files we know of, i.e. the downloadable content that existed at the time the DB was
created. So, if Syslinux 8.x gets released tomorrow and we put it on our server, you'll get an ✗ regardless of its integrity.
* Closes#758
Pete Batard