* Also add Ctrl-A as a new cheat-mode to toggle the use of Rufus MBR (which is enabled by default)
which replaces the previous UI checkbox. The Disk ID field is now completely removed as we now
use the default values for XP and non XP installs, and will expect people with multiple disks to
disconnect all except the one where they plan to install Windows.
* This allows *runtime* validation of UEFI bootable media, such as Windows
or Linux installers, which, considering the unreliability of USB flash
drives, we assert is a a much better proposal than write-time validation
that utilities like balenaEcther (and to a lesser extent MCT) provide.
* Based on uefi-md5sum (https://github.com/pbatard/uefi-md5sum).
* Unconditionally activated on ISO extraction for GPT targets for now.
This will be changed to a user selectable option later.
* This enables the use of Ctrl-SELECT to also extract files from a .zip
when using non-bootable, DOS, UEFI-NTFS, etc.
* Also clean up some uprintf line terminations and some additional code.
* Also fix some Coverity and MinGW warnings.
* The AMI UEFI NTFS driver (version 0x10000), which is used in many modern systems from
ASUS, Gigabyte, intel and so on, has a major bug whereas depending on the size of the
buffers that are used to write the data onto the NTFS volume from Windows, as well as
read the data from the NTFS volume from UEFI, the data being read may be incorrect
(for details on this, see https://github.com/pbatard/AmiNtfsBug).
* Especially, it appears that if the size of the buffer used to write data on Windows is
smaller than the NTFS cluster size, the bug may be triggered.
* Because of this, we increase the size of ISO write buffer to 64 KB since, per
https://support.microsoft.com/en-gb/topic/default-cluster-size-for-ntfs-fat-and-exfat-9772e6f1-e31a-00d7-e18f-73169155af95
this is the maximum cluster size that can be used for NTFS volumes.
* This increase in size should also help with performance somewhat.
* Also add support for C11's _Static_assert() which may come handy.
* The legacy code we used for writing disk images used the size of the source image as
the maximum number of bytes we should copy, which is fine for uncompressed DD or VHD
images, but not so much for compressed VHDX ones. So we now make sure to use the
actual size of the virtual disk, which we obtain when mounting the VHD/VHDX.
* Also fix log progress update as well as a MinGW warning.
* Mint users sure are lucky that one of them *lied their way through* pretending that
persistence actually used to work with previous version of Mint, when it never did,
because they got us going through a whole refactor of the partition creation process
just so we could make Mint persistence work.
* Closes#2428.
* Also fix a Coverity warning.
* Use of '*.*' as pattern in file save dialog could lead to assert and crash, so
we now try to derive the type of image to be saved from the file extension. We
also did not properly handle user cancellation in the file save dialog.
* Also update iso9660/iso9660_fs.c to latest proposal of El Torito image handling.
* Also add a couple asserts in the hash table functions so that, if these ever get
triggered we will pick them from Windows Store reports, and clean up code.
* Per linuxmint/linuxmint#622 some ISOs may have a /EFI/boot/bootx64.efi that
is a symbolic to a nonexisting file.
* This is originally due to a Debian bug that was fixed in:
5bff71fea2
* Work around this by trying to extract a working bootx64.efi from the El-Torito image.
* Also improve DumpFatDir() to not replace already existing files.
* Also update copyright year and improve uprintf error handling
* Also bump GitHub Actions dependencies. Note that we do NOT want to update to
upload-artifact v4 because it BREAKS the creation of artifacts from matrix.
See: https://github.com/actions/upload-artifact#v4---whats-new
* Closes#2382
* Closes#2383
* Mint have decided to make their installation rely on a working /live/ ➔ /casper/ symlink for LMDE
thereby breaking the promise of File System Transposition that all Debian derivatives should have.
* Because of this, trying to use FAT32 with LMDE will fail, as reported in linuxmint/live-installer#152.
* Therefore, now that we can replicate symlinks on NTFS, we add an exception to always enforce the use
of NTFS for LMDE.
* For some weird reason appending the base directory to the root syslinux.cfg
we create does not appear to work with Slax. So we now always patch ldlinux.sys
to include the base directory.
* Also add an exception to move the /slax/boot/EFI directory to /EFI.
* It should be noted that, as of slax-64bit-slackware-15.0.3.iso, the Slax UEFI
Syslinux bootloaders appear to be broken (since creating a media without using
Rufus at all per the Slax documentation does *not* produce a USB drive that was
bootable in UEFI mode on 2 of the machines I tried).
* Also clean up some iso.c code and fix some unreachable code in ntfssect.c.
* Closes#2336.
* Closes#2338.
* Removes the annoyance of having to wait for the process search to complete before media creation can start.
* Also update the "Process Hacker" references to its new "System Informer" name.
* Duplicated symlinked Rock Ridge files were not counted into the total size needed
to process the image and as a result, progress could go over 100% when extracting
data (e.g. debian-live-12.1.0-amd64-lxqt.iso).
* Fix this by adding the duplicated files twice in the total block size.
* '.wic' are DD images used by the Yocto project.
* Why Yocto chose to use their own extension instead of using the de-facto '.img' is beyond me but hey...
* Also update GitHub Actions dependencies to latest.
* Closes#2319.
* Due to a typo in vhd.c where the second safe_stricmp() should be against ".vhd" and not ".vhdx" again.
* Also enable the ignore boot marker bypass for VHD/VHDX/FFU and don't misreport those images as
"compressed disk images".
* Closes#2309.
* This is placed behind an expert wall (Ctrl-Alt-E) on account that:
- If you happen to boot a Windows To Go drive in S Mode on a computer, it may set any
existing Windows installation there to S Mode as well, *even if their disk is offline!*
- It can be *exceedingly* tricky to get out of S Mode, as the SkuPolicyRequired registry
trick alone may not be enough (i.e. You can have very much a Windows install in S Mode
*without* SkuPolicyRequired being set anywhere).
* Also set version to rufus-next and fix a ChangeLog typo.
* Per https://en.wikipedia.org/wiki/Design_of_the_FAT_file_system#Directory_entry it
is possible to have a FAT directory entry with a 'EFI' volume label alongside with
a 'EFI' subdirectory.
* If that happens, then the current Syslinux libfat_searchdir() code may treat the
'EFI' volume label as an empty subdirectory and say that there are no bootloaders,
even if the 'EFI\Boot\Boot###.efi' binaries really do exist.
* Fix this by filtering out entries with the 'volume label' attribute (0x08).
* For good measure, also filter out entries with the 'device' attribute (0x40), as
it is technically possible to create a 'EFI' device leading to the same issue.
* Closes#2288.
* Closes#2289.
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation
in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders.
* As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent
as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as
long as Microsoft themselves haven't entered the enforcing phase of their Black
Lotus mitigation (currently planned for early 2024).
* Because of this, while we add some revocation detection for post 1703 bootloaders,
we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows
10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and
will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b.
* Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to
blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders.
* Also remove the now unused comdlg32 library from the linker.
* SymLoadModuleEx() on the DLL fails (with ERROR_SUCCESS, sic) on ARM64, so we have to resort
to loading the DLL in memory and look for the "RSDS" section to access the GUID and Age.
* Except that, once you sort that, you end up with SymEnumSymbols() producing two separate
addresses for each symbol, on account that the Windows 11 ARM64 DLLs are actually an
unholy union of X64 and ARM64 *in the same binary*, under an abomination that Microsoft
calls ARM64X (See https://learn.microsoft.com/en-us/windows/arm/arm64x-pe for details).
* And, of course, Microsoft did not provide any means during PDB enumeration to tell which
address is for which arch. Especially, the bloody pSymInfo->TypeIndex, that they could
easily have used for this, is utterly pointless as it remains set to 0...
* This means that, even after all this effort, we're still nowhere close to have a solution
that can make DLL address resolution work on Windows 11 ARM64.
* With ISO-9660 being case sensitive, we could end up in situations where trying to extract
'/efi/boot/bootx64.efi' for revocation validation would fail if the file on the image was
stored as '/EFI/boot/bootx64.efi' (e.g. Debian 12).
* Fox this by storing the exact UEFI bootloader path we detected during ISO scan, and using
this path for file extraction.
* Also add a Cancel choice to the revocation dialog and harmonize whitespaces.
* Having NTFS partitions properly aligned to the cluster size can drastically
improve the speed of capturing a disk to an FFU image, as, when the size
is aligned, the FFU capture uses the actual NTFS allocation map to only read
and capture the clusters that are actually in use, whereas, if no aligned,
FFU capture falls back to a sector by sector copy that is both much slower
and also includes unwanted leftover garbage.
* Also only enable FFU when we detect FFUProvider.dll as a system library.
* Full Flash Update (FFU) image support was added to dism with Windows 10 1709
and is an alternate way to save a virtual hard disk for restoration.
* While more modern than VHD/VHDX, FFU creation only works for drives with file
systems that Windows natively recognizes (FAT, NTFS) and that look like Windows
installation media, so you can forget about FFU'ing a Linux disk.
* The other *intentional* drawback that Microsoft added is that they don't want
anybody but themselves being able to create and restore FFU images, so, even
as they have nice FfuApplyImage()/FfuCaptureImage() calls in FfuProvider.dll
they have decided not to make these public.
* This means that, since we don't have time to spend on figuring and direct
hooking internal DLL calls for x86_32, x86_64, ARM and ARM64 (and worrying
that Microsoft may ever so slightly change their DLL between revs to break
our hooks), we just call on dism.exe behind the scenes to create the FFU.
* MinGW32's delay loading functionality is not yet up to par with MSVC's and especially, for
some libraries (wininet, virtdisk) attempting to delay load them simply crashes the runtime.
* This results in the MinGW32 version of the app crashing when selecting a Windows ISO, as we
will then try to mount the ISO using virtdisk to poke the build version. Note that this crash
does not happen with the MinGW64 version or with MSVC.
* Closes#2272.
* Also fix a Coverity warning in SaveImageThread() and improve the VHD saving code.
* Now that we don't have to deal with Windows 7, we can use CreateVirtualDisk() to
automatically dump a physical disk to VHD/VHDX, so do just that
* Also move the relevant VHD/ISO imaging call to the appropriate source.
* 32-bit x86 running on 64-bit x86 Windows needs to get SKUSiPolicy.p7b from sysnative.
* Also fix automatic extension switching in file dialog and a small MinGW warning in Bled.
* The ZIP64 extra record may not be the first one, so add processing for all extra zip records.
* Also add extra sanity checks to try to appease Coverity and properly detect short writes.
* This adds ZIP64 support, which is required to extract zip archives that are larger than 4GB.
* Closes#2264
* Also fix a MinGW warning in pki.c and improve the UEFI revocation messages.
* Remove duplicates from Microsoft's SKUSiPolicy.p7b
* Also display the number of revoked from embedded
* Also use Microsoft's official capitalization for SKUSiPolicy.p7b's target path
* Instead of embedding the content of the most recent revoked bootloader hashes in db.h
we now parse the system's SkuSiPolicy.p7b to do so. This has the drawback of not alerting
users running Rufus on systems where SkuSiPolicy.p7b is not up to date, but I believe the
trade-off is worth it.
* We now also copy the system's SkuSiPolicy.p7b to the created media when possible (for
Windows 10 or later), so that Microsoft's WDAC UEFI revocations can apply during boot.
* Considering that alerting users to potential security breaches that may be
exploited by boot media should also be performed by application that create
them, we add detection for all the currently known revoked UEFI bootloaders,
be it the ones from the official UEFI DBX as well as the ones from Windows'
SkuSiPolicy.p7b, and warn the user when one such bootloader is detected on
their source media.
* Note that, to actually be revoked, the bootloaders flagged through SkuSiPolicy
require the copying of the .p7b to the boot media, which we are currently
not enacting but will perform in a subsequent commit.
* Also fix a Coverity warning in hash.c.
* Debian 12 ARM64 netinst ISOs have doubled in size to be larger than 512 MB,
so we need to increase MAX_ISO_TO_ESP_SIZE as a result.
* Also add extra NULL checks in process.c as some people seem to run into
NULL deref issues.
* Also set version to rufus-next and update some URLs/text files.
* Also revert GRUB 2 core.img to vanilla 2.06, with the hope that GRUB will
*ACTUALLY* bother to release in 2023 and we will be able to update to
GRUB 2.12 (or whatever non-sequential version they decide to go with) to
say a most welcome goodbye to this whole 2.06 incompatibility crap!
* The BlackLotus malware shows that it is possible to download individual
executables and DLLs straight from Microsoft's symbol servers, so we use
that capability to download the missing Windows 8.1 'diskcopy.dll', that
contains the flat floppy disk image with MS-DOS files we need. See:
https://randomascii.wordpress.com/2013/03/09/symbols-the-microsoft-way/
* Also reorder entries in the "Boot selection" dropdown.
* Also use CreateFileWithTimeout() in GetLogicalName().
* As was *ENTIRELY PREDICTIBLE*, the lack of timely releases from the GRUB
project has resulted in distro maintainers (Ubuntu, Fedora, etc.) taking
matters in their own hand and applying patches on top of their 2.06 version.
However, these patches result in 2.06 bootloaders that are incompatible
with 2.06 modules that don't have the same patches applied. Especially this
now results in the infamous "452: out of range pointer" error message when
using patched modules with unpatched bootloader or unpatched modules with
patched bootloaders.
* Making this issue worse, we also have distro maintainers who won't add a
suffix to their GRUB version, AS ONE SHOULD DO WHEN ONE APPLIES TONS OF
PATCHES ON TOP OF A PROJECT'S SOURCE, and MISreport their non 2.06 GRUB as
"2.06", and, because we can't detect what patches are needed from modules
themselves (unlike what is the case for grub_debug_is_enabled), we have no
way of telling incompatible GRUB 2.06 binaries from one another.
* As a result, we have no choice but to append a sanitized version of the ISO
label to the GRUB version, as a means to differentiate between incompatible
versions, and tweak our existing bootloader download mechanism to *ATTEMPT*
to download a compatible 'core.img' from our server... where we will have
to waste a lot of time adding new binaries and symlinks to try to make all
these GRUB "2.06" based images work, and will probably miss quite few with
the end results that users who are just trying to install Linux will be left
stranded.
* Again, I have to point out how the end result of regular users wanting to
try Linux and being unable to do so is the *DIRECT* result of the GRUB project
maintainers having sat on a 2-year influx of CONTINUOUS patches, and thinking
that "Release Early, Release Often" is only a gimmick, and not something that
should apply to their project, even as they have been warned before, by yours
truly, that *NOT* releasing on a timely basis is causing actual grievances...
That's because, had the GRUB maintainers released on a timely basis (at least
once a year) Fedora and Ubuntu would be using vanilla GRUB 2.07 with the memory
patches, and we wouldn't be trying to mix that with old GRUB 2.06 binaries.
* For more on this, see #2233, noting that we will need to apply a compatibility
breaking change during the 4.1 release, to revert the patches we applied to
the default 2.06 'core.img' in pbatard/rufus-web@320b800592.
* Some Windows Store reports suggest that the existing call might freeze
on CreateFile() leading some users to kill the app. So switch to using
a CreateFile() call that times out instead of waiting forever...
* Yet another example in the long list of how not releasing your project IN A
TIMELY MANNER is creating HUGE PROBLEMS downstream... Looking at you GRUB!!!
* Closes#2233
* This means that someone running Rufus x64 or ARM64 should be
proposed Rufus ARM64 rather than Rufus x64 as an upgrade.
* Also switch the BETA channel from x86 to x64.
* Also remove the _chdirU(app_dir) when using -i in commandline.
* With the removal of Windows 7 support, wrong platform archs in the check for updates
(that has now been fixed) and switch to an x86_64 default MinGW binary, we have enough
breaking changes to warrant a version bump for the major. So just do that.
* Also fix a couple Coverity warnings and update a URL.
* Passing a non-formatting buffer as first parameter of uprintf() can lead
to an exception if this buffer happens to contain a '%' character, so
usage of uprintf() with string buffers that may contain '%' should be
sanitized.
* Also drop the _uprintf/_uprintfs aliases as they are no longer required.
* Having Windows append "SCSI Disk Device" screws up the scoring regarding
disks that are actually describing themselves as SCSI, so replace that
with "UAS Device", as it should be.
* Closes#2221.
* Also fix a MinGW warning.
Pete Batard
Bella Zhang
Fred
johnloopi
AJIOB
ИEØ_ΙΙØZ
Abdulmajeed Almarzoqi