1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Commit graph

2083 commits

Author SHA1 Message Date
Pete Batard
1fc790295c
[efi] update UEFI:NTFS to latest
* Add Windows bootmgr detection to report a more explicit error on security issues.
2023-09-08 17:33:25 +01:00
Pete Batard
99bffe8364
[misc] add '.wic' to the list of default image extensions
* '.wic' are DD images used by the Yocto project.
* Why Yocto chose to use their own extension instead of using the de-facto '.img' is beyond me but hey...
* Also update GitHub Actions dependencies to latest.
* Closes #2319.
2023-09-08 17:14:09 +01:00
Pete Batard
98725a0d5f
[misc] fix improper processing of net related errors
* With thanks to @Wack0
* Also silence a Coverity warning
2023-09-08 16:58:41 +01:00
Pete Batard
94ecf74c5f
[misc] use FORMAT_MESSAGE_FROM_HMODULE where possible and drop our custom message tables 2023-09-04 11:41:35 +01:00
Pete Batard
d5bf53054b
[misc] improve retrieval of core directories
* This *might* help with the issue reported in #2296.
2023-08-28 11:08:03 +01:00
Pete Batard
866aa22a8b
[iso] fix Debian 12 Live not using persistence in BIOS mode
* The Isolinux/Syslinux append line has been moved to /isolinux/live.cfg
  so make sure we patch that file when persistence is enabled.
2023-08-27 23:03:43 +01:00
Pete Batard
9c6b1ad977
[vhd] fix Rufus being unable to open .vhd images
* Due to a typo in vhd.c where the second safe_stricmp() should be against ".vhd" and not ".vhdx" again.
* Also enable the ignore boot marker bypass for VHD/VHDX/FFU and don't misreport those images as
  "compressed disk images".
* Closes #2309.
2023-08-20 13:12:38 +01:00
Pete Batard
5b6574d6f6
[misc] add S Mode detection to Windows version reporting
* With thanks to @Wack0
2023-08-18 17:38:12 +01:00
Pete Batard
c5ad16fdeb
[wue] add an expert feature to restrict a Windows installation to S Mode
* This is placed behind an expert wall (Ctrl-Alt-E) on account that:
  - If you happen to boot a Windows To Go drive in S Mode on a computer, it may set any
    existing Windows installation there to S Mode as well, *even if their disk is offline!*
  - It can be *exceedingly* tricky to get out of S Mode, as the SkuPolicyRequired registry
    trick alone may not be enough (i.e. You can have very much a Windows install in S Mode
    *without* SkuPolicyRequired being set anywhere).
* Also set version to rufus-next and fix a ChangeLog typo.
2023-08-15 11:15:16 +01:00
Pete Batard
5084317dd7
Rufus 4.2 (Build 2074)
* Also update UEFI:NTFS's NTFS driver to v1.7
2023-07-26 12:54:49 +01:00
AJIOB
b81b440a20
[uefi] fix search for bootloaders in FAT images that have an 'EFI' volume label
* Per https://en.wikipedia.org/wiki/Design_of_the_FAT_file_system#Directory_entry it
  is possible to have a FAT directory entry with a 'EFI' volume label alongside with
  a 'EFI' subdirectory.
* If that happens, then the current Syslinux libfat_searchdir() code may treat the
  'EFI' volume label as an empty subdirectory and say that there are no bootloaders,
  even if the 'EFI\Boot\Boot###.efi' binaries really do exist.
* Fix this by filtering out entries with the 'volume label' attribute (0x08).
* For good measure, also filter out entries with the 'device' attribute (0x40), as
  it is technically possible to create a 'EFI' device leading to the same issue.
* Closes #2288.
* Closes #2289.
2023-07-24 23:55:47 +01:00
Pete Batard
64e85ed09a
[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation
  in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders.
* As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent
  as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as
  long as Microsoft themselves haven't entered the enforcing phase of their Black
  Lotus mitigation (currently planned for early 2024).
* Because of this, while we add some revocation detection for post 1703 bootloaders,
  we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows
  10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and
  will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b.
* Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to
  blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders.
* Also remove the now unused comdlg32 library from the linker.
2023-07-15 23:20:59 +02:00
Pete Batard
3329304e67
[grub] update DB for GRUB 2.12~rc1
* Also fix some Coverity warnings in stdlg.c.
2023-07-13 10:11:52 +02:00
Pete Batard
65b84ea99d
[loc] update French translation 2023-07-10 12:40:55 +02:00
Pete Batard
5191c68337
[ui] keep user preferred image type when saving drive to VHD
* Also fix a Coverity warning and use a better description for SELECT image types.
2023-07-10 11:34:50 +02:00
Pete Batard
5bbcba8534
[vhd] add write support for .vhdx and .ffu images
* Also move VHD mounting function calls from iso.c to vhd.c and remove unused VHD footer elements.
2023-07-06 19:47:26 +01:00
Pete Batard
f411d526d6
[misc] attempt to fix DLL address resolver for ARM64
* SymLoadModuleEx() on the DLL fails (with ERROR_SUCCESS, sic) on ARM64, so we have to resort
  to loading the DLL in memory and look for the "RSDS" section to access the GUID and Age.
* Except that, once you sort that, you end up with SymEnumSymbols() producing two separate
  addresses for each symbol, on account that the Windows 11 ARM64 DLLs are actually an
  unholy union of X64 and ARM64 *in the same binary*, under an abomination that Microsoft
  calls ARM64X (See https://learn.microsoft.com/en-us/windows/arm/arm64x-pe for details).
* And, of course, Microsoft did not provide any means during PDB enumeration to tell which
  address is for which arch. Especially, the bloody pSymInfo->TypeIndex, that they could
  easily have used for this, is utterly pointless as it remains set to 0...
* This means that, even after all this effort, we're still nowhere close to have a solution
  that can make DLL address resolution work on Windows 11 ARM64.
2023-07-05 22:25:25 +01:00
Pete Batard
0363bfe503
[misc] add an address resolver for internal DLL function calls
* Not sure if we'll use this to hook into FfuCaptureImage()/FfuApplyImage()/FfuMountImage()
  directly. But at least, if we ever need it, it's there...
2023-07-05 18:36:58 +01:00
Pete Batard
ef345bf106
[uefi] fix UEFI bootloader extraction when case doesn't match
* With ISO-9660 being case sensitive, we could end up in situations where trying to extract
  '/efi/boot/bootx64.efi' for revocation validation would fail if the file on the image was
  stored as '/EFI/boot/bootx64.efi' (e.g. Debian 12).
* Fox this by storing the exact UEFI bootloader path we detected during ISO scan, and using
  this path for file extraction.
* Also add a Cancel choice to the revocation dialog and harmonize whitespaces.
2023-07-04 18:05:30 +01:00
ИEØ_ΙΙØZ
bb66dfc492
[loc] update Traditional Chinese translation
* Closes #2274.
2023-07-04 13:29:27 +01:00
Pete Batard
10dbfdd7e1
[core] make sure the main partition size is aligned to the cluster size
* Having NTFS partitions properly aligned to the cluster size can drastically
  improve the speed of capturing a disk to an FFU image, as, when the size
  is aligned, the FFU capture uses the actual NTFS allocation map to only read
  and capture the clusters that are actually in use, whereas, if no aligned,
  FFU capture falls back to a sector by sector copy that is both much slower
  and also includes unwanted leftover garbage.
* Also only enable FFU when we detect FFUProvider.dll as a system library.
2023-07-04 13:26:04 +01:00
Pete Batard
0b1c68635a
[vhd] add experimental save to Full Flash Update (FFU) image support
* Full Flash Update (FFU) image support was added to dism with Windows 10 1709
  and is an alternate way to save a virtual hard disk for restoration.
* While more modern than VHD/VHDX, FFU creation only works for drives with file
  systems that Windows natively recognizes (FAT, NTFS) and that look like Windows
  installation media, so you can forget about FFU'ing a Linux disk.
* The other *intentional* drawback that Microsoft added is that they don't want
  anybody but themselves being able to create and restore FFU images, so, even
  as they have nice FfuApplyImage()/FfuCaptureImage() calls in FfuProvider.dll
  they have decided not to make these public.
* This means that, since we don't have time to spend on figuring and direct
  hooking internal DLL calls for x86_32, x86_64, ARM and ARM64 (and worrying
  that Microsoft may ever so slightly change their DLL between revs to break
  our hooks), we just call on dism.exe behind the scenes to create the FFU.
2023-07-03 23:57:04 +01:00
Pete Batard
f9370e002e
[iso] fix a crash when parsing Windows ISOs with MinGW x86_32
* MinGW32's delay loading functionality is not yet up to par with MSVC's and especially, for
  some libraries (wininet, virtdisk) attempting to delay load them simply crashes the runtime.
* This results in the MinGW32 version of the app crashing when selecting a Windows ISO, as we
  will then try to mount the ISO using virtdisk to poke the build version. Note that this crash
  does not happen with the MinGW64 version or with MSVC.
* Closes #2272.
* Also fix a Coverity warning in SaveImageThread() and improve the VHD saving code.
2023-07-02 13:15:51 +01:00
Pete Batard
d4c9f2dfa1
[vhd] enable saving device to compressed VHDX
* Now that we don't have to deal with Windows 7, we can use CreateVirtualDisk() to
  automatically dump a physical disk to VHD/VHDX, so do just that
* Also move the relevant VHD/ISO imaging call to the appropriate source.
2023-07-01 20:43:26 +01:00
Pete Batard
1476e9cd8b
[uefi] fix path of SKUSiPolicy.p7b for WOW
* 32-bit x86 running on 64-bit x86 Windows needs to get SKUSiPolicy.p7b from sysnative.
* Also fix automatic extension switching in file dialog and a small MinGW warning in Bled.
2023-07-01 20:22:10 +01:00
Pete Batard
c47ee4c435
[cmp] update Bled to latest
* Adds the provision of default buffer size in bled_init()
2023-06-30 13:05:42 +01:00
Pete Batard
c717c7789b
[cmp] further ZIP64 and overall Bled improvements
* The ZIP64 extra record may not be the first one, so add processing for all extra zip records.
* Also add extra sanity checks to try to appease Coverity and properly detect short writes.
2023-06-29 21:15:35 +01:00
Pete Batard
f233191d54
[cmp] update Bled to latest
* This adds ZIP64 support, which is required to extract zip archives that are larger than 4GB.
* Closes #2264
* Also fix a MinGW warning in pki.c and improve the UEFI revocation messages.
2023-06-28 17:40:11 +01:00
Pete Batard
52a5551749
[uefi] improve revoked UEFI bootloader reporting
* Remove duplicates from Microsoft's SKUSiPolicy.p7b
* Also display the number of revoked from embedded
* Also use Microsoft's official capitalization for SKUSiPolicy.p7b's target path
2023-06-22 11:18:49 +01:00
Pete Batard
16570f8662
[uefi] warn about revoked UEFI bootloaders when creating Windows To Go drives
* Also move the warning after the WUE dialog.
* Also work around another possible access violation in process.c.
2023-06-19 10:38:30 +02:00
Pete Batard
c59e9209eb
[uefi] factorize SkuSiPolicy.p7b copying code and apply it for Windows To Go
* Also don't forget to credit the original authors of the PowerShell gist we derived our code from!
2023-06-19 00:04:08 +02:00
Pete Batard
7eb9a6f16b
[misc] fix some benign Coverity warnings 2023-06-18 19:09:15 +02:00
Pete Batard
be5b590cfb
[uefi] add parsing and copying of the system's SkuSiPolicy.p7b
* Instead of embedding the content of the most recent revoked bootloader hashes in db.h
  we now parse the system's SkuSiPolicy.p7b to do so. This has the drawback of not alerting
  users running Rufus on systems where SkuSiPolicy.p7b is not up to date, but I believe the
  trade-off is worth it.
* We now also copy the system's SkuSiPolicy.p7b to the created media when possible (for
  Windows 10 or later), so that Microsoft's WDAC UEFI revocations can apply during boot.
2023-06-18 19:07:45 +02:00
Pete Batard
43764268de
[uefi] add detection and warning for revoked bootloaders
* Considering that alerting users to potential security breaches that may be
  exploited by boot media should also be performed by application that create
  them, we add detection for all the currently known revoked UEFI bootloaders,
  be it the ones from the official UEFI DBX as well as the ones from Windows'
  SkuSiPolicy.p7b, and warn the user when one such bootloader is detected on
  their source media.
* Note that, to actually be revoked, the bootloaders flagged through SkuSiPolicy
  require the copying of the .p7b to the boot media, which we are currently
  not enacting but will perform in a subsequent commit.
* Also fix a Coverity warning in hash.c.
2023-06-16 20:36:50 +02:00
Pete Batard
c4b1b23832
[hash] add PE256 hash functions
* Mostly copied from U-Boot's https://github.com/u-boot/u-boot/blob/master/lib/efi_loader/efi_image_loader.c
2023-06-13 17:57:34 +02:00
Pete Batard
090bfb9770
[misc] rename checksum.c to hash.c 2023-06-11 16:18:26 +01:00
Pete Batard
3e81b38c2d
[misc] try to support folks who use a symlink for their temp dir
* Microsoft's WIM mounting APIs can't use symlinked directories and
  some folks want to use a symlinked temp dir...
* Closes #2084
2023-06-05 14:08:25 +01:00
Pete Batard
71e99add76
[iso] increase ISO → ESP limit for Debian 12
* Debian 12 ARM64 netinst ISOs have doubled in size to be larger than 512 MB,
  so we need to increase MAX_ISO_TO_ESP_SIZE as a result.
* Also add extra NULL checks in process.c as some people seem to run into
  NULL deref issues.
* Also set version to rufus-next and update some URLs/text files.
2023-06-05 13:29:18 +01:00
Pete Batard
beb847511b
Rufus 4.1 (Build 2045)
* Also revert GRUB 2 core.img to vanilla 2.06, with the hope that GRUB will
  *ACTUALLY* bother to release in 2023 and we will be able to update to
  GRUB 2.12 (or whatever non-sequential version they decide to go with) to
  say a most welcome goodbye to this whole 2.06 incompatibility crap!
2023-05-31 18:24:46 +01:00
Pete Batard
30ccf24ca4
[wue] add TCGSecurityActivationDisabled when BitLocker is disabled
* Closes #2253
2023-05-30 14:42:07 +01:00
Pete Batard
109df708b4
[misc] add an exception for 23A9:EF18 UFDs
* Closes #2247
2023-05-29 18:04:42 +01:00
Pete Batard
4d89e83b5d
[ui] change the log icon to something more explicit
* Hopefully a notepad/logbook icon will be more intuitive.
* Also tweak the new message for diskcopy.dll download and add French translation.
2023-05-27 16:18:22 +01:00
Pete Batard
600b8fc787
[efi] update UEFI:NTFS's NTFS drivers to latest
* Plus small updates to .gitignore and README and update rufus-next to 4.1.
2023-05-26 12:17:52 +01:00
Pete Batard
3afa139d7a
[dos] reinstate MS-DOS boot disk creation for Windows 10 and later platforms
* The BlackLotus malware shows that it is possible to download individual
  executables and DLLs straight from Microsoft's symbol servers, so we use
  that capability to download the missing Windows 8.1 'diskcopy.dll', that
  contains the flat floppy disk image with MS-DOS files we need. See:
  https://randomascii.wordpress.com/2013/03/09/symbols-the-microsoft-way/
* Also reorder entries in the "Boot selection" dropdown.
* Also use CreateFileWithTimeout() in GetLogicalName().
2023-05-24 17:55:25 +01:00
Pete Batard
3a0f7d3813
[iso] attempt to fix the clusterfuck of GRUB 2.06 incompatible versions
* As was *ENTIRELY PREDICTIBLE*, the lack of timely releases from the GRUB
  project has resulted in distro maintainers (Ubuntu, Fedora, etc.) taking
  matters in their own hand and applying patches on top of their 2.06 version.
  However, these patches result in 2.06 bootloaders that are incompatible
  with 2.06 modules that don't have the same patches applied. Especially this
  now results in the infamous "452: out of range pointer" error message when
  using patched modules with unpatched bootloader or unpatched modules with
  patched bootloaders.
* Making this issue worse, we also have distro maintainers who won't add a
  suffix to their GRUB version, AS ONE SHOULD DO WHEN ONE APPLIES TONS OF
  PATCHES ON TOP OF A PROJECT'S SOURCE, and MISreport their non 2.06 GRUB as
  "2.06", and, because we can't detect what patches are needed from modules
  themselves (unlike what is the case for grub_debug_is_enabled), we have no
  way of telling incompatible GRUB 2.06 binaries from one another.
* As a result, we have no choice but to append a sanitized version of the ISO
  label to the GRUB version, as a means to differentiate between incompatible
  versions, and tweak our existing bootloader download mechanism to *ATTEMPT*
  to download a compatible 'core.img' from our server... where we will have
  to waste a lot of time adding new binaries and symlinks to try to make all
  these GRUB "2.06" based images work, and will probably miss quite few with
  the end results that users who are just trying to install Linux will be left
  stranded.
* Again, I have to point out how the end result of regular users wanting to
  try Linux and being unable to do so is the *DIRECT* result of the GRUB project
  maintainers having sat on a 2-year influx of CONTINUOUS patches, and thinking
  that "Release Early, Release Often" is only a gimmick, and not something that
  should apply to their project, even as they have been warned before, by yours
  truly, that *NOT* releasing on a timely basis is causing actual grievances...
  That's because, had the GRUB maintainers released on a timely basis (at least
  once a year) Fedora and Ubuntu would be using vanilla GRUB 2.07 with the memory
  patches, and we wouldn't be trying to mix that with old GRUB 2.06 binaries.
* For more on this, see #2233, noting that we will need to apply a compatibility
  breaking change during the 4.1 release, to revert the patches we applied to
  the default 2.06 'core.img' in pbatard/rufus-web@320b800592.
2023-05-16 14:05:28 +01:00
Pete Batard
23d89d9764
[misc] apply a timeout when querying drives for letters/type
* Some Windows Store reports suggest that the existing call might freeze
  on CreateFile() leading some users to kill the app. So switch to using
  a CreateFile() call that times out instead of waiting forever...
2023-05-03 16:26:54 +01:00
Pete Batard
0df68b6af9
[misc] further Windows 7 specifics removals
* Also remove some unused code in stdlg.c
* Note that virtdisk appears to be a vulnerable library, so we go
  through delay loading yet again...
2023-04-28 17:46:05 +01:00
Pete Batard
0bda98f0ed
[misc] update DB for newer GRUB core.img's
* See pbatard/rufus-web@320b800592
* Also fix © sign not displaying properly in executable details page
2023-04-28 17:34:06 +01:00
Pete Batard
0e14725de8
Rufus 4.0 (Build 2035)
* Also make sure we only upload the x86_64 MinGW binary to VirusTotal
  since the x86_32 will conflict with the MSVC one.
2023-04-26 00:00:03 +01:00
Pete Batard
18645c9e70
update internal GRUB2 bootloader for Ubuntu 23.04
* Yet another example in the long list of how not releasing your project IN A
  TIMELY MANNER is creating HUGE PROBLEMS downstream... Looking at you GRUB!!!
* Closes #2233
2023-04-25 18:18:26 +01:00