rufus

Author SHA1 Message Date

Author	SHA1	Message	Date
Pete Batard	64e85ed09a	[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet * As opposed to what we originally asserted, Microsoft did enact a blanket revocation in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders. * As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as long as Microsoft themselves haven't entered the enforcing phase of their Black Lotus mitigation (currently planned for early 2024). * Because of this, while we add some revocation detection for post 1703 bootloaders, we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows 10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b. * Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders. * Also remove the now unused comdlg32 library from the linker.	2023-07-15 23:20:59 +02:00
Pete Batard	8814944c35	[wue] improve Windows version reporting from ISO/.wim * Pick the version and build number directly from the install[.wim\|.esd] XML index. This forces us to mount the ISO during scan, but it's the only way to get an accurate Build number... * Also drop linking to version.dll (along with the whole version.dll delay-loading shenanigans).	2022-10-04 11:58:30 +01:00
Pete Batard	e7b66e7e4c	[mingw] use delay loading for DLLs that are subject to side loading * This reverts much of commits `f6ac559f4d` and `1947266837` so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs, sideloading mitigation has already been applied by the application. * This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been doing to prevent it, to clean up the code. * Note that this is a bit more complex than what the stackoverflow post suggests, because we need to create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles and whatnot, to get us there. * Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of MinGW now have support for it. * Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).	2022-04-12 11:09:59 +01:00

Pete Batard

64e85ed09a

[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet

* As opposed to what we originally asserted, Microsoft did enact a blanket revocation
  in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders.
* As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent
  as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as
  long as Microsoft themselves haven't entered the enforcing phase of their Black
  Lotus mitigation (currently planned for early 2024).
* Because of this, while we add some revocation detection for post 1703 bootloaders,
  we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows
  10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and
  will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b.
* Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to
  blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders.
* Also remove the now unused comdlg32 library from the linker.

2023-07-15 23:20:59 +02:00

Pete Batard

8814944c35

[wue] improve Windows version reporting from ISO/.wim

* Pick the version and build number directly from the install[.wim|.esd] XML index.
  This forces us to mount the ISO during scan, but it's the only way to get an accurate Build number...
* Also drop linking to version.dll (along with the whole version.dll delay-loading shenanigans).

2022-10-04 11:58:30 +01:00

Pete Batard

e7b66e7e4c

[mingw] use delay loading for DLLs that are subject to side loading

* This reverts much of commits f6ac559f4d and 1947266837
  so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs,
  sideloading mitigation has already been applied by the application.
* This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we
  link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been
  doing to prevent it, to clean up the code.
* Note that this is a bit more complex than what the stackoverflow post suggests, because we need to
  create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and
  therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles
  and whatnot, to get us there.
* Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of
  MinGW now have support for it.
* Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).

2022-04-12 11:09:59 +01:00

3 Commits