1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Commit graph

380 commits

Author SHA1 Message Date
Pete Batard
c59e9209eb
[uefi] factorize SkuSiPolicy.p7b copying code and apply it for Windows To Go
* Also don't forget to credit the original authors of the PowerShell gist we derived our code from!
2023-06-19 00:04:08 +02:00
Pete Batard
be5b590cfb
[uefi] add parsing and copying of the system's SkuSiPolicy.p7b
* Instead of embedding the content of the most recent revoked bootloader hashes in db.h
  we now parse the system's SkuSiPolicy.p7b to do so. This has the drawback of not alerting
  users running Rufus on systems where SkuSiPolicy.p7b is not up to date, but I believe the
  trade-off is worth it.
* We now also copy the system's SkuSiPolicy.p7b to the created media when possible (for
  Windows 10 or later), so that Microsoft's WDAC UEFI revocations can apply during boot.
2023-06-18 19:07:45 +02:00
Pete Batard
43764268de
[uefi] add detection and warning for revoked bootloaders
* Considering that alerting users to potential security breaches that may be
  exploited by boot media should also be performed by application that create
  them, we add detection for all the currently known revoked UEFI bootloaders,
  be it the ones from the official UEFI DBX as well as the ones from Windows'
  SkuSiPolicy.p7b, and warn the user when one such bootloader is detected on
  their source media.
* Note that, to actually be revoked, the bootloaders flagged through SkuSiPolicy
  require the copying of the .p7b to the boot media, which we are currently
  not enacting but will perform in a subsequent commit.
* Also fix a Coverity warning in hash.c.
2023-06-16 20:36:50 +02:00
Pete Batard
c4b1b23832
[hash] add PE256 hash functions
* Mostly copied from U-Boot's https://github.com/u-boot/u-boot/blob/master/lib/efi_loader/efi_image_loader.c
2023-06-13 17:57:34 +02:00
Pete Batard
090bfb9770
[misc] rename checksum.c to hash.c 2023-06-11 16:18:26 +01:00
Pete Batard
71e99add76
[iso] increase ISO → ESP limit for Debian 12
* Debian 12 ARM64 netinst ISOs have doubled in size to be larger than 512 MB,
  so we need to increase MAX_ISO_TO_ESP_SIZE as a result.
* Also add extra NULL checks in process.c as some people seem to run into
  NULL deref issues.
* Also set version to rufus-next and update some URLs/text files.
2023-06-05 13:29:18 +01:00
Pete Batard
3afa139d7a
[dos] reinstate MS-DOS boot disk creation for Windows 10 and later platforms
* The BlackLotus malware shows that it is possible to download individual
  executables and DLLs straight from Microsoft's symbol servers, so we use
  that capability to download the missing Windows 8.1 'diskcopy.dll', that
  contains the flat floppy disk image with MS-DOS files we need. See:
  https://randomascii.wordpress.com/2013/03/09/symbols-the-microsoft-way/
* Also reorder entries in the "Boot selection" dropdown.
* Also use CreateFileWithTimeout() in GetLogicalName().
2023-05-24 17:55:25 +01:00
Pete Batard
3a0f7d3813
[iso] attempt to fix the clusterfuck of GRUB 2.06 incompatible versions
* As was *ENTIRELY PREDICTIBLE*, the lack of timely releases from the GRUB
  project has resulted in distro maintainers (Ubuntu, Fedora, etc.) taking
  matters in their own hand and applying patches on top of their 2.06 version.
  However, these patches result in 2.06 bootloaders that are incompatible
  with 2.06 modules that don't have the same patches applied. Especially this
  now results in the infamous "452: out of range pointer" error message when
  using patched modules with unpatched bootloader or unpatched modules with
  patched bootloaders.
* Making this issue worse, we also have distro maintainers who won't add a
  suffix to their GRUB version, AS ONE SHOULD DO WHEN ONE APPLIES TONS OF
  PATCHES ON TOP OF A PROJECT'S SOURCE, and MISreport their non 2.06 GRUB as
  "2.06", and, because we can't detect what patches are needed from modules
  themselves (unlike what is the case for grub_debug_is_enabled), we have no
  way of telling incompatible GRUB 2.06 binaries from one another.
* As a result, we have no choice but to append a sanitized version of the ISO
  label to the GRUB version, as a means to differentiate between incompatible
  versions, and tweak our existing bootloader download mechanism to *ATTEMPT*
  to download a compatible 'core.img' from our server... where we will have
  to waste a lot of time adding new binaries and symlinks to try to make all
  these GRUB "2.06" based images work, and will probably miss quite few with
  the end results that users who are just trying to install Linux will be left
  stranded.
* Again, I have to point out how the end result of regular users wanting to
  try Linux and being unable to do so is the *DIRECT* result of the GRUB project
  maintainers having sat on a 2-year influx of CONTINUOUS patches, and thinking
  that "Release Early, Release Often" is only a gimmick, and not something that
  should apply to their project, even as they have been warned before, by yours
  truly, that *NOT* releasing on a timely basis is causing actual grievances...
  That's because, had the GRUB maintainers released on a timely basis (at least
  once a year) Fedora and Ubuntu would be using vanilla GRUB 2.07 with the memory
  patches, and we wouldn't be trying to mix that with old GRUB 2.06 binaries.
* For more on this, see #2233, noting that we will need to apply a compatibility
  breaking change during the 4.1 release, to revert the patches we applied to
  the default 2.06 'core.img' in pbatard/rufus-web@320b800592.
2023-05-16 14:05:28 +01:00
Pete Batard
23d89d9764
[misc] apply a timeout when querying drives for letters/type
* Some Windows Store reports suggest that the existing call might freeze
  on CreateFile() leading some users to kill the app. So switch to using
  a CreateFile() call that times out instead of waiting forever...
2023-05-03 16:26:54 +01:00
Pete Batard
0df68b6af9
[misc] further Windows 7 specifics removals
* Also remove some unused code in stdlg.c
* Note that virtdisk appears to be a vulnerable library, so we go
  through delay loading yet again...
2023-04-28 17:46:05 +01:00
Pete Batard
1e51385bed
[misc] revert to using the OS arch rather than app arch for the update download
* This means that someone running Rufus x64 or ARM64 should be
  proposed Rufus ARM64 rather than Rufus x64 as an upgrade.
* Also switch the BETA channel from x86 to x64.
* Also remove the _chdirU(app_dir) when using -i in commandline.
2023-04-24 20:50:53 +01:00
Pete Batard
fffd4d1160
[misc] harden usage of uprintf()
* Passing a non-formatting buffer as first parameter of uprintf() can lead
  to an exception if this buffer happens to contain a '%' character, so
  usage of uprintf() with string buffers that may contain '%' should be
  sanitized.
* Also drop the _uprintf/_uprintfs aliases as they are no longer required.
2023-04-20 17:43:24 +01:00
Pete Batard
a6451c6fc7
[misc] further Windows version and arch detection improvements
* Now also populate the underlying Windows arch in the version struct
* Also fix MinGW warnings
2023-04-18 17:32:47 +01:00
Pete Batard
e5f90282ed
[misc] improve Windows version detection
* Also use actual Windows major.minor when checking for updates
2023-04-17 13:33:05 +01:00
Pete Batard
6280e8020a
[net] fix incorrect architectures when querying for updates 2023-04-16 19:47:54 +01:00
Pete Batard
af8f68c305
[msvc] enable Structured Exception Handling (SEH) in process.c
* We are seeing reports of access violation exceptions being generated
  when looking for processes, with the App Store version.
* Since this is not critical code, add an SEH handler to ignore those.
2023-04-01 15:50:59 +02:00
Pete Batard
737db33f9c
[iso] enable menu.lst patching
* Closes #2183
* Also improve safe_strdup() and "update" Grub4DOS to latest
  (NB: grldr.mbr has not changed in the last few years)
2023-03-18 14:20:39 +00:00
Pete Batard
6ebe13eb31
[fido] deactivate Fido for Windows 7
* Also add an extra Fido translation string and improve/fix Fido testing.
* Also add an exception for HP iLO SD-CARD devices (Closes #2136).
2023-01-27 17:23:08 +00:00
Pete Batard
1dc9fab917
[misc] add a cheat mode to preserve the log between sessions
* This new cheatmode (<Ctrl>-<P>) is mostly designed to help with development.
2023-01-13 21:49:57 +00:00
Pete Batard
1ce1f47a8b
[wue] add option to Disable BitLocker automatic device encryption
* See https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker#disable-bitlocker-automatic-device-encryption
* Closes #2121
2023-01-10 20:43:07 +00:00
Pete Batard
c19ef1125d
[wue] allow the provision of an arbitrary local account username
* This is required because, even though it's easy to change a local account name
  post install, doing so does not change the directory name in C:\Users\
2022-10-18 13:58:38 +01:00
Pete Batard
fcae51a446
[grub] force server download for nonstandard GRUB (Fedora 37, openSUSE Live, GeckoLinux)
* This reverts most of 3528ca773d in order to download 'core.img' from our server instead of patching it.
* Also solve the issue of downloading a custom 'core.img' for Fedora 37, that introduced
  a new 'grub_debug_is_enabled' symbol without altering their GRUB version string.
* This is accomplished by doing what the distro maintainers should have done on their
  own, by appending a custom suffix to the GRUB version string.
2022-10-06 23:39:32 +01:00
Pete Batard
fbad63666e
[wue] add fallback to index 1 if boot.wim index 2 is not available
* Some "unofficial" Windows ISOs use a custom boot.wim that only includes the Setup
  image at index 1, rather than at index 2, after the PE image, for official ISOs.
* Also refactor to add a long needed vhd.h header.
* Also fix a MinGW warning.
2022-08-02 20:14:29 +01:00
Pete Batard
2c26f838f4
[wue] enable applicable WUE options for Windows 10
* Also ensure that we print a message on the status bar while applying options.
2022-07-27 11:49:26 +01:00
Pete Batard
a19828c9d1
[wue] move WUE, Windows To Go and WinPE calls to their own source 2022-07-25 13:18:14 +01:00
Pete Batard
c34cbab3b5
[wue] remove non-existent min disk size bypass
* Closes #1990
* Also group all of SB, TPM and min RAM into a single option and update French translation
2022-07-22 13:02:02 +01:00
Pete Batard
9073962faf
[wue] add automatic local account creation and regional settings duplication
* Local account is created with the same name as the current user along with an *empty* password
  (which we force the user to change on next logon). This is done to assuage users who might be
  weary of entering a password in a third party application, and has the benefit of enabling
  autologon when the install is complete.
* Note that the creation of a local account through an answer file prevents Windows 11 22H2
  from bugging users about MSA *even with an active network connection*.
* For convenience reasons, only duplication of the current username is enabled. We *may* add a
  dialog to enter any random username in a future version, but for 3.20, this is all you get.
* Likewise, the locale duplication is only carried out during OOBE and *not* WinPE (which means
  that you still get the initial "Windows setup language and user preferences" prompt). This is
  intentional as otherwise the default screen and "Repair Windows" options are not presented.
* It's not my fault that the Windows password change screen is super ill conceived, whereas it
  doesn't hide the current password field as it should when the current password is blank, and
  one needs to click on a very small arrow to get the changes applied, instead of a PROMINENT
  button that should intuitively have been positioned right next to "Cancel".
* If you want to complain that we should just "present the user with XYZ and be done with it",
  please bear in mind that we can't add new dialogs to Rufus as willy-nilly as you believe we
  can. *ANY* new UI interface requires major planning, which is the reason why, for the time
  being, we are limited to reusing a simple dissociated list of checkboxes for all WUE options.
2022-07-19 19:11:06 +01:00
Pete Batard
5117a3b4a8
[wue] fix MSA bypass not being applied unless SB/TPM or RAM/Disk bypass is also selected
* In a manner that defies logic, Microsoft designed Windows setup to parse Autounattend.xml
  for windowsPE tasks in the PE environment, but only carry out the copying of that file
  to %WINDIR%\Panther for subsequent processing with the other passes *IF* there exist an
  actual windowsPE section.
* In short, when using the Autounattend.xml method, Microsoft have made all passes there
  dependent on the existence of a windowsPE pass, regardless of whether that pass has any
  use or not.
* Working around this would be fine and all (just add an empty windowsPE pass so that the
  later passes get executed) if the absence of a windowsPE pass didn't also determine
  whether the user will be presented with the default Windows setup screens that include
  the "Repair your computer" option or a completely different set of screens (c.f. #1971).
* This means that, to keep users happy, we need to add yet another method to carry out
  tasks that should have remained the realm of boot.wim's Autounattend.xml, and instead
  create a \sources\$OEM$\$$\Panther\unattend.xml when there are no windowsPE tasks (on
  account that setup copies anything found under \sources\$OEM$\$$\ to %WINDIR%\).
  Only through this can we have the specialize and oobeSystem tasks actually carried out
  (for bypassing MSA requirements of skipping the data collection screens) while keeping
  the original Windows Setup look and feel.
* Closes #1981
2022-07-13 18:31:11 +01:00
Pete Batard
2b7b81808f
[misc] improve/factorize '/' ↔ '\' conversions 2022-07-09 18:16:42 +01:00
Pete Batard
14f19e5275
[wue] revert to inserting the bypass registry keys directly where possible
* The use of an unattend.xml to create the TPM/Secure Boot/Disk/RAM bypass keys was
  prompted by Microsoft restricting the ability of Windows Store app from manipulating
  offline registry hives.
* However, the use of a windowsPE phase in unattend.xml to insert the keys results in
  a windows command prompt briefly appearing when setup launches, as well as slightly
  different Windows setup screens from the default.
* So we are now reverting to trying to edit the boot.wim registry hive offline (which
  should work for the non Store version of Rufus) while falling back to using a PE
  unattend section if that doesn't work.
* Closes #1971
2022-07-08 18:48:02 +01:00
Pete Batard
a25af06b3c
[ui] drop the option to remove the "unsupported hardware" watermark
* I've never seen that watermark in the first place, therefore can't test if the option is
  working, and, as opposed to the other options, users can deal with it post install anyway.
* Also ensure that we prompt for customization when selecting an install.wim.
2022-06-24 14:27:02 +01:00
Pete Batard
a0d669232c
[ui] add a new selection dialog for Windows 11 setup customization
* This moves the extended Windows 11 options (bypass TPM & Secure Boot) away from
  "Image options" into a new explicit dialog, along with supplementary customization
  such as enabling offline account (for Windows 11 22H2) and skipping all data
  collection questions.
* This customization is now enacted through an unattend.xml file rather than offline
  registry manipulation, so that this *should* also work with the Windows Store version.
* Also update arch detection and rework/reorganize upcoming translation changes.
* Note: The 'Remove "unsupported hardware" desktop watermark' option is *UNTESTED*.
2022-06-23 13:34:24 +01:00
Pete Batard
9690742d91
[ui] extend SelectionDialog() to support checkbox selection 2022-06-20 13:47:43 +01:00
Pete Batard
cd9d3737b1
[core] add the ability to ignore USBs through VID:PID
* This enables the provision of Registry/Settings key IgnoreUsb01 to IgnoreUsb08 where
  one can specify a USB device to ignore by providing its VID:PID as a 32-bit hex value.
* Closes #1879.
* Also update rufus.ini sample for current Rufus version.
* Also fix status display for Alt-Q.
2022-06-14 23:29:33 +01:00
Pete Batard
d8af83dd14
[core] use Linux Data GUID for ext GPT partitions
* Also add an IS_EXT() macro
2022-06-08 19:37:24 +01:00
Pete Batard
c76327f96e
[ui] list drives by increasing order of size
* Also silence MSVC and MinGW obnoxious warnings about bidirectional Unicode characters.
2022-05-25 13:22:47 +01:00
Pete Batard
3528ca773d
[iso] add support for distros using a NONSTANDARD GRUB 2.0 prefix directory
* Looking at you, openSUSE Live and GeckoLinux!
2022-04-07 01:58:22 +01:00
Pete Batard
a47072c3c6
[ui] produce a more explicit error message when an image can't be opened/read
* Closes #1843
* Also publish Coverity artifacts since upload to Coverity seems to be broken atm.
2022-01-07 13:27:15 +00:00
Pete Batard
c28f9bc491
[misc] fix PVS-Studio warnings 2022-01-05 12:57:26 +01:00
Dimitri Papadopoulos
d840083a32
[misc] fix typos found by codespell
* 3rd party software was left out.
* Most changes are in code comments, but one user-visible string has also been fixed.
* Closes #1817
2021-11-16 18:53:52 +00:00
Pete Batard
f5072e45de
[misc] update solution to VS2022
* Also fix a possible mishandling of compounded strings in safe string macros
2021-11-16 17:50:20 +00:00
Pete Batard
b39e2f8615
[misc] improve GetLibraryHandle() fallback
* This is a follow up to 1c2884ceba where the error code returned by Windows 7 platforms
  that don't have KB2533623 is expected to be ERROR_INVALID_PARAMETER rather than ERROR_PROC_NOT_FOUND.
* Also update the Windows 11 'Extended' installation mode translations.
2021-10-23 13:08:13 +01:00
Pete Batard
05382d8c7d
[core] ReFS improvements
* Allow 4K/64K cluster size selection
* Only enable ReFS on relevant platforms
* Also recognize a few more Windows editions
2021-10-21 02:02:17 +01:00
Pete Batard
32b083e535
[misc] improve path display for Sylinux/GRUB resources 2021-10-21 01:59:03 +01:00
Pete Batard
1c2884ceba
[misc] fallback to using LoadLibrary() when LoadLibraryEx() fails or doesn't apply
* Per 2a3e82fa96, it looks like some Windows 7 system have trouble with
  LoadLibraryEx() if they don't have KB2533623 installed (which fixes a MAJOR Windows
  vulnerability. Some people sure want to leave their system open to hackers...).
* Work around this by adding a fallback to LoadLibrary() in GetLibraryHandle()
* Also switch to using GetLibraryHandle() in dos.c and using LoadLibrary() in sections
  where we have the full path (since these calls are not vulnerable).
2021-10-18 13:15:41 +01:00
Pete Batard
9cd7adaaaa
[iso] finalize workaround for Red Hat 8 derivatives
* See #1777
2021-10-11 17:55:46 +01:00
Pete Batard
957ec183c9
[ui] improve progress report when disabling Windows 11 installation restrictions
* Also fix Image Options content being lost when switching language.
2021-10-09 16:18:45 +01:00
Pete Batard
b043db33e6
[core] add option to bypass TPM 2.0/Secure Boot/RAM requirements for Windows 11 ISOs
* If 'Extended Windows 11 Installation' mode is selected, the system registry hive of
  'sources\boot.wim' is patched to add the Setup\LabConfig registry keys that bypass
  the TPM 2.0/Secure Boot/8GB+ RAM Windows 11 system requirements.
2021-10-08 19:24:10 +01:00
Pete Batard
a10b8e8c54
[iso] add Windows ISO version report
* Use sources/compatresources.dll, when available, to try to detect the Windows ISO version and build.
* Also report what facility we use for formatting.
2021-10-08 19:24:07 +01:00
Pete Batard
aba6c7d996
[misc] small Windows versioning improvement
* Actually define a WINDOWS_11 version and use it when Windows 11 is detected.
* Also some comment cleanup.
2021-09-28 15:39:51 +01:00