1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
rufus/res/uefi/readme.txt
Pete Batard a9a97b6f10
[efi] update UEFI:NTFS's NTFS drivers to latest
* Now uses read-only NTFS drivers v1.3 from https://github.com/pbatard/ntfs-3g.
* Like previous ones, aa64, ia32 and x64 versions are Secure Boot signed (but not arm).
* Fixes the recent potential vulnerabilities found in https://github.com/tuxera/ntfs-3g.
* Note that we have asked Microsoft to add the previous signed NTFS drivers to the UEFI
  Revocation List, even as we believe that the ntfs-3g vulnerabilities are not exploitable
  in the limited context of UEFI:NTFS.
2022-06-16 11:54:00 +01:00

35 lines
1.6 KiB
Text

This directory contains a flat image of the FAT UEFI:NTFS partition added by
Rufus for NTFS and exFAT UEFI boot support.
See https://github.com/pbatard/uefi-ntfs for more details.
This image, which you can mount as FAT filesystem or open in 7-zip, contains
the following data:
o Secure Boot signed NTFS UEFI drivers, derived from ntfs-3g [1].
These drivers are the exact same as the read-only binaries from release 1.3,
except for the addition of Microsoft's Secure Boot signature.
Note that, per Microsoft's current Secure Boot signing policies, the 32-bit
ARM driver (ntfs_arm.efi) is not Secure Boot signed.
o Non Secure Boot signed exFAT UEFI drivers from EfiFs [2].
These drivers are the exact same as the binaries from EfiFs release 1.8 and
because they are licensed under GPLv3, they cannot be Secure Boot signed.
o Secure Boot signed UEFI:NTFS bootloader binaries [3].
These drivers are the exact same as the binaries from release 2.2, except for
the addition of Microsoft's Secure Boot signature.
Note that, per Microsoft's current Secure Boot signing policies, the 32-bit
ARM bootloader (bootarm.efi) is not Secure Boot signed.
The above means that, if booting an NTFS partition on an x86_32, x86_64 or ARM64
system, Secure Boot does not need to be disabled.
The FAT partition was created on Debian GNU/Linux using the following commands
dd if=/dev/zero of=uefi-ntfs.img bs=512 count=2048
mkfs.vfat -n UEFI_NTFS uefi-ntfs.img
and then mounting the uefi-ntfs.img image and copying the relevant files.
[1] https://github.com/pbatard/ntfs-3g
[2] https://github.com/pbatard/efifs
[3] https://github.com/pbatard/uefi-ntfs