mirror of
https://github.com/pbatard/rufus.git
synced 2024-08-14 23:57:05 +00:00
64e85ed09a
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders. * As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as long as Microsoft themselves haven't entered the enforcing phase of their Black Lotus mitigation (currently planned for early 2024). * Because of this, while we add some revocation detection for post 1703 bootloaders, we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows 10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b. * Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders. * Also remove the now unused comdlg32 library from the linker.
26 lines
1.9 KiB
Makefile
26 lines
1.9 KiB
Makefile
SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc
|
|
# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version:
|
|
NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomctl32 -luuid
|
|
# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement:
|
|
# Ideally there would also be virtdisk and wininet as delaylib's below, but the MinGW folks haven't quite sorted out delay-loading
|
|
# for x86_32 so as soon as you try to call APIs from these, the application will crash!
|
|
# See https://github.com/pbatard/rufus/issues/1877#issuecomment-1109683039 as well as https://github.com/pbatard/rufus/issues/2272
|
|
VULNERABLE_LIBS = -ldwmapi-delaylib -lversion-delaylib -lwintrust-delaylib
|
|
|
|
noinst_PROGRAMS = rufus
|
|
|
|
AM_V_WINDRES_0 = @echo " RC $@";$(WINDRES)
|
|
AM_V_WINDRES_1 = $(WINDRES)
|
|
AM_V_WINDRES_ = $(AM_V_WINDRES_$(AM_DEFAULT_VERBOSITY))
|
|
AM_V_WINDRES = $(AM_V_WINDRES_$(V))
|
|
|
|
%_rc.o: %.rc ../res/loc/embedded.loc
|
|
$(AM_V_WINDRES) $(AM_RCFLAGS) -i $< -o $@
|
|
|
|
rufus_SOURCES = badblocks.c cpu.c dev.c dos.c dos_locale.c drive.c format.c format_ext.c format_fat32.c hash.c icon.c iso.c \
|
|
localization.c net.c parser.c pki.c process.c re.c rufus.c smart.c stdfn.c stdio.c stdlg.c syslinux.c ui.c vhd.c wue.c
|
|
rufus_CFLAGS = -I$(srcdir)/ms-sys/inc -I$(srcdir)/syslinux/libfat -I$(srcdir)/syslinux/libinstaller -I$(srcdir)/syslinux/win -I$(srcdir)/libcdio $(AM_CFLAGS) \
|
|
-DEXT2_FLAT_INCLUDES=0 -DSOLUTION=rufus
|
|
rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows -L ../.mingw
|
|
rufus_LDADD = rufus_rc.o bled/libbled.a ext2fs/libext2fs.a ms-sys/libmssys.a syslinux/libfat/libfat.a syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \
|
|
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a $(NONVULNERABLE_LIBS) $(VULNERABLE_LIBS)
|