nerd/rufus
1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Code Issues 1 Projects Releases Wiki Activity
rufus/.mingw/Makefile.am
Pete Batard 64e85ed09a
[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet 
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation
  in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders.
* As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent
  as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as
  long as Microsoft themselves haven't entered the enforcing phase of their Black
  Lotus mitigation (currently planned for early 2024).
* Because of this, while we add some revocation detection for post 1703 bootloaders,
  we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows
  10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and
  will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b.
* Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to
  blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders.
* Also remove the now unused comdlg32 library from the linker.
2023-07-15 23:20:59 +02:00

31 lines
1.2 KiB
Makefile
Raw Blame History

# Create delay-loaded libraries from a DLL, that aren't vulnerable to side-loading
AM_V_DLLTOOL_0 = @echo " LIB $@";$(DLLTOOL)
AM_V_DLLTOOL_1 = $(DLLTOOL)
AM_V_DLLTOOL_ = $(AM_V_DLLTOOL_$(AM_DEFAULT_VERBOSITY))
AM_V_DLLTOOL = $(AM_V_DLLTOOL_$(V))
AM_V_SED_0 = @echo " SED $<";$(SED)
AM_V_SED_1 = $(SED)
AM_V_SED_ = $(AM_V_SED_$(AM_DEFAULT_VERBOSITY))
AM_V_SED = $(AM_V_SED_$(V))
# Ah the joys of Windows DLL calling conventions, that require an @## suffix in the .def
# for x86_32 and but no @## for x86_64, thereby forcing us to strip stuff according to the
# target arch. Oh, and we can't use 'target_cpu' or AC definitions on account that we are
# switching archs when building on our local machine, and don't want to have to go though
# a costly reconf each time when we can simply issue a 'make clean'.
TUPLE := $(shell $(CC) -dumpmachine)
TARGET := $(word 1,$(subst -, ,$(TUPLE)))
DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64)
.PHONY: all
all: dwmapi-delaylib.lib version-delaylib.lib wintrust-delaylib.lib
%.def64: %.def
$(AM_V_SED) "s/@.*//" $< >$@
%-delaylib.lib: %$(DEF_SUFFIX)
$(AM_V_DLLTOOL) --input-def $< --output-delaylib $@ --dllname $(basename $<).dll
clean:
$(RM) -rf *.lib
Reference in a new issue View git blame Copy permalink