Skip to content

EfiGuard v1.3
Compare
Choose a tag to compare
@Mattiwatti Mattiwatti released this 26 Mar 22:45
· 28 commits to master since this release
v1.3
383aea8
This commit was signed with the committer’s verified signature.
Mattiwatti Matthijs Lavrijsen
GPG key ID: D40D1DBE299B83EA
Learn about vigilant mode.

EfiGuardDxe

  • Updated Zydis to v4.
  • EfiGuardDxe will now disable VBS during boot. This fixes a bugcheck in Windows 11 22H2, which enables VBS by default. The override does not persist and lasts until the next reboot, so disabling (or not booting into) EfiGuard is sufficient to restore VBS. Hyper-V and other Windows hypervisor features are not affected by this change and will continue to work.
  • Updated all memory write accesses (hooks, patches) to clear and restore CR0.WP if needed. This is in anticipation of the new EFI_MEMORY_ATTRIBUTE_PROTOCOL introduced in UEFI 2.10.

Loader

  • Improved robustness of the logic that determines whether a boot option is Windows. The loader will now take any boot option named "Windows Boot Manager" into consideration regardless of its filename. The previous filename-based detection is still in place and will be used as a fallback.

EfiDSEFix

  • EfiDSEFix -i now prints currently enabled code integrity and VBS options and flags.
  • Added -r command to read the current value of g_CiOptions without writing to it.
  • EfiDSEFix -d and EfiDSEFix -c now verify that VBS is disabled before proceeding. Note that VBS being enabled most likely indicates that EfiGuardDxe was simply never loaded, so this is mostly a precaution.
Assets 3
Loading