-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[wue] add an expert feature to restrict a Windows installation to S Mode
* This is placed behind an expert wall (Ctrl-Alt-E) on account that: - If you happen to boot a Windows To Go drive in S Mode on a computer, it may set any existing Windows installation there to S Mode as well, *even if their disk is offline!* - It can be *exceedingly* tricky to get out of S Mode, as the SkuPolicyRequired registry trick alone may not be enough (i.e. You can have very much a Windows install in S Mode *without* SkuPolicyRequired being set anywhere). * Also set version to rufus-next and fix a ChangeLog typo.
- Loading branch information
Showing
9 changed files
with
60 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Investigate how the heck Microsoft enforces S Mode globally even for installs that were offline and computers that were disconnected from the network. UEFI vars?"
an SiPolicy is used for this, at one point it was WinSiPolicy.p7b, but it might have changed since. As such, NV|BS-only UEFI lock variables exist for this, like for skusipolicy.
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the input.
I gathered that, since the registry key to turn S mode on is called
SkuPolicyRequired
, the whole thing was indeed linked to using some UEFI variables and some WDAC policies.Since it was annoying getting out of S Mode on the machine I tested with (I basically had to create a dummy MS account from a Windows To Go install and install the "get out of S-Mode" Microsoft Store app), I'm not in a hurry to experiment with this again, at least until I have another test machine to play with, that I can afford to keep in S Mode for some time, and where I can dump the UEFI vars before and after S Mode is enabled, to figure out what's actually going on on the UEFI side.
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I looked at winload to see what it does.
WinSiPolicyVersion/WinSiPolicyUpdateSigners variables are used to detect if S Mode is enabled.
winload does also check for Kernel_CI_SKU_UNLOCKED variable in same namespace (NV|BS|RT, as the variable is in MS namespace with a name starts with "Kernel_", NT will prevent writes to it from usermode), if it's present it will delete the lock variables, so this is most likely what the official S Mode disable process sets.
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once again, you are very much spot on! 😄
I played again with S Mode, and saw these
WinSiPolicyVersion
andWinSiPolicyUpdateSigners
variables created, which in turn forced S Mode to be applied to any Windows installation residing on the same machine.It should be noted however that these variables are only created if Secure Boot is enabled (so, if you run an S Mode Windows To Go without Secure Boot on one machine and reboot to an existing installation, then that existing installation will not be turned to S Mode), which kind of makes sense since Microsoft did target S Mode for Secure Boot enabled devices as there wouldn't be much point restricting these platforms otherwise.
I did not see any
Kernel_**
variable created after installing the Get me out of S Mode app (which, for the record, disables S Mode instantly without the need for a reboot). As a matter of fact, since I did not reboot into the newly non S Mode Windows after I installed the app, but into my existing Windows Pro install (after a quick UEFI Shell detour to dump the vars where I found that they were still present, albeit withWinSiPolicyUpdateSigners
slightly altered), I found that the existing install was still running in S Mode, so I guess theWinSiPolicyVersion
andWinSiPolicyUpdateSigners
variables are only deleted by Windows after you reboot the previously-S-Mode-enabled-but-now-disabled install.At any rate, this allowed to validate that deleting those variables manually was enough to restore the existing install to full mode, which validates that all Windows looks at, when not using the
SkuPolicyRequired
registry key, are whether these UEFI variables are present and valid (and I surmise that creating theSkuPolicyRequired
registry key does in turn create these UEFI variables, which is something I may try to validate later on).I think I'll try to publish a blog or wiki post somewhere to synthesize this data (unless you want to do it yourself) along with a
startup.nsh
that can be used with a UEFI Shell boot media to remove these variables, for people who want to switch out of S Mode without installing the MS app.And just for completion, here's the dump of the 2 variables I saw on my system:
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now my one small annoyance with this is that I'd like Rufus to be able to report if Windows is running in S Mode (since Rufus can also be installed from the Windows Store), but I'm not sure I want to go as far as adding code that looks into the system's UEFI variables just to do that, as I'm pretty sure this will drastically increase false positive results with AV providers (because why on earth would an application that creates bootable drives want to read the system's UEFI nvars if not for something nefarious?). I got to wonder if
msinfo
does poke at the UEFI vars, or if it gets its data from WDAC or something else to report on whether the system is running in S Mode...c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably it uses
wldp!QueryWindowsLockdownMode
: https://learn.microsoft.com/en-us/windows/win32/api/wldp/nf-wldp-wldpquerywindowslockdownmodec5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! This is exactly what I was looking for.
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Meanwhile, I looked at how the "official" way to disable S mode works.
The Windows Store product ID for disabling S mode is
BF712690PMLF
. Metadata for this product ID shows it gives you a license for package family nameMicrosoft.Windows.ConsumerUnlock_8wekyb3d8bbwe
.When installing a store license, clipsvc.dll checks for this package family name (actually, it checks against a table containing 4 values:
{ L"Microsoft.Windows.CommercialUnlock_8wekyb3d8bbwe", L"Microsoft.Windows.ConsumerUnlock_8wekyb3d8bbwe", L"Microsoft.Windows.TestUnlock_8wekyb3d8bbwe", L"Microsoft.Windows.ManagedUnlock_8wekyb3d8bbwe" }
).If it matches, it takes an alternate codepath. It gets the license, ensures
wldp!WldpQueryWindowsLockdownRestriction
does not returnWLDP_WINDOWS_LOCKDOWN_RESTRICTION_NOUNLOCK_PERMANENT
(this ends up becoming a registry read; if it does return this value then clipsvc function returns error). Then it gets the value ofUnlockTokenB64
from the license, base64 decodes it, then passes it toNtSetSystemInformation(SystemCodeIntegrityUnlockInformation)
.This syscall ends up going into ci.dll and in particular
ci!CiSetUnlockInformation
. If called from usermode the usermode caller is required to be Windows or WinTCB signed (maybe that means Windows/WinTCB PPL at least too, not sure).The buffer passed to this syscall is expected to be a signed supplemental Secure Boot Policy of type
{AF77ACF3-9404-46FD-B23E-15E9D7892A26}
and tied to a device-specific 256-bit UnlockID (stored in UEFI variableCopyOfUnlockID
).If all checks against the Secure Boot Policy pass (correct signature; is supplemental policy; type is correct; UnlockID matches), it gets written out to
EFIESP:\EFI\Microsoft\Boot\Policies\UnlockToken.pol
(winload will load this on subsequent boots),SkuPolicyRequired
andManufacturingMode
registry values (inHKLM\SYSTEM\CurrentControlSet\Control\CI\Policy
) are deleted, System Integrity policies are refreshed, and other applications are notified that S Mode has been disabled byNtUpdateWnfStateData(WNF_CI_SMODE_CHANGE)
.So the official way to disable S mode involves getting a signed
UnlockToken.pol
wrapped in a Windows Store app license.c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for looking into this further. Your explanation matches some of the findings I got with further testing which are:
WinSiPolicyVersion
andWinSiPolicyUpdateSigners
for an install that is been set to S Mode from the get go (through settingSkuPolicyRequired
in an answer file) is simply not enough to disable S Mode. This method of disabling S Mode only works for non restricted Windows installations that happen to have been turned to S Mode because of a separate S Mode install was carried out on the same machine.If you did enable S Mode for a specific device, e.g. an SSD drive running Windows To Go, then erased that device to create a new Windows To Go installation, then, if Secure Boot is enabled, bootmgr/winload will forcefully prevent boot which, due to Microsoft's obnoxious short-sightedness in not returning an explicit security error then, but instead returning UEFI error 17 (→ This was just the UEFI Lock from working with a v1 22H2 ISO and not a v2, see below.No mapping
), will lead to most systems declaring that the media is not bootable (whereas the media most certainly did boot and did execute the MS bootloader). So, until you disable Secure Boot, you can end up with perfectly fine bootable media that Microsoft tricks users into thinking that they are not bootable. So, indeed, we are definitely seeing Microsoft trying to lock S Mode so much that they're doing more harm than good all the people who will have no idea that Microsoft can make it look like black (bootable) is white (unbootable)...Considering all the bullshit that S Mode entails, I am seriously considering removing the newly added ability to create S Mode installation of Windows from Rufus, even when standing behind an expert mode, because, whereas I added it for people who might have reasons to want to test S Mode, my experiments lead me to conclude that S Mode needs to die a horrible death, and that whoever at Microsoft pushed for an S Mode "feature" to be added to Windows should be moved to a damp office, without any
Wwindows, in a remote basement.c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that would be bootmgr, probably due to missing
EFIESP:\EFI\Microsoft\Boot\winsipolicy.p7b
.If winload errors and returns back to bootmgr, bootmgr will show something on screen.
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're probably correct. My understanding so far however was that post 2023.05 bootloaders should not care about the presence of a specific
.p7b
to allow boot, and I'm testing with a 2023.05 22H2 v1 media.I have validated that while I do have the UEFI
SkuSiPolicy*
Lock variables, theWinSiPolicy*
ones are not present, so I'm not sure why boot with a post may Win 11 image would fail.I did have a
ConfigCIPolicyIndiv
var, but deleting it still doesn't make Win 11 22H2 v1 media boot. There are a couple of other short MS variables as well, which I have not tried to delete:c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah shoot, now I get it. 22H2 v1 is pre 2023.05, whereas you want 22H2 v2 for the patched bootloaders.
So I was testing with an image that should indeed prevent boot through UEFI Lock.
c5ad16f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
About those additional variables:
BootDebugPolicyApplied
was set as part of one of the rounds of policyhax fixes to prevent an attacker using mobilestartup to install a vulnerable secure boot policy (mobilestartup does check and set that var itself)CurrentActivePolicy
is the "newer" (post-policyhax fix) legacy secure boot policy variable (replacingCurrentPolicy
after its effective revocation, see below)BootingDeviceTypeInfo
is set by some sipolicy related code in bootmgr, it describes boot device and structure is:BYTE IsRemovableMedia; BYTE PartitionType; BYTE BlockIoType; BYTE DeviceType;
- for that example, that means device type=block io, block io type=unknown, partition type=mbr, removable media=trueWindowsBootChainSvn
is set by bootmgr (to 1) and on other boot application load (to the value in itsSECURITYVERSIONNUMBER
resource if present and greater than the existing value)CurrentPolicy
is the old (pre-policyhax fix) legacy secure boot policy variable, it was effectively revoked by setting it to authenticated (signed by a specific MS cert+pubkey) dummy data; this was the effective policyhax fix (assuming UEFI firmware could handle it, some UEFI firmware implementations did not, either by failing the write or by bricking the system)