[INTERNAL] List of rufus-4.6 enhancements and fixes

[pbatard]

This topic is flagged as INTERNAL and is therefore NOT open for comments.

• [5439ca8] Report the path of the image we save to in the log
• [ede52c5] Status bar remains with Checking for conflicting processes... when writing VHD#
• [c5d61f6] Do we want to start validating SBAT from the Shim used by Linux ISOs and produce a similar warning to the one we use for Windows revoked bootloaders? This is in light of this and it would be a lot easier to accomplish if Shim did this.
• [c5d61f6] We should only log SkuPolicy.p7b updates if it exists and we find at least one hash.
• [15c2843] Do we want to perform the new DBX validation documented in Feature Request: Warn if media will no longer be bootable after Q1 2024. #2244 (comment) to warn about revocation there as well?
• Nobara 40 doesn't boot? → Works fine for me
• It looks like some people are "fixing" the new 24H2 checks by patching winsetup.dll (while breaking the digital signature of the file in the process). Do we want to do something like this? Doesn't look like we'll need this, as the existing bypasses still seem to work fine for clean 24H2 installs
• [15c2843] Add a fallback internal SBAT for people who can't access remote
• [ede52c5] Might want to add a status message for validating UEFI bootloaders
• Do we want/need to remove BIOS support for Windows 11? → Apparently not
• [c800448] Add a setup wrapper for 24H2 in-place upgrades
• Test Windows 10 to Windows 11 24H2 in-place upgrade → Not seeing any issues
• Can we add support for Windows install on platforms where Windows 2011 cert has been revoked? → We can't, thanks to Microsoft shipping 24H2 with bloody REVOKED bootloaders in install.wim[#]\windows\system32\Recovery\Winre.wim. Frigging security amateurs!!
• Anything we can do about MS' new partition screen and the extra partitions? → Nah...
• [5439ca8] Need to rehash the replaced setup.exe for md5sum validation.
• Ubuntu produces Booting in insecure mode on a fully up to date system with SecureBoot enabled. Seems to be a Shim bug, but WTF?!? → Seems to be a MokSBState variable issue that happens even if you use the system's default SB certs, and that I'll need to investigate in Mosby
• [6b5837d] We probably want to also check for DBX cert revocation and alert about the 2011 cert rev if the user is running Rufus in Expert Mode.
• [ede52c5] We can't seem to properly extract the SBAT of IA32 binaries (e.g. archlinux-2024.03.01-x86_64.iso)
• We don't get the digital signature info from Canonical signed binaries (such as ubuntu-24.04.1-desktop-amd64.iso's grubx64.efi) → Well, duh, that's because it doesn't have an issuer, and we request the info from the issuer...
• [4d42b7a] We should not report SBAT revocation for ISOs that don't actually use Secure Boot.
• [eb28264] [0xC0032EFC] (NB: This system was unable to provide an English error message) when downloading an update with a broken URL. I suspect the removal of the facility filter on the error message might be for something...
• Test Windows 11 24H2 ARM64 ISOs, especially with regards to setup wrapper → Looks good
• Create a new FAQ entry for ISO mounting issues. See e-mail from JN from 2024.09.18 19:19. → Done
• Create a new FAQ entry for PopCnt/SSE4.2 → Done