Skip to content

Releases: pbatard/Mosby

Mosby v3.3

Choose a tag to compare

@github-actions github-actions released this 01 Jul 16:14
d26b473

Mosby v3.2

Choose a tag to compare

@github-actions github-actions released this 03 Jun 13:03
001f2f2
  • Enable Mosby to run when the platform is in Audit Mode (mostly for Dell systems).
  • Update Microsoft SVN binaries to v8.0.
  • Add a warning if the main Secure Boot variables haven't been cleared when running Mosby, since this can cause failures.
  • Report NVRAM usage before and after using Mosby, and also warn if not enough space is likely to be available when writing a variable (#30).
  • Add an option (--no-mosby-db) to disable the adding/creation of MosbyKey in the DB.
  • Refactor some of the less used options into separate longform ones (--create-nopk, --no-log).

Mosby v3.1

Choose a tag to compare

@github-actions github-actions released this 27 Feb 12:30
c9fb016
  • Remove SSPU/SSPV provision (SkuSiPolicyUpdateSigners/SkuSiPolicyVersion) since setting SkuSiPolicyVersion effectively prevents regular Windows installation media from booting unless you boot it with Secure Boot disabled at least once and SkuSiPolicyUpdateSigners is not interchangeable between systems in the first place.
  • See KB5042562 on how you can apply Microsoft's UEFI lock on your own, by copying SkuSiPolicy.p7b to the ESP, after understanding that doing so may result in Windows boot media fail to boot on your system without providing any hint as to why it isn't booting, and why this might continue to be the case even after you remove the existing Windows instance.

Mosby v3.0

Choose a tag to compare

@github-actions github-actions released this 13 Jan 20:52
b689492
  • Fix various issues that could lead to Security Violation errors when trying to update KEKs or PK.
  • Add an alert for TPM Measured Boot when BitLocker is in use.
  • Add an option (-r) to attempt to reinstall the manufacturer's default PK/KEK/DB certificates (while filtering out compromised PKs, such as the infamous DO NOT TRUST - AMI Test PK).
  • Add an option (-n) to create a NoPK.auth that can be used to reset the platform to Setup Mode (using KeyTool or other Secure Boot key management utilities).
  • Improve reporting, and add a big red notice in case of error.

Mosby v2.9

Choose a tag to compare

@github-actions github-actions released this 02 Jan 14:56
fb1c9f8
  • Add a workaround for platforms (HP ProDesk, most likely other ones) that report Security Violation when installing any of the DBX, DB, KEK and PK. (#17)

Mosby v2.8

Choose a tag to compare

@github-actions github-actions released this 09 Dec 19:14
e4e625f
  • Add a workaround for an AMI UEFI firmware bug that affects older ASUS, Dell, Lenovo, MSI and potentially other systems, where it is not possible to append to the KEK Secure Boot database. (#14)
  • Use the relevant EFI VendorGUIDs when adding certificates, instead of deriving one from the certificate fingerprint.
  • Improve processing of .esl, especially ones with multiple entries.
  • Improve log timestamps and Mosby version reporting.

Mosby v2.7

Choose a tag to compare

@github-actions github-actions released this 21 Nov 19:01
d59641b
  • Minor update to fix the IA32 and X64 DBX timestamps and the check for RW in Mosby.nsh.

Mosby v2.6

Choose a tag to compare

@github-actions github-actions released this 21 Oct 11:46
f54d1b4
  • Update DBXs to latest

Mosby v2.5

Choose a tag to compare

@github-actions github-actions released this 09 Oct 19:19
b1ee41e
  • Detect Audit Mode
  • Improve drive detection in Mosby.nsh
  • Add -n option to disable logging to file
  • Update the DBX dates and report the current Bootmgr SVN value

Mosby v2.4

Choose a tag to compare

@github-actions github-actions released this 07 Oct 10:30
78488d7
  • Add installation of Microsoft Option ROM UEFI CA 2023 DB certificate
  • Update SVN and SBAT to latest
  • Report UEFI system info
  • Add logging to file and improve exit condition with a countdown