AMI NTFS UEFI driver bug while using Rufus latest release (4.7p)

antspants said:

I couldn’t tell you. Probably the ISO due to Microsofts UEFI blocklist (newish) which can disallow older boot loaders.

Have you tried disabling “Secure Boot” in the BIOS until Windows is installed? Then you should be able to re-enable it.

Click to expand...

I was pondering whether I should just do that. 'Cos I mean, there must be tons of other people out there who also have these same ISOs from before the buggy driver was discovered. And what has happened for them? MS must have dealt with it somehow through the recent 23h2 updates, right? ...Or maybe it's only by allowing an upgrade to 24h2 that the vulnerability gets resolved... Or maybe there won't be a fix til 25h2. What do I know? Only that I'm getting myself more confused probably. lol. Maybe I should just try to google again to see if I can find out if MS has issued any kind of update/patch/fix for it... Though, being such a greenhorn, I don't quite know where to look or what keywords to use. I might poke around a bit before going to bed, just for curiosity's sake. And if I can't find out more, then I'll see what my husband wants us to do. One way or another, it's gotta be installed tomorrow morning and set up by May 1st because of his work requirements.

I believe it’s only with 23H2 ISOs up until a certain period.

As for other people, as far as I know, their bypass was to either understand whatever the hell GitHub is talking about Or Disabling Secure Boot until the installation is completed.

Trying to learn said:

I don't quite know where to look or what keywords to use

Click to expand...

I believe there is mention of it here.


Or Google the following query:

AMI UEFI NTFS driver bug site:elevenforum.com

antspants said:

It’s should have both versions, at least the US ISO should. Multi-edition ISO

Click to expand...

If I know the handsome, suave, sophisticated young man from which Ants obtained the UK ISO, it is a "consumer" ISO, meaning it has Home and Pro, amongst others.

I second the notion to disable Secure Boot and enable it after installation finishes. It's totally fine to install Windows this way.

Trying to learn said:

One way or another, it's gotta be installed tomorrow morning and set up by May 1st because of his work requirements.

Click to expand...

pseymour said:

I second the notion to disable Secure Boot and enable it after installation finishes. It's totally fine to install Windows this way.

Click to expand...

Turn off secure boot until completed

antspants said:

I suppose a definitive work around here, would be to go for broke with 24H2.
As much as there are some complaints, there are also many members who are doing fine with it.

I won’t install it on my main PC because it is 11 years old and it started acting up after new builds mid last year with 23H2, 24H2 didn’t improve anything. Hence my old ISO.

You’re new system may very well work just fine.

• Option One: Download Latest Windows 11 24H2 64-bit ISO using Media Creation Tool

Due to your internet issues, expect another 2 hours wait. What did the ISP eventually do or say? Did you compare the fibre options cost?

Click to expand...

I'm nervous of 24H2, been too many bugs for people. The printer issues it caused and the risk of forced Bitlocker really put us off. Since I gotta get this new computer ready for daily use by May 1st (including functional printer), I just don't have time or stamina to deal with the stress of those potential issues if I can avoid it at all...

The technician for the ISP hasn't called us back yet. He's supposed to sometime this week. The CS rep I spoke with on the phone checked our speed at the router itself, which is upstairs and it showed we were getting a bit more than what we pay for. But the speed tests I did downstairs at the computer showed us only getting 2/3 the download speed we pay for and circa 1/2 the upload speed. She didn't explain the latencies (what that means, what might be causing them). I find it hard to believe that the cable running from the router to the computer could sink the speed so much, but my husband said he wasn't surprised. I sure was. lol. (It's an older cable, maybe 12-15 years old, but still in fine condition with no damage.) We're probably going to have to just keep things as they are, as we can't afford to upgrade from DNS yet due to the work loss & illness expenses we've had. Our usage patterns don't really require it either. We normally only use the net in very simple ways and don't often download things. When we do, they're small, e.g. emails and .pdf files. The ISO files you gave us were the first time we've ever downloaded anything big.

Sorry, I've been a bit slow replying as I was looking at the links you gave and then fell down a rabbit hole with other pages, trying to learn more about this stuff. I'm not sure if the warnings we got were specifically related to the Black Lotus malware vulnerability or not, but I'm guessing they probably were. What a mess that whole situation has been...

UPDATE:

So I was thinking that the warnings when I tried installation the first time might have been because, under the advanced drive properties, I clicked to enable runtime UEFI media validation. Something I'd read on the github FAQ page, I think, was what made me think it could be a good thing to do. Something about checksums and maybe checking for corruption on the USB.. can't quite recall...

Anyway, I redid the USB prep... did it all exactly the same, except this time I did *not* enable the media validation. I think I might still have gotten the Rufus warning about revoked bootloaders when it was prepping the USB, if I remember right. But when I put the USB in the new computer, it booted up and installed Windows right away without any warnings at all. lol.

So it's finally installed on the new computer. Thanks a lot for all your help and patience with me while I was confused and uncertain about what, if anything, needed to happen after getting those warnings.

I have to get some sleep now, but later I'll do the tweak to 'lock' the system in 23h2 before I connect the internet to it. Then I'll let it fully update itself with all the 23h2 updates, and hopefully there will be something in one or more of those which will correct the md5/vulnerable bootloaders issue. That was the best I felt I could do, given the time pressure to get this thing up and running...

Side note, this Rufus 4.7p seemed to have the old 'OOBE\BYPASSNRO' trick in it, or something quite similar looking, for bypassing a ms account and getting a local one set up instead. So that didn't work. There was some kind of error message about it (I forgot to write it down due to tiredness.) For a moment, I thought I was going to have to hit shift F10 to use the other 'ms-cxh:localonly' trick. But somehow it didn't seem to matter and I didn't have to do it. I just clicked on something in the installation window (I forget what it said) and a local account was created anyway. :)

Trying to learn said:

Sorry, I've been a bit slow replying

Click to expand...

You reply when you are able, it’s all good.