This idea is designed for 2.x.x versions.
We may do the following things:
1.Add built-in logic to prevent "DebugMode" or "Testsigning" configurations of bcd files from being modified.
2.Prevent direct block device access to Boot Disk.(MBR,EFI,etc.)
To avoid from breaking Windows Update,there are maybe the following methods:
1.Before it is going to do an update,ask the user to disable this protection in advance.(Not recommended)
2.Add built-in rules to force Windows Updater to run in a hidden enclave and allow it to modifiy Boot Disk.
We may do the following things:
1.Add built-in logic to prevent "DebugMode" or "Testsigning" configurations of bcd files from being modified.
2.Prevent direct block device access to Boot Disk.(MBR,EFI,etc.)
To avoid from breaking Windows Update,there are maybe the following methods:
1.Before it is going to do an update,ask the user to disable this protection in advance.(Not recommended)
2.Add built-in rules to force Windows Updater to run in a hidden enclave and allow it to modifiy Boot Disk.