[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Re: Unsigned GPLPV drivers



> 
> On Wed Jul 15, 2009 at 10:56:38 +0200, Klaus Steinberger wrote:
> > > I was under the impression that using bcdedit to set the
> > > DDISABLE_INTEGRITY_CHECKS loadoption and nointegritychecks option
would
> > > remove any restrictions on using unsigned drivers, but it would
appear
> > this
> > > perhaps on applies to Vista, not Windows 2008.
> >
> > It even does not work in Vista (starting with SP1).
> >
> > Only way is to use Ready Driver Plus
> 
> Yes, I ran that once and my general feeling is that it's a very hacky
> "solution".
> 
> Is there any likelihood of the GPLPV drivers getting signed with a
"real"
> certificate? The Microsoft documents on driver signing are a bit vague
on
> what is actually required but it doesn't seem as if the full WHQL
testing
> needs to be done, you only need an SPC certificate from a trusted CA.
For
> example Comodo are selling code signing certs for $179 for a year.
> 
> Could "anyone" then purchase one of these certificates and sign the
GPLPV
> drivers?
> 

I'm pretty sure it doesn't work that way. The drivers need to be signed
by Microsoft (in addition to a regular code signing cert I think). The
reasoning from Microsoft's point of view is that if someone writes
crappy drivers it makes Windows look crappy, so they make you test them
against Microsoft's testing framework (WHQL) and then submit the logs to
Microsoft, and if they are happy they stamp them with their secret key.

I don't really agree with it (it's entirely possible to write a crappy
driver that passes WHQL) but I can understand where they are coming
from.

James


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.