This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] Re: Unsigned GPLPV drivers

To: "Oliver Hookins" <oliver.hookins@xxxxxxxxxxxxx>, "Klaus Steinberger" <klaus.steinberger@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Re: Unsigned GPLPV drivers
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Thu, 16 Jul 2009 19:37:21 +1000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 16 Jul 2009 02:38:14 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20090716025147.GA16982@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20090715081434.8735127B96@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx><4A5D99C6.1040106@xxxxxxxxxxxxxxxxxxxxxx> <20090716025147.GA16982@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcoFwI5el2gjoRuDR0OXy59Lg46jugAN/WSQ
Thread-topic: [Xen-users] Re: Unsigned GPLPV drivers
> On Wed Jul 15, 2009 at 10:56:38 +0200, Klaus Steinberger wrote:
> > > I was under the impression that using bcdedit to set the
> > > DDISABLE_INTEGRITY_CHECKS loadoption and nointegritychecks option
> > > remove any restrictions on using unsigned drivers, but it would
> > this
> > > perhaps on applies to Vista, not Windows 2008.
> >
> > It even does not work in Vista (starting with SP1).
> >
> > Only way is to use Ready Driver Plus
> Yes, I ran that once and my general feeling is that it's a very hacky
> "solution".
> Is there any likelihood of the GPLPV drivers getting signed with a
> certificate? The Microsoft documents on driver signing are a bit vague
> what is actually required but it doesn't seem as if the full WHQL
> needs to be done, you only need an SPC certificate from a trusted CA.
> example Comodo are selling code signing certs for $179 for a year.
> Could "anyone" then purchase one of these certificates and sign the
> drivers?

I'm pretty sure it doesn't work that way. The drivers need to be signed
by Microsoft (in addition to a regular code signing cert I think). The
reasoning from Microsoft's point of view is that if someone writes
crappy drivers it makes Windows look crappy, so they make you test them
against Microsoft's testing framework (WHQL) and then submit the logs to
Microsoft, and if they are happy they stamp them with their secret key.

I don't really agree with it (it's entirely possible to write a crappy
driver that passes WHQL) but I can understand where they are coming


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>