WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Disabling driver signature enforcement for Windows DomUs

To: "Fajar A. Nugraha" <fajar@xxxxxxxxx>, "Xen User-List" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Disabling driver signature enforcement for Windows DomUs
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Thu, 7 May 2009 22:53:19 +1000
Cc:
Delivery-date: Thu, 07 May 2009 05:54:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <7207d96f0905061957x1bd84671m7740a728af3297b8@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <ED96552F-795E-42A7-ABB0-CD884106318F@xxxxxxxxxxx> <7207d96f0905061957x1bd84671m7740a728af3297b8@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcnOv9auAdr2HGn5QlCFnEXRKtwctQAUjkZA
Thread-topic: [Xen-users] Disabling driver signature enforcement for Windows DomUs
> > - as per DSEO instructions, disabled all User Account Controls via
windows
> > secpol.msc snap-in
> > - installed DSEO and enabled test mode
> > - reboot
> > - GplPV drivers came up disabled, so I reinstalled the GplPV
drivers, then
> 
> That's the weird part. GPLPV should already be signed with James
> Harper's certificate (and looking at file properties tells me that).
> But as it is, on my last test xen-vbd works but xen-net does not.
> 

I still can't figure it out. I right click on the .sys file and go
properties and it tells me that there is a signature there, but then
according to device manager it isn't signed, for both the network and
disk. I think the disk driver loads because it loads early enough that
windows can't figure out that it isn't signed yet. The network driver
obviously loads later and so windows can do its thing then. XenPci
appears to be signed as far as Windows is concerned.

One thing that puzzles me is that in device manager it says that the
drivers for xennet are xennet.sys and xenpci.sys. I don't understand why
xenpci.sys is mentioned there. 

I'll ask on the ntdev list. There has been a heap of discussion there
about signing though, so I expect they're sick of the questions :)

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>