Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vista x64 To Require Signed Drivers

Posted by ScuttleMonkey on from the circumvented-in-3-2-1 dept.

Anonymous Coward writes "With little fanfare, Microsoft just announced that the x64 version of Windows Vista will require all kernel-mode code to be digitally signed. This is very different than the current WHQL program, where the user ultimately decides how they want to handle unsigned drivers. Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. Microsoft says they won't charge for it, but they require that you have a Class 3 Commercial Software Publisher Certificate from Verisign. This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities."

16 of 326 comments (clear)

  1. It's all about the DRM. by TripMaster+Monkey · · Score: 5, Informative

    The summary is a bit brief (as well as being plagarized verbatim from OSNews.com, but a brief perusal of the cited Microsoft article is rather illuminating:
    • Drivers must be signed for devices that stream protected content. This includes audio drivers that use Protected User Mode Audio (PUMA) and Protected Audio Path (PAP), and video device drivers that handle protected video path-output protection management (PVP-OPM) commands.
    • Unsigned kernel-mode software will not load and will not run on x64-based systems.
    • Note: Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems. This applies for any software module that loads in kernel mode, including device drivers, filter drivers, and kernel services.
    (Boldface mine.)


    It would seem that Microsoft cares more about the profits of the record companies than it does about the ability of its users to be able to use its software. Just one more reason to switch to Linux.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:It's all about the DRM. by mrchaotica · · Score: 2, Informative
      You go on and on about a "treacherous computing" chip, but what possible downside is there to a TCG chip on my motherboard if I have the master key?
      There isn't a downside if you have the master key. However, read the following sentences very, very carefully:

      Treacherous Computing is explicitly designed to be secure against YOU, the user.

      YOU WILL NOT HAVE THE MASTER KEY, because it defeats the entire reason for the system's existence!
      What incentive does Dell have to to sell you a computer that's crippled this way?
      Nothing, aside from the fact that they won't be able to sell computers capable of running Vista otherwise. I could go on about conspiracy theories involving kickbacks from Microsoft and/or the RIAA and MPAA, but I won't since the first reason is reason enough.

      Ultimately, the entire push for Treacherous Computing stems from the RIAA and MPAA's desire to prevent Fair Us-- sorry, "piracy", as well as Microsoft's desire for totalitarian control over every Windows user's computer (and the ability to force subscription-based software models upon us).
      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  2. Re:All this will do... by FidelCatsro · · Score: 2, Informative

    Most probably will , it will also screw over any OSS drivers which don't originate from Companies

    --
    The only things certain in war are Propaganda and Death. You can never be sure which is which though
  3. You will be able to disable verification by aapold · · Score: 3, Informative

    Its in the white paper attatched. Is it perfect? no... but it won't absolutely prevent you from doing stuff. Here's the relevent text:


    How to Disable Signature Enforcement during Development
    During the early stages of development, developers can disable enforcement in Windows so that driver signing is not necessary. The following options are available for developers to disable digital signature enforcement temporarily so that Windows will load an unsigned driver.
    Attaching a kernel debugger. Attaching an active kernel debugger to the target computer disables the enforcement module in Windows Vista and allows the driver to load.
    Using the F8 option. An F8 boot option introduced with Windows Vista--"Disable Driver Signature Enforcement"--is available to disable the kernel-signing enforcement only for the current boot session. This setting does not persist across boot sessions.
    Setting the boot configuration. A boot configuration setting is available for prerelease builds that allows the suppression of the enforcement module in Windows to be persisted across boot sessions. Windows Vista includes a command-line tool, BCDedit, which can be used to set this option. To use BCDedit, the user must have Elevated User or Administrator privileges on the system. The most straightforward approach is to create a desktop shortcut to cmd.exe, and then right-click -> Run Elevated. The following shows an example of running BDCedit at the command prompt:

    // Disable enforcement - no signing checks
    Bcdedit.exe -set nointegritychecks ON

    // Enable enforcement - signing checks apply
    Bcdedit.exe -set nointegritychecks OFF


    // Disabling integrity check on an alternate OS
    // specified by a GUID for the system ID
    Bcdedit.exe -set {4518fd64-05f1-11da-b13e-00306e386aee} nointegritychecks ON

    --
    "Waste not one watt!" - CZ
  4. Re:Not true... by 99BottlesOfBeerInMyF · · Score: 5, Informative

    if you actually read the MSDN page on this subject you will find that non administrators will be prevented from installing unsigned drivers.

    This is not true. From the article, "Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems." On 32 bit systems, only admins can load unsigned drivers. on 64-bit, no one can.

  5. Re:Not true... by ScriptedReplay · · Score: 2, Informative
    if you actually read the MSDN page on this subject you will find that non administrators will be prevented from installing unsigned drivers... so not unlike many OSS OS's... you just need to SU or runas up to a root/Administrators account and install you drivers and then revert back to your normal privileges.

    Which part of

    Note: Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems. This applies for any software module that loads in kernel mode, including device drivers, filter drivers, and kernel services.

    did you fail to understand? I'm guessing all of it.
  6. There's always a loop hole by RingDev · · Score: 2, Informative

    As per TFA:

    "Included in this white paper: ...
    How to Disable Signature Enforcement during Development"

    We'll have to see what the WDK offers when it becomes available.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  7. Re:All this will do... by Randolpho · · Score: 3, Informative

    Actually, nearly all hardware emulation drivers, along with most general purpose device drivers, can still be unsigned.

    I suggest folks RTFA. Hell, just read the tagline for /. article. It says "kernel mode", folks, not "user mode". You need a digital signature to write kernel-mode drivers (and, BTW, to stream protected content), but user-mode unlicensed drivers are fair game.

    Frankly, IMO, most drivers *should* be user-mode -- if you're writing your driver in kernel mode, you should re-think your design. Yeah, there's always the necessary exception, but if it's that important, go get a digital signature.

    --
    "Times have not become more violent. They have just become more televised."
    -Marilyn Manson
  8. Re:Not true... by Randolpho · · Score: 2, Informative

    You should try reading *more* of the article. User-mode drivers (which most drivers *should* be) are still fair game. It's only kernel-mode that's at issue, and they're only really necessary for stringent timing requirements and legacy hardware.

    --
    "Times have not become more violent. They have just become more televised."
    -Marilyn Manson
  9. Re:I'm not sure it'll even do that. by bfizzle · · Score: 2, Informative

    OpenVPN doesn't use kernel-mode drivers so this would not bother them one bit.

  10. Re:Not true... by 99BottlesOfBeerInMyF · · Score: 4, Informative

    User-mode drivers (which most drivers *should* be) are still fair game. It's only kernel-mode that's at issue, and they're only really necessary for stringent timing requirements and legacy hardware.

    Except for drivers for "CD-ROM, disk drivers, ATA/ATAPI controllers, mouse and other pointing devices, SCSI and RAID controllers, and system devices." as the article says. I'd say that is a good portion of the drivers, wouldn't you?

  11. It just has to be signed by kawika · · Score: 2, Informative

    Did I read the white paper wrong? It just said the driver had to be signed, not that it had to be WHQL. I don't think this particular requirement is being implemented for reliability reasons, but for accountability reasons. With a signed driver you know where it came from--that's it. No guarantee of quality or even security, but at least you know who to blame when the driver has problems.

  12. Re:All this will do... by mrchaotica · · Score: 3, Informative

    No, it'll screw over all OSS drivers in general, because if you modify it, it won't work anymore. It defeats the entire point of having the source code in the first place!

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  13. And doing so would be COMPLETELY USELESS by mrchaotica · · Score: 2, Informative

    Because if anyone wants to actually excercise their rights under any open source license (i.e. wants to modify the software for any reason), the key won't work!!

    I don't know why I keep having repeat myself to get people to understand this; it's an obvious and logical consequence of signed software:

    If you try to modify signed software, it's not signed anymore. In other words, ALL Free Software WILL NOT WORK if signing is required!!

    There are NO exceptions to this.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  14. Old story by sunderland56 · · Score: 2, Informative
    Microsoft has been saying this for many years now (XP, Win2K at least). As each release date nears, and the number of signed drivers is pitifully small, they drop the requirement.

    There will be some way of loading unsigned drivers. If not, it will be basically impossible to write a driver - since there will be no way of loading it for debug/test. (Unless you really want to go through the pain of signing every single debug build you make). My bet is there will be some "secret" registry key turned on by the DDK - which will stay secret for about an hour. After that, everyone will be able to load unsigned drivers.

  15. Re:I'm not sure it'll even do that. by caseih · · Score: 2, Informative

    Actually OpenVPN does require the tun/tap interface, which is supplied by another opensource driver that creates a virtual device. So it very much will be affected.