Slashdot Mirror
Windows Vista x64 To Require Signed Drivers
Anonymous Coward writes "With little fanfare, Microsoft just announced that the x64 version of Windows Vista will require all kernel-mode code to be digitally signed. This is very different than the current WHQL program, where the user ultimately decides how they want to handle unsigned drivers. Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. Microsoft says they won't charge for it, but they require that you have a Class 3 Commercial Software Publisher Certificate from Verisign. This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities."
All this is going to do is prevent software that emulate hardware (Daemon Tools for example) from working properly under Vista. As I recall these types of software pretend to be hardware using unsigned drivers, so this won't work unless they get the drivers signed somehow. Looks like a way to enforce DRM to me.
Next, applications? I'm not sure how they'll deal with developer machines, but then again, that problem should apply for drivers too. It's not really a slippery slope. They've been doing it on the xbox for years, after all. It's not so much the money as the control they have to vet everything that can run on their system.
The summary is a bit brief (as well as being plagarized verbatim from OSNews.com, but a brief perusal of the cited Microsoft article is rather illuminating:
It would seem that Microsoft cares more about the profits of the record companies than it does about the ability of its users to be able to use its software. Just one more reason to switch to Linux.
____
~ |rip/\/\aster /\/\onkey
All I can say is what's probably come to everyone else's mind: the banging sound of hammer against coffin.
This will certainly quiet complaints about Windows' crashing (since many crashes are related to poorly written drivers, WHQL or not), but how did whomever thought this would be a good idea completely forget about the serious compatbility issues that this will raise?
While I applaud the idea of signed drivers and the like, this looks like a very clever way to shut out OSS developers. Heck - some of the smaller commercial outfits might even balk at having to spend that kind of money on the certificate.
What pains me is knowing full well that this really won't necessarily increase the quality of the drivers, though. So they're signed. So what? All this might do is delay upgrades, if anything.
You can accomplish anything you set your mind to. The impossible just takes a little longer.
Its in the white paper attatched. Is it perfect? no... but it won't absolutely prevent you from doing stuff. Here's the relevent text:
// Disable enforcement - no signing checks
// Enable enforcement - signing checks apply
// Disabling integrity check on an alternate OS
// specified by a GUID for the system ID
How to Disable Signature Enforcement during Development
During the early stages of development, developers can disable enforcement in Windows so that driver signing is not necessary. The following options are available for developers to disable digital signature enforcement temporarily so that Windows will load an unsigned driver.
Attaching a kernel debugger. Attaching an active kernel debugger to the target computer disables the enforcement module in Windows Vista and allows the driver to load.
Using the F8 option. An F8 boot option introduced with Windows Vista--"Disable Driver Signature Enforcement"--is available to disable the kernel-signing enforcement only for the current boot session. This setting does not persist across boot sessions.
Setting the boot configuration. A boot configuration setting is available for prerelease builds that allows the suppression of the enforcement module in Windows to be persisted across boot sessions. Windows Vista includes a command-line tool, BCDedit, which can be used to set this option. To use BCDedit, the user must have Elevated User or Administrator privileges on the system. The most straightforward approach is to create a desktop shortcut to cmd.exe, and then right-click -> Run Elevated. The following shows an example of running BDCedit at the command prompt:
Bcdedit.exe -set nointegritychecks ON
Bcdedit.exe -set nointegritychecks OFF
Bcdedit.exe -set {4518fd64-05f1-11da-b13e-00306e386aee} nointegritychecks ON
"Waste not one watt!" - CZ
Some software of that variety takes the approach of acting as an iSCSI device. So long as the OS has native iSCSI support, the application need not install its driver.
I'm considerably more worried about the impact on projects like OpenVPN.
That's it no open source drivers on Windows Vista.
It's not unlike the early "Analog Hole" legislation beinbg proposed by "Fritz" Hollings. The legislation attempted to link DRM and national security and, in one form, would have required a license to program a computer, possibly even certification of each binary prior to development.
The question is, how long until a workaround is found? When developing code I don't like the idea of signing each interim binary before testing it that would just lengthen the whole cycle pointlessly. Sooner or later somebody will find a way around this but not without much frustration, perhaps a specially signed "Developer Edition" of the OS.
No wonder there wasn't much fanfaire.
Does Microsoft even know the amount of drivers that ARE NOT signed?? This is stupid and it won't prevent anything. Is Microsoft going to look over thousands of drivers just to make sure they don't cause anything bad so they can put thier little WHQL seal and sign the blasted thing? What's to prevent someone from creating a hack that gets around this? Nothing. Why even try to do something like this? At least give users the option to screw up the system.
Gorkman
So, what's to stop me from replacing the certificate which comes with Windows with my own, and then just resigning all the drivers?
(Okay, the DMCA for one... grrr....)
I don't think this if going to make Windows unhackable until hardware support for the certs is added. (which is pretty close, I think...)
if you actually read the MSDN page on this subject you will find that non administrators will be prevented from installing unsigned drivers... so not unlike many OSS OS's... you just need to SU or runas up to a root/Administrators account and install you drivers and then revert back to your normal privileges.
It's just that easy!
Help Brendan pay off his student loans
Why is this so difficult for so many people to figure out? Microsoft doesn't want to play favorites in the x86 war. They don't want to say either "x86-64" or "EMT64" and offend the other chipmaker, so they just call it generic "x64". It's obvious.
As per TFA:
...
"Included in this white paper:
How to Disable Signature Enforcement during Development"
We'll have to see what the WDK offers when it becomes available.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
This is the beginning of microsoft's death. Anyone who's read "In the beginning was the command line" by Neal Stephenson should recognize these early signs. It's the same reason apple never got really big: they used proprietary hardware and therefore limited the amount of users that could use their OS. Therefore, prices stayed relatively high, and most users chose the more flexible PC platform. Microsoft is requiring their users to use (sort of) proprietary software and drivers. This will of course result in the fact that other (more flexible) OS's will become more popular. I'm just now getting to see the usefulness in Linux. I've used it off and on for the past 6 years, but now it's getting to the point where my machine is in Linux mode for a week at a time before I need to do some Maple or Matlab stuff. All I can say is that I will most definitely have a dual-boot system from now on, and that the more restrictive MS gets, the more I will stay in Linux to rip MY OWN FRIGGIN CD's and whatever else they consider potentially unlawful at MS. It's a self-stabilizing situation within the market, so don't worry too much about it. It's the beginning of a new era where Windows will not have the majority of the market.
Read on, it says that the BCDEDIT option will be removed before final Vista code ships, perhaps as early as Vista RC1.
Did I read the white paper wrong? It just said the driver had to be signed, not that it had to be WHQL. I don't think this particular requirement is being implemented for reliability reasons, but for accountability reasons. With a signed driver you know where it came from--that's it. No guarantee of quality or even security, but at least you know who to blame when the driver has problems.
If all the drivers are signed with certs, does that mean I can maintain a black list of driver manufacturers that I don't want to install on my machine? For example, Sony's rootkit driver? :)
Kormac
Why not on the 32bit version ?
This doesn't make any sense to me.
Alexis 'jeriqo' BRET
what is fantastic about this is that it will prevent nafarious entities from installing low level code or drivers. it will also create a chain of accountability for the software running on users machines.
/clap
admittedly, five hundred dollars isn't a great deal - but as an end user i'd rather know where my software is coming from.
what's amusing about this is that when windows 2000 introduced code signing, a lot of people got upset saying that msft would use it as a way to control who could develop software for windows. fortunately, signing has not been used as an anti-competitive tool, rather it's now being used to protect us from malware.
Because if anyone wants to actually excercise their rights under any open source license (i.e. wants to modify the software for any reason), the key won't work!!
I don't know why I keep having repeat myself to get people to understand this; it's an obvious and logical consequence of signed software:
If you try to modify signed software, it's not signed anymore. In other words, ALL Free Software WILL NOT WORK if signing is required!!
There are NO exceptions to this.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
You do realize that to hack the Treacherous Computing system, you need either a multi-million dollar laboratory to disassemble the chip and read the key directly from the circuits, or a spy to steal the master key directly from Microsoft (or Verisign or whoever), right?
Oh, and by the way: once you go to all this trouble to get the key, they can just use Remote Attestation to disable it (along with the hardware itself).
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
This not only means that you can't have third-party drivers, it ALSO means you can't have 1st party drivers from start-ups. It effectively prohibits anyone new from entering the hardware arena.
But there's more! Although Microsoft's license is "free", they aren't necessarily going to give a license to everyone. Thus, they can effectively ban technology they don't like. Blu-Ray vs. HD-DVD is going to be the shortest battle on record, if all it will take is for Microsoft to prohibit rival systems running on "their" desktops.
There is a way round the problem, but it puts you at risk from the DMCA as (by definition) it is circumventing security technology. By having a hypervisor-like OS running at the lowest level, and then having Vista run on top of that, you can make any piece of physical hardware look like any other piece of hardware that you like. Nothing Vista can do about it, as it can't see the hardware directly, all it can see is the results of pushing data of one type in one direction, then pulling data of another type in the opposite direction.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
There will be some way of loading unsigned drivers. If not, it will be basically impossible to write a driver - since there will be no way of loading it for debug/test. (Unless you really want to go through the pain of signing every single debug build you make). My bet is there will be some "secret" registry key turned on by the DDK - which will stay secret for about an hour. After that, everyone will be able to load unsigned drivers.
Currently it's possible to read/write ext3 volumes from Windows XP using an installable file system (IFS) driver.
Will this be a thing of the past after Longhorn ships?
Nowhere in US copyright law does it say anything remotely like this -- no matter how much the publishers wish it did. The real reality is that ideas are not property, except in the sense that they belong to the culture as a whole. The foundation of copyright law is based on a social contract designed to promote the general welfare (i.e. Common Good), not to give creators and/or publishers any kind of entitlement! That's why copyright expires, if you couldn't figure it out before. Copyright is actually a lease -- artists lease a monopoly from the government for a period of time (originally 14 years), and make payment in the form of the creative work itself.That's completely and utterly false -- the courts have struck down many less insane restrictions (by the way, did you ever hear of Betamax?).
Here's the bottom line: There's no such thing as a "content owner," what you call "media" is actually our culture (which everyone has a right to experience), and the social contract whereby we (as citizens) allow artists to enjoy monopoly status is revokable by the people, if the artists fail to hold up their end of the bargain. Although many don't agree with me yet, I believe this has already happened.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Drivers aren't the biggest security issue - as incompleted TCP handshakes were not.
This is for Disney's "security" - not ours. Like the "USA Patriot" act: the target of the restriction is the average person, not the "evildoer".
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
For those that cannot or did not RTFA, here is a quote from the article that clearly states this topic is not just about DRIVERS:
:-)
------
"Digital signatures allow the administrator or end user who is installing Windows-based software to know whether a legitimate publisher has provided the software package."
Nuff said
This has been another valuable and informative opinion from:
Catahoula!
So, about the whole $500 deal in order to get your drivers signed...why couldn't the GNU community or someone buy one. Then, when someone comes out with some nice piece of code submit it to the owners. Then, he or she could get it signed and distribute the signed code? Or is that somewhere on page 17623875 of the EULA?
It isn't clear yet that they are trying to *securely* prevent loading unsigned drivers into the kernel. There might just be a config setting or other toggle that hackish users can flip to load unsigned code into the kernel.
In fact it would seem they would have to have such a toggle. Otherwise how are even commercial software companies supposed to develop this code? Not only would it be a pain to sign the driver every time you are testing the latest code changes it would require giving access to the signing keys to whoever compiles a kernel extension.
As an aside this scheme seems totally useless for the proposed purpose. The makers of malware are just going to steal a legitamate software developers secret key and sign their code with that. MS won't be able to anything because tons of people will be mad if windows update breaks their computer. However, I don't know whether to credit this to stupidity or malicousness (just want to make it difficult for normal people to use OSS kernel level code).
If you liked this thought maybe you would find my blog nice too: