Windows Vista x64 To Require Signed Drivers 326
Anonymous Coward writes "With little fanfare, Microsoft just announced that the x64 version of Windows Vista will require all kernel-mode code to be digitally signed. This is very different than the current WHQL program, where the user ultimately decides how they want to handle unsigned drivers. Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. Microsoft says they won't charge for it, but they require that you have a Class 3 Commercial Software Publisher Certificate from Verisign. This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities."
All this will do... (Score:5, Interesting)
Re:All this will do... (Score:3, Informative)
Re:All this will do... (Score:4, Informative)
Re:All this will do... (Score:3, Insightful)
The infrastructure for signing drivers has been in place for years, anyone with a CA can sign them, and it's up to the user to decide whether he trusts the signer. I think Windows Data Center 2003 actually forbids unsigned drivers already.
Now, if microsoft is requiring kernel drivers to be signed *and* requiring they be signed by WHQL *and* failing to get all the drivers anyone would care about out of ke
I'm not sure it'll even do that. (Score:4, Interesting)
I'm considerably more worried about the impact on projects like OpenVPN [openvpn.net].
Re:I'm not sure it'll even do that. (Score:3, Informative)
Re:I'm not sure it'll even do that. (Score:3, Informative)
Re:All this will do... (Score:3, Interesting)
I have a software consulting business. This is a legal entity that would have a clear justification for getting a Commercial Software Publisher Certificate from Verisign. That would allow me to get the Publisher Identity Certificate from Microsoft. With that, I could compile and sign any open source project I wanted to help out. See how easy it is?
Re:All this will do... (Score:3, Insightful)
Second, if we (collectively) don't do something about this now, in a few years it will be too late: a large enough percentage of hardware will be Treacherous that the RIAA/MPAA/BSA/Microsoft will be able to buy a law making non-Treacherous hardware and soft
Re:All this will do... (Score:3, Interesting)
Do you frequently need to modify drivers you get from third parties? I'm not in favor of removing control from the user, but I also have a hard time finding a way this would impact me in real life. I don't use Windows for any serious work anyway, so that may be a factor in my view of this not being a real problem.
Re:All this will do... (Score:2)
Did you actually read my post? I explained this:
and:
In other words, y
Not true... (Score:2, Insightful)
It's just that easy!
Re:Not true... (Score:5, Informative)
if you actually read the MSDN page on this subject you will find that non administrators will be prevented from installing unsigned drivers.
This is not true. From the article, "Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems." On 32 bit systems, only admins can load unsigned drivers. on 64-bit, no one can.
Re:Not true... (Score:3, Informative)
Re:Not true... (Score:5, Informative)
User-mode drivers (which most drivers *should* be) are still fair game. It's only kernel-mode that's at issue, and they're only really necessary for stringent timing requirements and legacy hardware.
Except for drivers for "CD-ROM, disk drivers, ATA/ATAPI controllers, mouse and other pointing devices, SCSI and RAID controllers, and system devices." as the article says. I'd say that is a good portion of the drivers, wouldn't you?
Re:Not true... (Score:2)
You're neglecting one important fact... (Score:5, Insightful)
This not only means that you can't have third-party drivers, it ALSO means you can't have 1st party drivers from start-ups. It effectively prohibits anyone new from entering the hardware arena.
But there's more! Although Microsoft's license is "free", they aren't necessarily going to give a license to everyone. Thus, they can effectively ban technology they don't like. Blu-Ray vs. HD-DVD is going to be the shortest battle on record, if all it will take is for Microsoft to prohibit rival systems running on "their" desktops.
There is a way round the problem, but it puts you at risk from the DMCA as (by definition) it is circumventing security technology. By having a hypervisor-like OS running at the lowest level, and then having Vista run on top of that, you can make any piece of physical hardware look like any other piece of hardware that you like. Nothing Vista can do about it, as it can't see the hardware directly, all it can see is the results of pushing data of one type in one direction, then pulling data of another type in the opposite direction.
Re:Not true... (Score:2)
Re:Not true... (Score:3, Informative)
Which part of
Re:All this will do... (Score:2)
Re:All this will do... (Score:4, Informative)
I suggest folks RTFA. Hell, just read the tagline for
Frankly, IMO, most drivers *should* be user-mode -- if you're writing your driver in kernel mode, you should re-think your design. Yeah, there's always the necessary exception, but if it's that important, go get a digital signature.
First they lock out open source drivers (Score:3, Insightful)
Re:First they lock out open source drivers (Score:2)
http://it.slashdot.org/comments.pl?sid=174830&cid
It's all about the DRM. (Score:5, Informative)
The summary is a bit brief (as well as being plagarized verbatim from OSNews.com, but a brief perusal of the cited Microsoft article is rather illuminating:
It would seem that Microsoft cares more about the profits of the record companies than it does about the ability of its users to be able to use its software. Just one more reason to switch to Linux [bellevuelinux.org].
Re:It's all about the DRM. (Score:3, Interesting)
I would have to see how it plays out at the application level to know more. Can I use the Windows API and play a CD's audio tracks from a home brew
Re:It's all about the DRM. (Score:3, Insightful)
The Windows API will have very little to do with it. Basically, it'll depend on what you want to do.
For example, just sending the audio to the "Trusted" (i.e. restricted) output devices will work, but "faking" the hardware so as to capture the digital stream to use for Fair Use won't (this is exactly why they're requiring all drivers to be cryptographically signed).
And there won't be a damn thing you can do about it!
Re:It's all about the DRM. (Score:5, Funny)
-Rick
Re:It's all about the DRM. (Score:2)
I'll bet you $1000 that everthing I said will happen within the next 10 years, unless there's some radical change in the US Government's attitude towards corporations and "Intellectual Property [sic]."
Re:It's all about the DRM. (Score:4, Insightful)
So we should have to wait all of what, negative five minutes?
Seriously. This just copy protection at the OS level. People break game copy protection all the time. People will find a security hole in Vista and use it to do the exact same thing (where's the statement that tests the signed condition... yes some nops there would do nicely) and it'll be wide open again. In the worst case there is always the ability of something like a mod chip to alter signals on the fly. I'd have faith if the hardware gurus can do it to a Xbox they can do it to a PC.
It is as bad as MMO makers claiming they're going to detect and ban bots. If my bot is a linux router with a usb hookup and a "keyboard" program running to feed "user interaction" to the game-running windows machine, they can't detect it. To them nothing is out of the ordinary. Sure, you have to decode the packet stream but that isn't
Re:It's all about the DRM. (Score:3, Interesting)
Yeah, for now. By the time Vista actually ships, it'll probably be at the hardware level (via a Treacherous Computing chip).
Do you know what those signals are? They're public-key cryptography calculations. You don't know the key, so any kind of modchip is USELESS!
The Xbox didn
Re:It's all about the DRM. (Score:3, Informative)
There isn't a downside if you have the master key. However, read the following sentences very, very carefully:
Treacherous Computing is explicitly designed to be secure against YOU, the user.
YOU WILL NOT HAVE THE MASTER KEY, because it defeats the entire reason for the system's existence!
Re:It's all about the DRM. (Score:2)
It's not just that. There is all sorts of common and cool things which require access to the raw audio. Wanted to try out that cool new audio visualization plugin? Sorry. A cross-fade plugin? Nope, can't do it. Normalize the volume? That's a no
Re:It's all about the DRM. (Score:2)
It was a farce when Ballmer first said it, too.
HA! You wish! First of all, OSX is going to be Treacherous too. Second, Linux will be illegal along with everything non-Treacherous because it will obviously* be used only by "pirates" a
Re:It's all about the DRM. (Score:2)
That's what I want to know. The DRIVER has to be signed, but how
Re:It's all about the DRM. (Score:2)
> Jews to wear stars, either.
Debating tip for the day - gratuitous Nazi references make you look like a raving lunatic.
To be honest... (Score:2)
From the standpoint of someone who ran Linux as his primary desktop OS since 1992/1993 (until switching to OSX), I still just don't care. DRM sucks. But I am neither in a place to do anything about it, nor do I have enough free time to
Re:To be honest... (Score:2)
> of stealing media content (regardless of the BS the people who
> make excuses spout), so be it. At least I'll be able to watch
> TV once in a while without being subjected to the crap Comcast
> and DirecTV offer right now.
At the risk of over-using a stale old cliche, you just don't get it, do you?! That DVR software you will want to use that ignores the content-provider-mandated self-destruct time limit on recorded shows (so that
Re:To be honest... (Score:2)
Re:To be honest... (Score:2)
The good of it is that for 24 hours I at least have access to it on there.
You and the other reply to my post are the ones who don't get it -- you have the option of either having it their way or not having it. And some people *want* it.
Changing the laws to restrict that sort of thing is a different issue all together. I don't like DRM laws any more than any of the more radical left wing hippie techno-elites on here, but I can at least recognize that the current regulatory environment
Re:To be honest... (Score:4, Insightful)
Nowhere in US copyright law does it say anything remotely like this -- no matter how much the publishers wish it did. The real reality is that ideas are not property, except in the sense that they belong to the culture as a whole. The foundation of copyright law is based on a social contract designed to promote the general welfare (i.e. Common Good), not to give creators and/or publishers any kind of entitlement! That's why copyright expires, if you couldn't figure it out before. Copyright is actually a lease -- artists lease a monopoly from the government for a period of time (originally 14 years), and make payment in the form of the creative work itself.That's completely and utterly false -- the courts have struck down many less insane restrictions (by the way, did you ever hear of Betamax?).
Here's the bottom line: There's no such thing as a "content owner," what you call "media" is actually our culture (which everyone has a right to experience), and the social contract whereby we (as citizens) allow artists to enjoy monopoly status is revokable by the people, if the artists fail to hold up their end of the bargain. Although many don't agree with me yet, I believe this has already happened.
Bigger fish to fry (Score:2)
Re:Bigger fish to fry (Score:2)
Be warned: as soon as the majority of people get machines capable of running Vista (or Mac OS for x86), we will see more and more applications requiring the Treachery chip to be turned on, and Free Software will be more and more marginalized until they finally make it illegal to use (since only "ter'rists" don't want to be slaves to the corporations).
Re:It's all about the DRM. (Score:2)
From the nail-in-the-coffin department... (Score:5, Insightful)
This will certainly quiet complaints about Windows' crashing (since many crashes are related to poorly written drivers, WHQL or not), but how did whomever thought this would be a good idea completely forget about the serious compatbility issues that this will raise?
Re:From the nail-in-the-coffin department... (Score:2)
You're kidding, right?
At least it will mean that we can blame Microsoft for driver crashes now though.
Re:From the nail-in-the-coffin department... (Score:3, Insightful)
Ooh lovely (Score:5, Insightful)
What pains me is knowing full well that this really won't necessarily increase the quality of the drivers, though. So they're signed. So what? All this might do is delay upgrades, if anything.
Re:Ooh lovely (Score:3, Interesting)
Yes, because $500 a year will easily put any corporation out of business.
I, for one, think this is great. It now *forces* companies like Creative, NVidia, ATI, RealTek, and other big hardware vendors to make their drivers go through and pass Windows Hardware Quality Labs testing. I know that doesn't guarantee it 100% perfectly working driver, but in my experience it does mean generally bett
It just has to be signed (Score:3, Informative)
Re:It just has to be signed (Score:2)
Re:Ooh lovely (Score:2)
Firstly, the "community" here is just that - a community. Made up of more than one individual. There's nothing hypocritical in the slightest about different people having different opinions on a s
Re:Ooh lovely (Score:2)
How do you get "any corporation" from "some of the smaller commercial outfits"?
Re:Ooh lovely (Score:2)
I don't think anyone here is crying a river over nVidia having to pay a fee and get a certification or do anything like that. I believe what we are concerned about is that this gives users decreasingly fewer
Re:Ooh lovely (Score:2, Insightful)
WHQL testing does not lead to better d
Re:Ooh lovely (Score:2)
http://it.slashdot.org/comments.pl?sid=174830&cid
GPL 3 (Score:2)
Individual OSS developers might be out of luck, but any project that is used by a significant number of people can either get the certificate or find someone who will help them out like I outlined in another comment.
Not under the current draft of the GNU General Public License version 3, which considers the private signing key to be part of the Complete Corresponding Source Code.
Re:GPL 3 (Score:2)
And doing so would be COMPLETELY USELESS (Score:3, Informative)
I don't know why I keep having repeat myself to get people to understand this; it's an obvious and logical consequence of signed software:
If you try to modify signed software, it's not signed anymore. In other words, ALL Free Software WILL NOT WORK if signing is required!!
There are NO exceptions to this.
You will be able to disable verification (Score:4, Informative)
How to Disable Signature Enforcement during Development
During the early stages of development, developers can disable enforcement in Windows so that driver signing is not necessary. The following options are available for developers to disable digital signature enforcement temporarily so that Windows will load an unsigned driver.
Attaching a kernel debugger. Attaching an active kernel debugger to the target computer disables the enforcement module in Windows Vista and allows the driver to load.
Using the F8 option. An F8 boot option introduced with Windows Vista--"Disable Driver Signature Enforcement"--is available to disable the kernel-signing enforcement only for the current boot session. This setting does not persist across boot sessions.
Setting the boot configuration. A boot configuration setting is available for prerelease builds that allows the suppression of the enforcement module in Windows to be persisted across boot sessions. Windows Vista includes a command-line tool, BCDedit, which can be used to set this option. To use BCDedit, the user must have Elevated User or Administrator privileges on the system. The most straightforward approach is to create a desktop shortcut to cmd.exe, and then right-click -> Run Elevated. The following shows an example of running BDCedit at the command prompt:
Bcdedit.exe -set nointegritychecks ON
Bcdedit.exe -set nointegritychecks OFF
Bcdedit.exe -set {4518fd64-05f1-11da-b13e-00306e386aee} nointegritychecks ON
You CANNOT do this in the production version (Score:5, Insightful)
Re:You CANNOT do this in the production version (Score:2)
Fortunately vista will be so stable you won't ever need to reboot.
[blink][blink]
must...keep...straight...face....
Re:You will be able to disable verification (Score:2)
What this is really about... (Score:2)
That's on all Vista systems, not just 'x64' systems (What the hell is 'x64'?). That means users won't get the benefit of frequent driver releases like they have now under XP, and won't be able to do what they like with their media. Also that people who pirate content will have hacked kernel binaries that bypass the signature check.
Hardly a big deal. Nobody is going to run Vista unless they want to shell out for an HDCP compatable monitor any
Re:What this is really about... (Score:2)
Re:What this is really about... (Score:2)
I asked that because nobody else calls it x64. Microsoft made that up. I know what they meant when they said it, but that doesn't make it right.
Re:What this is really about... (Score:2)
Re:What this is really about... (Score:2)
But what about those people at the middle or end of this year running out and buying brand new Dells and HPs for school or for Christmas loaded with....Windows Vista? These users don't have a choice, unless they build their own machines or buy a Mac.
No Open Source for You! (Score:3, Interesting)
It's not unlike the early "Analog Hole" legislation beinbg proposed by "Fritz" Hollings. The legislation attempted to link DRM and national security and, in one form, would have required a license to program a computer, possibly even certification of each binary prior to development.
The question is, how long until a workaround is found? When developing code I don't like the idea of signing each interim binary before testing it that would just lengthen the whole cycle pointlessly. Sooner or later somebody will find a way around this but not without much frustration, perhaps a specially signed "Developer Edition" of the OS.
No wonder there wasn't much fanfaire.
Re:No Open Source for You! (Score:2)
Second of all, can you say "encryption keys locked in the hardware?"
Third of all, can you say "remote attestation" (the process by which any hardware or software whose encryption has been hacked can be rendered inoperative by the Powers That Be remotely and instantly)?
With Treacherous Computing, Microsoft et. al. have found a DRM model that works because it's based on hardware. If you think there's going to be a workaround, you're deluding yourself.
STUPID (Score:5, Insightful)
Re:STUPID (Score:3, Interesting)
I think this was first tried with XP -- back in the XP beta days, it became clear to me that XP was designed to be wholly compatible with Dell hardware, but with other hardware you just *hoped* it worked right.
Re:STUPID (Score:2)
Re:STUPID (Score:2)
Of course they do. I bet they even know how much they charge to sign a driver too....
What about switching the root cert? (Score:4, Insightful)
So, what's to stop me from replacing the certificate which comes with Windows with my own, and then just resigning all the drivers?
(Okay, the DMCA for one... grrr....)
I don't think this if going to make Windows unhackable until hardware support for the certs is added. (which is pretty close, I think...)
Re:What about switching the root cert? (Score:2)
Likewise, all Microsoft and OEM files (google for 'SLP activation') are signed and messing with the certs will most likely render Windows unbootable.
A clean hack around the driver initialiser/installer is a better solution. Or switch to a FOSS OS.
Certs are pretty solid. Interpreter driver? (Score:2)
Re:What about switching the root cert? (Score:3, Interesting)
But reading through the paper, I don't see any particular restrictions on obtaining a PIC. It sounds like you just get your Verisign code signing cert and then do an automated process with Microsoft to get a PIC. So why couldn't on
Re:What about switching the root cert? (Score:2)
To get a PIC you likely have to sign a contract...
And I would expect that agreement would prevent you from signing just anybody's code.
So probably your risk would be getting sued for breach of contract.
-- John.
Re:What about switching the root cert? (Score:2)
There's always a loop hole (Score:3, Informative)
"Included in this white paper:
How to Disable Signature Enforcement during Development"
We'll have to see what the WDK offers when it becomes available.
-Rick
a shot in the foot (Score:4, Interesting)
Driver Blacklisting? (Score:2, Interesting)
Kormac
64bit ? (Score:3, Insightful)
This doesn't make any sense to me.
Re:64bit ? (Score:3, Insightful)
All drivers for 64-bit XP need to be rebuilt, since the 32-bit versions used with XP won't work in a 64-bit operating system. There are currently no 64-bit XP drivers to be backward-compatible with, so MS is setting the bar where it wants for all new drivers. They can't do the same with 32-bit because they have to be compatible with the unsigned 32-bit drivers already on the market for XP.
64-bit is the future of desktop computing, and MS doesn't want have to support unsigned driver
Good. (Score:3)
admittedly, five hundred dollars isn't a great deal - but as an end user i'd rather know where my software is coming from.
what's amusing about this is that when windows 2000 introduced code signing, a lot of people got upset saying that msft would use it as a way to control who could develop software for windows. fortunately, signing has not been used as an anti-competitive tool, rather it's now being used to protect us from malware.
Old story (Score:2, Informative)
There will be some way of loading unsigned drivers. If not, it will be basically impossible to write a driver - since there will be no way of loading it for debug/test. (Unless you really want to go through the pain of signing every single debug build you make). My bet is there will be some "secret" registry key turned on by the
Americans and UK Conservatives look away now (Score:2)
Why support Vista? (Score:2)
This time round Microsoft are faced by OS X which, thanks to iPod, is now routinely hailed as 'cool' and a Linux which is not only robust enough to be deployed in some businesses (Red Hat and SuSE) but also easy enough for your Na
The end of Installable File Systems? (Score:3, Insightful)
Will this be a thing of the past after Longhorn ships?
The bar for becoming a "commercial entity" is low (Score:3, Interesting)
Chill People (Score:3, Insightful)
In fact it would seem they would have to have such a toggle. Otherwise how are even commercial software companies supposed to develop this code? Not only would it be a pain to sign the driver every time you are testing the latest code changes it would require giving access to the signing keys to whoever compiles a kernel extension.
As an aside this scheme seems totally useless for the proposed purpose. The makers of malware are just going to steal a legitamate software developers secret key and sign their code with that. MS won't be able to anything because tons of people will be mad if windows update breaks their computer. However, I don't know whether to credit this to stupidity or malicousness (just want to make it difficult for normal people to use OSS kernel level code).
Re:why are they calling it x64? (Score:2, Insightful)
-Rick
Re:why are they calling it x64? (Score:4, Insightful)
Re:Generic wrapper driver. (Score:2)
Re:Generic wrapper driver. (Score:3, Interesting)
This is for Disney's "security" - not ours. Like the "USA Patriot" act: the target of the restriction is the average person, not the "evildoer".
Re:Hah! (Score:2)
Yes. The substantial majority of people who purchase a new computer (excluding Macs) after Vista is released will adopt it. You and I and the rest of Slashdot are in the minority when it comes to caring about DRM. The rest of the public simply doesn't, and they won't bat an eye at this restriction.
Re:Its okay (Score:3, Interesting)
Oh, and by the way: once you go to all this trouble to get the key, they can just use Remote Attestation to disable it (along with the hardware itself).
Certificate revocation (Score:2)
raise the $500 each year for the certificate and then each time you want your code signed, you upload it and its signed within minutes!
And watch the signing certificate be revoked for violation of the non-disclosure provisions of the certificate's terms of service.
Re:this must be (Score:2)
Re:Atrocious (Score:2)