Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Software IT

Windows Vista x64 To Require Signed Drivers 326

Anonymous Coward writes "With little fanfare, Microsoft just announced that the x64 version of Windows Vista will require all kernel-mode code to be digitally signed. This is very different than the current WHQL program, where the user ultimately decides how they want to handle unsigned drivers. Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. Microsoft says they won't charge for it, but they require that you have a Class 3 Commercial Software Publisher Certificate from Verisign. This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities."
This discussion has been archived. No new comments can be posted.

Windows Vista x64 To Require Signed Drivers

Comments Filter:
  • All this will do... (Score:5, Interesting)

    by ajiva ( 156759 ) on Monday January 23, 2006 @01:37PM (#14541388)
    All this is going to do is prevent software that emulate hardware (Daemon Tools for example) from working properly under Vista. As I recall these types of software pretend to be hardware using unsigned drivers, so this won't work unless they get the drivers signed somehow. Looks like a way to enforce DRM to me.
    • Most probably will , it will also screw over any OSS drivers which don't originate from Companies
      • by mrchaotica ( 681592 ) on Monday January 23, 2006 @02:42PM (#14542104)
        No, it'll screw over all OSS drivers in general, because if you modify it, it won't work anymore. It defeats the entire point of having the source code in the first place!
    • by cduffy ( 652 ) <charles+slashdot@dyfis.net> on Monday January 23, 2006 @01:45PM (#14541478)
      Some software of that variety takes the approach of acting as an iSCSI [wikipedia.org] device. So long as the OS has native iSCSI support [microsoft.com], the application need not install its driver.

      I'm considerably more worried about the impact on projects like OpenVPN [openvpn.net].
    • by qwijibo ( 101731 )
      Once this becomes an actual problem, someone will solve it. It's a nuisance at best.

      I have a software consulting business. This is a legal entity that would have a clear justification for getting a Commercial Software Publisher Certificate from Verisign. That would allow me to get the Publisher Identity Certificate from Microsoft. With that, I could compile and sign any open source project I wanted to help out. See how easy it is?
      • First of all, this is already an actual problem, because even if you -- the developer -- can compile and sign the software, nobody else can. You might as well just make it closed source, because the DRM won't allow anyone else to usefully edit it anyway!

        Second, if we (collectively) don't do something about this now, in a few years it will be too late: a large enough percentage of hardware will be Treacherous that the RIAA/MPAA/BSA/Microsoft will be able to buy a law making non-Treacherous hardware and soft
        • by qwijibo ( 101731 )
          What exactly can we do about it now? I'm not sure what you're thinking, but I've noticed that Microsoft doesn't care what I think. I doubt they care what the slashdot crowd thinks either.

          Do you frequently need to modify drivers you get from third parties? I'm not in favor of removing control from the user, but I also have a hard time finding a way this would impact me in real life. I don't use Windows for any serious work anyway, so that may be a factor in my view of this not being a real problem.
          • but I also have a hard time finding a way this would impact me in real life. I don't use Windows for any serious work anyway, so that may be a factor in my view of this not being a real problem.

            Did you actually read my post? I explained this:

            ...the RIAA/MPAA/BSA/Microsoft will be able to buy a law making non-Treacherous hardware and software (necessarily including all Free Software) illegal.

            and:

            ...the ISPs won't allow (either voluntarily or by law) non-Treacherous clients on the network.

            In other words, y

    • Not true... (Score:2, Insightful)

      by DaHat ( 247651 )
      if you actually read the MSDN page on this subject you will find that non administrators will be prevented from installing unsigned drivers... so not unlike many OSS OS's... you just need to SU or runas up to a root/Administrators account and install you drivers and then revert back to your normal privileges.

      It's just that easy!
      • Re:Not true... (Score:5, Informative)

        by 99BottlesOfBeerInMyF ( 813746 ) on Monday January 23, 2006 @02:06PM (#14541703)

        if you actually read the MSDN page on this subject you will find that non administrators will be prevented from installing unsigned drivers.

        This is not true. From the article, "Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems." On 32 bit systems, only admins can load unsigned drivers. on 64-bit, no one can.

        • Re:Not true... (Score:3, Informative)

          by Randolpho ( 628485 )
          You should try reading *more* of the article. User-mode drivers (which most drivers *should* be) are still fair game. It's only kernel-mode that's at issue, and they're only really necessary for stringent timing requirements and legacy hardware.
          • Re:Not true... (Score:5, Informative)

            by 99BottlesOfBeerInMyF ( 813746 ) on Monday January 23, 2006 @02:30PM (#14541976)

            User-mode drivers (which most drivers *should* be) are still fair game. It's only kernel-mode that's at issue, and they're only really necessary for stringent timing requirements and legacy hardware.

            Except for drivers for "CD-ROM, disk drivers, ATA/ATAPI controllers, mouse and other pointing devices, SCSI and RAID controllers, and system devices." as the article says. I'd say that is a good portion of the drivers, wouldn't you?

            • Yes, a good portion, but how many of those will actually need to be hardware emulated? Sure, maybe ramdisks and CD-emulation disks (a la Alchohol), but those I would say are the exception, not the norm.
            • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Monday January 23, 2006 @03:18PM (#14542487) Homepage Journal
              Since only commercial vendors can be licensed, any garage developer (Messers Hewlett and Packard, for example) can build their own hardware but NOT be licensed to produce a driver for it. Only a pre-existing commercial vendor can do that, and most won't unless you pay them.


              This not only means that you can't have third-party drivers, it ALSO means you can't have 1st party drivers from start-ups. It effectively prohibits anyone new from entering the hardware arena.


              But there's more! Although Microsoft's license is "free", they aren't necessarily going to give a license to everyone. Thus, they can effectively ban technology they don't like. Blu-Ray vs. HD-DVD is going to be the shortest battle on record, if all it will take is for Microsoft to prohibit rival systems running on "their" desktops.


              There is a way round the problem, but it puts you at risk from the DMCA as (by definition) it is circumventing security technology. By having a hypervisor-like OS running at the lowest level, and then having Vista run on top of that, you can make any piece of physical hardware look like any other piece of hardware that you like. Nothing Vista can do about it, as it can't see the hardware directly, all it can see is the results of pushing data of one type in one direction, then pulling data of another type in the opposite direction.

          • It's only kernel-mode that's at issue, and they're only really necessary for stringent timing requirements and legacy hardware.
            No, they're also necessary for preserving Fair Use by bypassing the draconian and totalitarian DRM that's built into the kernel!
      • Re:Not true... (Score:3, Informative)

        if you actually read the MSDN page on this subject you will find that non administrators will be prevented from installing unsigned drivers... so not unlike many OSS OS's... you just need to SU or runas up to a root/Administrators account and install you drivers and then revert back to your normal privileges.

        Which part of

        Note: Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems. This applies for any software module that loads in kernel mode, including device

    • Signed somehow? Why not just use normal channels -- all those signed drivers didn't fall from skies.
    • by Randolpho ( 628485 ) on Monday January 23, 2006 @02:18PM (#14541842) Homepage Journal
      Actually, nearly all hardware emulation drivers, along with most general purpose device drivers, can still be unsigned.

      I suggest folks RTFA. Hell, just read the tagline for /. article. It says "kernel mode", folks, not "user mode". You need a digital signature to write kernel-mode drivers (and, BTW, to stream protected content), but user-mode unlicensed drivers are fair game.

      Frankly, IMO, most drivers *should* be user-mode -- if you're writing your driver in kernel mode, you should re-think your design. Yeah, there's always the necessary exception, but if it's that important, go get a digital signature.
  • by etymxris ( 121288 ) on Monday January 23, 2006 @01:39PM (#14541397)
    Next, applications? I'm not sure how they'll deal with developer machines, but then again, that problem should apply for drivers too. It's not really a slippery slope. They've been doing it on the xbox for years, after all. It's not so much the money as the control they have to vet everything that can run on their system.
  • by TripMaster Monkey ( 862126 ) * on Monday January 23, 2006 @01:40PM (#14541406)

    The summary is a bit brief (as well as being plagarized verbatim from OSNews.com, but a brief perusal of the cited Microsoft article is rather illuminating:
    • Drivers must be signed for devices that stream protected content. This includes audio drivers that use Protected User Mode Audio (PUMA) and Protected Audio Path (PAP), and video device drivers that handle protected video path-output protection management (PVP-OPM) commands.
    • Unsigned kernel-mode software will not load and will not run on x64-based systems.
    • Note: Even users with administrator privileges cannot load unsigned kernel-mode code on x64-based systems. This applies for any software module that loads in kernel mode, including device drivers, filter drivers, and kernel services.
    (Boldface mine.)


    It would seem that Microsoft cares more about the profits of the record companies than it does about the ability of its users to be able to use its software. Just one more reason to switch to Linux [bellevuelinux.org].
    • I'm a pretty strong MS backer. All things considered they have done some amazing things and brought products to the people. But I must agree with you, by putting this limitation into applications it will likely drive a lot of the younger crowd, especially developers, to linux (the future of Ubuntu looks bright).

      I would have to see how it plays out at the application level to know more. Can I use the Windows API and play a CD's audio tracks from a home brew .Net app? Or do I need to create a corporate entity
      • Can I use the Windows API and play a CD's audio tracks from a home brew .Net app?

        The Windows API will have very little to do with it. Basically, it'll depend on what you want to do.

        For example, just sending the audio to the "Trusted" (i.e. restricted) output devices will work, but "faking" the hardware so as to capture the digital stream to use for Fair Use won't (this is exactly why they're requiring all drivers to be cryptographically signed).

        And there won't be a damn thing you can do about it!

        If the

        • by RingDev ( 879105 ) on Monday January 23, 2006 @02:48PM (#14542166) Homepage Journal
          Wow, I'd rate you +1 insightful just for cramming all that FUD into one post. Well done!

          -Rick
          • That was not FUD; I sincerely believe it!

            I'll bet you $1000 that everthing I said will happen within the next 10 years, unless there's some radical change in the US Government's attitude towards corporations and "Intellectual Property [sic]."
        • by Rhys ( 96510 ) on Monday January 23, 2006 @03:32PM (#14542616)
          And there won't be a damn thing you can do about it until someone finds the first security exploit in the OS!

          So we should have to wait all of what, negative five minutes?

          Seriously. This just copy protection at the OS level. People break game copy protection all the time. People will find a security hole in Vista and use it to do the exact same thing (where's the statement that tests the signed condition... yes some nops there would do nicely) and it'll be wide open again. In the worst case there is always the ability of something like a mod chip to alter signals on the fly. I'd have faith if the hardware gurus can do it to a Xbox they can do it to a PC.

          It is as bad as MMO makers claiming they're going to detect and ban bots. If my bot is a linux router with a usb hookup and a "keyboard" program running to feed "user interaction" to the game-running windows machine, they can't detect it. To them nothing is out of the ordinary. Sure, you have to decode the packet stream but that isn't /that/ hard. The information MMOs send isn't that different from what MUDs send, and people have been scripting those for years. The best the MMO maker can do is use hieuristics to watch for "bot-like" behavior but even that is questionable at best. (I'm sure I look like a bot by about 2 am if I'm up playing that late)
          • This just copy protection at the OS level.

            Yeah, for now. By the time Vista actually ships, it'll probably be at the hardware level (via a Treacherous Computing chip).

            In the worst case there is always the ability of something like a mod chip to alter signals on the fly.

            Do you know what those signals are? They're public-key cryptography calculations. You don't know the key, so any kind of modchip is USELESS!

            I'd have faith if the hardware gurus can do it to a Xbox they can do it to a PC.

            The Xbox didn

        • For example, just sending the audio to the "Trusted" (i.e. restricted) output devices will work, but "faking" the hardware so as to capture the digital stream to use for Fair Use won't (this is exactly why they're requiring all drivers to be cryptographically signed).

          It's not just that. There is all sorts of common and cool things which require access to the raw audio. Wanted to try out that cool new audio visualization plugin? Sorry. A cross-fade plugin? Nope, can't do it. Normalize the volume? That's a no
          • Didn't Microsoft's mantra used to be "Developers! Developers! Developers!"? Not any more apparently.

            It was a farce when Ballmer first said it, too.

            MS want's to tell all the small developers to fuck off and go to a different platform, great. That just means all the cool audio apps will be on Linux and OSX in the future.

            HA! You wish! First of all, OSX is going to be Treacherous too. Second, Linux will be illegal along with everything non-Treacherous because it will obviously* be used only by "pirates" a

          • "It's not just that. There is all sorts of common and cool things which require access to the raw audio. Wanted to try out that cool new audio visualization plugin? Sorry. A cross-fade plugin? Nope, can't do it. Normalize the volume? That's a no-no now. Because the only way for restricted audio to work is if you make sure that no third-party code ever gets access to the raw audio. They are now basically restricted to writing glorified remotes."

            That's what I want to know. The DRIVER has to be signed, but how
        • > I'm sure it wasn't that bad when the NAZIs started forcing the
          > Jews to wear stars, either.

          Debating tip for the day - gratuitous Nazi references make you look like a raving lunatic.
    • If it means I can get DirecTV feeds and QAM via CableCard into my computer, I'll put up with it. I don't own a modern PC -- I have a cobbled together six year old system running MCE 2005 I got from my MSDN account just to see how it works with my 360. Very well, I have to say.

      From the standpoint of someone who ran Linux as his primary desktop OS since 1992/1993 (until switching to OSX), I still just don't care. DRM sucks. But I am neither in a place to do anything about it, nor do I have enough free time to
      • > If it means I can't load software that has the primary purpose
        > of stealing media content (regardless of the BS the people who
        > make excuses spout), so be it. At least I'll be able to watch
        > TV once in a while without being subjected to the crap Comcast
        > and DirecTV offer right now.

        At the risk of over-using a stale old cliche, you just don't get it, do you?! That DVR software you will want to use that ignores the content-provider-mandated self-destruct time limit on recorded shows (so that
      • What good is getting digital cable content on your computer when the Broadcast Flag (which all "Trusted" hardware and software will support) tells your computer to delete it after 24 hours, disallows copying onto an iPod/PSP, etc?
        • Thats a stupid question.

          The good of it is that for 24 hours I at least have access to it on there.

          You and the other reply to my post are the ones who don't get it -- you have the option of either having it their way or not having it. And some people *want* it.

          Changing the laws to restrict that sort of thing is a different issue all together. I don't like DRM laws any more than any of the more radical left wing hippie techno-elites on here, but I can at least recognize that the current regulatory environment
  • by pdbogen ( 596723 ) <tricia-slashdot@@@cernu...us> on Monday January 23, 2006 @01:40PM (#14541407)
    All I can say is what's probably come to everyone else's mind: the banging sound of hammer against coffin.
    This will certainly quiet complaints about Windows' crashing (since many crashes are related to poorly written drivers, WHQL or not), but how did whomever thought this would be a good idea completely forget about the serious compatbility issues that this will raise?
  • Ooh lovely (Score:5, Insightful)

    by JediTrainer ( 314273 ) on Monday January 23, 2006 @01:41PM (#14541428)
    While I applaud the idea of signed drivers and the like, this looks like a very clever way to shut out OSS developers. Heck - some of the smaller commercial outfits might even balk at having to spend that kind of money on the certificate.

    What pains me is knowing full well that this really won't necessarily increase the quality of the drivers, though. So they're signed. So what? All this might do is delay upgrades, if anything.
    • Re:Ooh lovely (Score:3, Interesting)

      by Swamii ( 594522 )
      Heck - some of the smaller commercial outfits might even balk at having to spend that kind of money on the certificate.

      Yes, because $500 a year will easily put any corporation out of business.

      I, for one, think this is great. It now *forces* companies like Creative, NVidia, ATI, RealTek, and other big hardware vendors to make their drivers go through and pass Windows Hardware Quality Labs testing. I know that doesn't guarantee it 100% perfectly working driver, but in my experience it does mean generally bett
      • by kawika ( 87069 )
        Did I read the white paper wrong? It just said the driver had to be signed, not that it had to be WHQL. I don't think this particular requirement is being implemented for reliability reasons, but for accountability reasons. With a signed driver you know where it came from--that's it. No guarantee of quality or even security, but at least you know who to blame when the driver has problems.

      • I find it both ironic and hypocritical that the community here is constantly bashing corporate America; that is, until Microsoft makes certain corporations pay to make get their system-critical software tested and verified. Oh, then we're all sad for those poor corporations that have to pay $500 a year. Mercy me...

        Firstly, the "community" here is just that - a community. Made up of more than one individual. There's nothing hypocritical in the slightest about different people having different opinions on a s
      • Heck - some of the smaller commercial outfits might even balk at having to spend that kind of money on the certificate.

        Yes, because $500 a year will easily put any corporation out of business.

        How do you get "any corporation" from "some of the smaller commercial outfits"?

      • I find it both ironic and hypocritical that the community here is constantly bashing corporate America; that is, until Microsoft makes certain corporations pay to make get their system-critical software tested and verified. Oh, then we're all sad for those poor corporations that have to pay $500 a year.

        I don't think anyone here is crying a river over nVidia having to pay a fee and get a certification or do anything like that. I believe what we are concerned about is that this gives users decreasingly fewer

      • Re:Ooh lovely (Score:2, Insightful)

        by doctormetal ( 62102 )

        I, for one, think this is great. It now *forces* companies like Creative, NVidia, ATI, RealTek, and other big hardware vendors to make their drivers go through and pass Windows Hardware Quality Labs testing. I know that doesn't guarantee it 100% perfectly working driver, but in my experience it does mean generally better drivers, which in turn means a more stable system. That's a good thing for millions of consumers, coming at the cost of ... $500/year for corporations.

        WHQL testing does not lead to better d

    • I can't imagine $500 being a lot of money to any company that creates drivers. Individual OSS developers might be out of luck, but any project that is used by a significant number of people can either get the certificate or find someone who will help them out like I outlined in another comment.

      http://it.slashdot.org/comments.pl?sid=174830&cid= 14541623 [slashdot.org]
      • Individual OSS developers might be out of luck, but any project that is used by a significant number of people can either get the certificate or find someone who will help them out like I outlined in another comment.

        Not under the current draft of the GNU General Public License version 3, which considers the private signing key to be part of the Complete Corresponding Source Code.

        • Vista won't be compatible with GPL 3 with respect to drivers. It's pretty convenient for Microsoft that this works out as a way to exclude GPL 3 drivers. As a monopoly, they have the ability to enforce their will on the market. If you don't like it, talk to the justice department. Or don't use Windows. I've heard I'm not the only one who doesn't use Windows as their primary OS.
      • Because if anyone wants to actually excercise their rights under any open source license (i.e. wants to modify the software for any reason), the key won't work!!

        I don't know why I keep having repeat myself to get people to understand this; it's an obvious and logical consequence of signed software:

        If you try to modify signed software, it's not signed anymore. In other words, ALL Free Software WILL NOT WORK if signing is required!!

        There are NO exceptions to this.
  • by aapold ( 753705 ) * on Monday January 23, 2006 @01:43PM (#14541463) Homepage Journal
    Its in the white paper attatched. Is it perfect? no... but it won't absolutely prevent you from doing stuff. Here's the relevent text:


    How to Disable Signature Enforcement during Development
    During the early stages of development, developers can disable enforcement in Windows so that driver signing is not necessary. The following options are available for developers to disable digital signature enforcement temporarily so that Windows will load an unsigned driver.
    Attaching a kernel debugger. Attaching an active kernel debugger to the target computer disables the enforcement module in Windows Vista and allows the driver to load.
    Using the F8 option. An F8 boot option introduced with Windows Vista--"Disable Driver Signature Enforcement"--is available to disable the kernel-signing enforcement only for the current boot session. This setting does not persist across boot sessions.
    Setting the boot configuration. A boot configuration setting is available for prerelease builds that allows the suppression of the enforcement module in Windows to be persisted across boot sessions. Windows Vista includes a command-line tool, BCDedit, which can be used to set this option. To use BCDedit, the user must have Elevated User or Administrator privileges on the system. The most straightforward approach is to create a desktop shortcut to cmd.exe, and then right-click -> Run Elevated. The following shows an example of running BDCedit at the command prompt:

    // Disable enforcement - no signing checks
    Bcdedit.exe -set nointegritychecks ON

    // Enable enforcement - signing checks apply
    Bcdedit.exe -set nointegritychecks OFF


    // Disabling integrity check on an alternate OS
    // specified by a GUID for the system ID
    Bcdedit.exe -set {4518fd64-05f1-11da-b13e-00306e386aee} nointegritychecks ON

  • "Drivers must be signed for devices that stream protected content."

    That's on all Vista systems, not just 'x64' systems (What the hell is 'x64'?). That means users won't get the benefit of frequent driver releases like they have now under XP, and won't be able to do what they like with their media. Also that people who pirate content will have hacked kernel binaries that bypass the signature check.

    Hardly a big deal. Nobody is going to run Vista unless they want to shell out for an HDCP compatable monitor any
    • Hu? x64 are the new 64 bit and 32bit-x86 compatible processors. Essentially the Athlon 64 and the Intel EM64
    • Hardly a big deal. Nobody is going to run Vista unless they want to shell out for an HDCP compatable monitor anyway

      But what about those people at the middle or end of this year running out and buying brand new Dells and HPs for school or for Christmas loaded with....Windows Vista? These users don't have a choice, unless they build their own machines or buy a Mac.

  • by Irvu ( 248207 ) on Monday January 23, 2006 @01:48PM (#14541516)
    That's it no open source drivers on Windows Vista.

    It's not unlike the early "Analog Hole" legislation beinbg proposed by "Fritz" Hollings. The legislation attempted to link DRM and national security and, in one form, would have required a license to program a computer, possibly even certification of each binary prior to development.

    The question is, how long until a workaround is found? When developing code I don't like the idea of signing each interim binary before testing it that would just lengthen the whole cycle pointlessly. Sooner or later somebody will find a way around this but not without much frustration, perhaps a specially signed "Developer Edition" of the OS.

    No wonder there wasn't much fanfaire.
    • First of all, can you say "DMCA violation?"

      Second of all, can you say "encryption keys locked in the hardware?"

      Third of all, can you say "remote attestation" (the process by which any hardware or software whose encryption has been hacked can be rendered inoperative by the Powers That Be remotely and instantly)?

      With Treacherous Computing, Microsoft et. al. have found a DRM model that works because it's based on hardware. If you think there's going to be a workaround, you're deluding yourself.
  • STUPID (Score:5, Insightful)

    by Chanc_Gorkon ( 94133 ) <.moc.liamg. .ta. .nokrog.> on Monday January 23, 2006 @01:49PM (#14541523)
    Does Microsoft even know the amount of drivers that ARE NOT signed?? This is stupid and it won't prevent anything. Is Microsoft going to look over thousands of drivers just to make sure they don't cause anything bad so they can put thier little WHQL seal and sign the blasted thing? What's to prevent someone from creating a hack that gets around this? Nothing. Why even try to do something like this? At least give users the option to screw up the system.
    • Re:STUPID (Score:3, Interesting)

      by Reziac ( 43301 ) *
      I'm thinking thst much what's behind this are the big PC OEMs, specifically Dell. Make it harder to run Vista on clone hardware, and OEM hardware sales go up. Dell is a whole lot bigger customer for M$ (primarily through enterprise contracts for hardware and OS) than the media content companies.

      I think this was first tried with XP -- back in the XP beta days, it became clear to me that XP was designed to be wholly compatible with Dell hardware, but with other hardware you just *hoped* it worked right.
      • No, what's behind this is the (Microsoft + OEMs + RIAA/MPAA) cartel as a whole. OEMs want to lock white-box makers out of the market, the RIAA/MPAA want to charge a toll for every bit of collective culture anyone sees or hears, and Microsoft wants to control the keys to the whole shebang.
    • Does Microsoft even know the amount of drivers that ARE NOT signed??

      Of course they do. I bet they even know how much they charge to sign a driver too....

  • by Halo- ( 175936 ) on Monday January 23, 2006 @01:52PM (#14541552)
    Okay, so MS requires all kernel drivers to be signed. That's ugly, but anything has that is signed has to be verified to the meaningful. The certificate used to verify the signatures is still stored in software at this time, right?

    So, what's to stop me from replacing the certificate which comes with Windows with my own, and then just resigning all the drivers?

    (Okay, the DMCA for one... grrr....)

    I don't think this if going to make Windows unhackable until hardware support for the certs is added. (which is pretty close, I think...)

    • Nothing. The same trick allows you to swap out hashed or encrypted passwords with known ciphertext to access systems. The problem with that is that EFS protected stuff is (of course) still inaccessable.

      Likewise, all Microsoft and OEM files (google for 'SLP activation') are signed and messing with the certs will most likely render Windows unbootable.

      A clean hack around the driver initialiser/installer is a better solution. Or switch to a FOSS OS.
    • The certificate "vouches" for the publishing party using a third party. In this case Verisign will issue the certificate that encrypts the publisher's public key. Since the Verisign public key is well known, the cert is decrypted, the publishers info and public key are then available. The signature is a hash of the binary encrypted using the publishers private key. The public key from the cert is used to decrypt the hash, and a new hash of the binary is compared to the signed hash. If the hashes are eq
    • RTFWP! You not only have to sign everything, but you must get a Publisher Identification Certificate (PIC) from Microsoft for any kernel driver. Creating your own cert for local testing might be possible, but faking a Microsoft-authenticated PIC seems like a much bigger challenge.

      But reading through the paper, I don't see any particular restrictions on obtaining a PIC. It sounds like you just get your Verisign code signing cert and then do an automated process with Microsoft to get a PIC. So why couldn't on
      • Speculation but...

        To get a PIC you likely have to sign a contract...

        And I would expect that agreement would prevent you from signing just anybody's code.

        So probably your risk would be getting sued for breach of contract.

        -- John.
    • So, what's to stop me from replacing the certificate which comes with Windows with my own, and then just resigning all the drivers?
      The Treacherous Computing chip, which hides the necessary encryption keys from you in hardware. Any more questions?
  • by RingDev ( 879105 ) on Monday January 23, 2006 @02:11PM (#14541758) Homepage Journal
    As per TFA:

    "Included in this white paper: ...
    How to Disable Signature Enforcement during Development"

    We'll have to see what the WDK offers when it becomes available.

    -Rick
  • a shot in the foot (Score:4, Interesting)

    by rocketman768 ( 838734 ) on Monday January 23, 2006 @02:21PM (#14541882) Homepage
    This is the beginning of microsoft's death. Anyone who's read "In the beginning was the command line" by Neal Stephenson [amazon.com] should recognize these early signs. It's the same reason apple never got really big: they used proprietary hardware and therefore limited the amount of users that could use their OS. Therefore, prices stayed relatively high, and most users chose the more flexible PC platform. Microsoft is requiring their users to use (sort of) proprietary software and drivers. This will of course result in the fact that other (more flexible) OS's will become more popular. I'm just now getting to see the usefulness in Linux. I've used it off and on for the past 6 years, but now it's getting to the point where my machine is in Linux mode for a week at a time before I need to do some Maple or Matlab stuff. All I can say is that I will most definitely have a dual-boot system from now on, and that the more restrictive MS gets, the more I will stay in Linux to rip MY OWN FRIGGIN CD's and whatever else they consider potentially unlawful at MS. It's a self-stabilizing situation within the market, so don't worry too much about it. It's the beginning of a new era where Windows will not have the majority of the market.
  • Driver Blacklisting? (Score:2, Interesting)

    by Kormac ( 466376 )
    If all the drivers are signed with certs, does that mean I can maintain a black list of driver manufacturers that I don't want to install on my machine? For example, Sony's rootkit driver? :)

    Kormac
  • 64bit ? (Score:3, Insightful)

    by jeriqo ( 530691 ) <jeriqo @ u n isson.org> on Monday January 23, 2006 @02:38PM (#14542069)
    Why not on the 32bit version ?
    This doesn't make any sense to me.
    • Re:64bit ? (Score:3, Insightful)

      by burndive ( 855848 )
      Backwards compatability.

      All drivers for 64-bit XP need to be rebuilt, since the 32-bit versions used with XP won't work in a 64-bit operating system. There are currently no 64-bit XP drivers to be backward-compatible with, so MS is setting the bar where it wants for all new drivers. They can't do the same with 32-bit because they have to be compatible with the unsigned 32-bit drivers already on the market for XP.

      64-bit is the future of desktop computing, and MS doesn't want have to support unsigned driver
  • by Zebra_X ( 13249 ) on Monday January 23, 2006 @02:47PM (#14542162)
    what is fantastic about this is that it will prevent nafarious entities from installing low level code or drivers. it will also create a chain of accountability for the software running on users machines.

    admittedly, five hundred dollars isn't a great deal - but as an end user i'd rather know where my software is coming from.

    what's amusing about this is that when windows 2000 introduced code signing, a lot of people got upset saying that msft would use it as a way to control who could develop software for windows. fortunately, signing has not been used as an anti-competitive tool, rather it's now being used to protect us from malware. /clap
  • Old story (Score:2, Informative)

    Microsoft has been saying this for many years now (XP, Win2K at least). As each release date nears, and the number of signed drivers is pitifully small, they drop the requirement.

    There will be some way of loading unsigned drivers. If not, it will be basically impossible to write a driver - since there will be no way of loading it for debug/test. (Unless you really want to go through the pain of signing every single debug build you make). My bet is there will be some "secret" registry key turned on by the

  • This is going to be one for http://europa.eu.int/comm/commission_barroso/kroes /index_en.html [eu.int] the European Competition commissioner. Following in the footsteps of Super Mario, it looks like this one could run and run.
  • There is no denying that XP won the last round of the OS wars. This was mainly down to the fact the the same 90% that bought PCs thought that Macs were just for animation and graphics (groan) and that Linux is just for nerds. Most people just don't know that there are alternatives.

    This time round Microsoft are faced by OS X which, thanks to iPod, is now routinely hailed as 'cool' and a Linux which is not only robust enough to be deployed in some businesses (Red Hat and SuSE) but also easy enough for your Na
  • by yeremein ( 678037 ) on Monday January 23, 2006 @04:12PM (#14543032)
    Currently it's possible to read/write ext3 volumes from Windows XP using an installable file system (IFS) driver.

    Will this be a thing of the past after Longhorn ships?
  • by Eric Smith ( 4379 ) * on Monday January 23, 2006 @07:26PM (#14544767) Homepage Journal
    and [...] is only available to commercial entities
    It takes very little to become a commercial entity. You don't have to incorporate to have a sole proprietorship or partnership. If you actually sell anything taxable, you have to get tax licenses from your city, county, or state, which is generally either free or very inexpensive. Depending on your locality, you might need a business license, which usually costs under $100 per year. If you do business under your own name (e.g. "Joe Thompson Company", "Thompson Furniture", etc.), you don't need to even file a ficticious name statement, though doing so isn't very expensive and usually lasts for five years.
  • Chill People (Score:3, Insightful)

    by logicnazi ( 169418 ) <gerdesNO@SPAMinvariant.org> on Monday January 23, 2006 @09:52PM (#14545609) Homepage
    It isn't clear yet that they are trying to *securely* prevent loading unsigned drivers into the kernel. There might just be a config setting or other toggle that hackish users can flip to load unsigned code into the kernel.

    In fact it would seem they would have to have such a toggle. Otherwise how are even commercial software companies supposed to develop this code? Not only would it be a pain to sign the driver every time you are testing the latest code changes it would require giving access to the signing keys to whoever compiles a kernel extension.

    As an aside this scheme seems totally useless for the proposed purpose. The makers of malware are just going to steal a legitamate software developers secret key and sign their code with that. MS won't be able to anything because tons of people will be mad if windows update breaks their computer. However, I don't know whether to credit this to stupidity or malicousness (just want to make it difficult for normal people to use OSS kernel level code).

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...