[Spice-devel] Windows 7 64bit QXL driver not digitally signed
Christophe Fergeau
cfergeau at redhat.com
Thu May 16 02:29:38 PDT 2013
On Tue, May 07, 2013 at 11:02:15AM -0500, Frank Moss wrote:
> I understand that you do not currently sign the upstream drivers and
> that the practice of placing a windows 7 x64 box in test mode is a
> possible workaround, but it is not a solution and in some instances can
> violate security policy.
> That said, the lack of driver signing prevented my former group from
> providing this as a VDI solution to a government agency. In addition,
> this is hindering my new group's ability to offer this as a transport
> mechanism for our DaaS (internal only) offering.
>
> Why are the stable driver releases unsigned?
> What are the barriers to the driver signing?
Note that there are 2 different signatures, one that is done by the company
building the driver, and another one done by Microsoft as part of the WHQL
process (hardware certification). The drivers on spice-space.org have a Red
Hat signature, but did not go through WHQL. And newer Windows versions are
unfortunately refuse to install drivers without a WHQL signature unless you
go through the hacks you mentioned.
I think the main barriers to WHQL signing of these drivers is that it costs
money, and iirc MS will not sign drivers with a copyleft licence, which
would be another issue.
Hope that helps,
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20130516/3a43b26e/attachment.pgp>
More information about the Spice-devel
mailing list