certifying of the drivers/software

  • Thread starter Thread starter Stefan
  • Start date Start date
S

Stefan

Hi,

is the certifying of the drivers/ software necessary ? How it my software is
not?

Thanks
 
If you're writing software for a large number of people, or drivers for a
lot of people, it's a good idea to get a digital certificate so when they
download your product or drivers, it comes with your certificate saying
"yes, this is genuine Stefan's software, because the certificate is there"
:o)

It's overall much better for business as it shows you're genuine :o)

--
Zack Whittaker
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: www.msblog.org
» Vista Knowledge Base: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
that up!


--- Original message follows ---
 
I'm pretty sure that I saw somewhere that kernel mode drivers will have to
be digitally signed to be installable, although I think that currently only
applies to 64bit stuff.
 
For Windows Vista and later versions of the Windows family of operating
systems, kernel-mode software must have a digital signature to load on
x64-based computer systems.

This paper describes how to manage the signing process for kernel-mode code
for Windows Vista, including how to obtain a Publisher Identity Certificate
(PIC), guidelines for protecting keys, and how to sign a driver package by
using tools that are provided in the Windows Driver Kit (WDK).

What this means for Windows Vista. To increase the safety and stability of
the Microsoft Windows platform, beginning with Windows Vista:

. Users who are not administrators cannot install unsigned device
drivers.

. Drivers must be signed for devices that stream protected content.
This includes audio drivers that use Protected User Mode Audio (PUMA) and
Protected Audio Path (PAP), and video device drivers that handle protected
video path-output protection management (PVP-OPM) commands.

. Unsigned kernel-mode software will not load and will not run on
x64-based systems.

Note: Even users with administrator privileges cannot load unsigned
kernel-mode code on x64-based systems. This applies for any software module
that loads in kernel mode, including device drivers, filter drivers, and
kernel services.

. To optimize the performance of driver verification at boot time,
boot-driver binaries must have an embedded Publisher Identity Certificate
(PIC) in addition to the signed .cat file for the package.

Read the rest here

http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
 
Not only that, but it recognizes quality, so that when a user downloads say
video driver from you, they are guaranteed its not take down the entire
system or affect additional hardware devices.

Driver Signing & File Protection:
http://www.microsoft.com/whdc/winlogo/drvsign/drvsign.mspx

Additional Resources: Windows Vista logo program:
http://www.microsoft.com/whdc/winlogo/LH_logo.mspx

Vista Logo proposed requrements:
http://www.microsoft.com/whdc/winlogo/hwrequirements.mspx

FAQs about the logo program:
http://www.microsoft.com/whdc/winlogo/VistaLogofaq.mspx
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
 
Does that mean, I'd have to buy that certificate? Is it affordable for a
poor student? Or is it only for big companies? Then good-bye to free driver
projects such as dscaler, kX-Project, bttv (or whatever the win32 equivalent
is called)
 
I have no idea about the cost, but I suspect it won't be cheap.

However, remember that this is only for 'Kernel' mode drivers. Which drivers
are kernal mode?... not sure, but I suspect that it's stuff like
motherboards etc. A lot of work has been done to move things out of the
kernal, sound drivers are one that springs to mind. Dunno if video has been
taken out of the kernal, but it would make sense if it has.
 
I may be wrong (often am ;) ), but I don't think it means anything of the
sort. Given the right resources, anyone could write a driver which could do
anything to your systems. All the signing does is proove that the software
comes from who it says it comes from. Nothing else.
 
The driver signing process is what you are paying each year for, Microsoft
has to do a lot of testing on their end. Remember, you developing driver
that could be potentially used by nearly a billion people. Its really
targetted at anybody, just as long as you can afford cost, but you should be
looking at benefits at the same time, what are you getting out of it?

Driver signing is so important, especially in Vista, we need reliable
drivers, and Microsoft realizes that. I think it benefits us all, providing
the user with a great experience and the developer with a great, respectable
reputation.
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
 
Andre Da Costa said:
The driver signing process is what you are paying each year for, Microsoft
has to do a lot of testing on their end. Remember, you developing driver
that could be potentially used by nearly a billion people. Its really
targetted at anybody, just as long as you can afford cost, but you should be
looking at benefits at the same time, what are you getting out of it?

Driver signing is so important, especially in Vista, we need reliable
drivers, and Microsoft realizes that. I think it benefits us all, providing
the user with a great experience and the developer with a great, respectable
reputation.
Click to expand...

But free and open-source developers probably could never afford such a
certification - take the forementioned bt8x8-Chipset-Driver (for analog TV)
for example: Original Hardware Manufacturers (like Hauppauge) developed
drivers (probably signed) which are less performant and got fewer features
than their free open-source counterpart developed by a third party..
(Hauppauge even used parts of an open-source-project later on..) - there
still should be a possibility to use unsigned drivers - and I don't think
(but maybe I'm wrong there, feel free to correct me!), that performant
drivers eg. for video don't involve kernel mangling..
Also think of those "modded" VGA-Drivers for ATI and nVidia cards, e.g. from
omegadrive or DNA.. Sure: They are unsupported and may prove instable - but
I still should be able to use them at my own risk. I'd prefer it the way
this is handled in XP: Select wether you want to use only signed drivers
(eg. where stability and "it-just-works" is important) or being able to take
the "risk" of using non-signed drivers (for us kids who'll have to try
everything) :-)
 
Keep in mind when talking the 64-bit requirement for driver to be signed,
they don't mean WHQL signing, they mean at least PIC signing.
 
Back
Top