Hi all, I''ve got the need to use the GPLPV drivers on a Windows 2008 domU but it will be better for me to use unsigned drivers rather than test drivers. I''ve spent the last couple of days building the drivers using the Windows DDK and not signing them, but they only make the domU blue screen. I''m not sure if it is my build environment or the revision of the GPLPV code I''ve checked out from the repo. Has anybody built "stable" drivers for x64 Win2008 which are not signed? Or is it just the revision I have checked out? I''ve tried both the current tip and revision 36fef48dbfa9, both with the same results on the machine (although there are no visible errors during compile). Any help is appreciated. -- Regards, Oliver _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> Hi all, > > I''ve got the need to use the GPLPV drivers on a Windows 2008 domU butit> will be better for me to use unsigned drivers rather than testdrivers. I''ve> spent the last couple of days building the drivers using the WindowsDDK and> not signing them, but they only make the domU blue screen. I''m notsure if> it is my build environment or the revision of the GPLPV code I''vechecked> out from the repo. > > Has anybody built "stable" drivers for x64 Win2008 which are notsigned? Or> is it just the revision I have checked out? I''ve tried both thecurrent tip> and revision 36fef48dbfa9, both with the same results on the machine > (although there are no visible errors during compile). > > Any help is appreciated. >What is the BSoD? Is it 0x7B? I don''t think Win2008 x64 will ever load drivers if they are not signed, so that''s the error I''d expect. James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed Jul 15, 2009 at 12:07:33 +1000, James Harper wrote:>> Hi all, >> >> I''ve got the need to use the GPLPV drivers on a Windows 2008 domU but >it >> will be better for me to use unsigned drivers rather than test >drivers. I''ve >> spent the last couple of days building the drivers using the Windows >DDK and >> not signing them, but they only make the domU blue screen. I''m not >sure if >> it is my build environment or the revision of the GPLPV code I''ve >checked >> out from the repo. >> >> Has anybody built "stable" drivers for x64 Win2008 which are not >signed? Or >> is it just the revision I have checked out? I''ve tried both the >current tip >> and revision 36fef48dbfa9, both with the same results on the machine >> (although there are no visible errors during compile). >> >> Any help is appreciated. >> > >What is the BSoD? Is it 0x7B? > >I don''t think Win2008 x64 will ever load drivers if they are not signed, >so that''s the error I''d expect.Yes it is 0x7B. So even if you tell 2008 to ignore signing from the boot menu it will still blue screen like that? If so, the only alternative is to run with your test-cert signed drivers in test mode (aside from, obviously, purchasing the legitimate certificate and signing them properly). This seems like a nasty situation... -- Regards, Oliver Hookins _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> > > >What is the BSoD? Is it 0x7B? > > > >I don''t think Win2008 x64 will ever load drivers if they are notsigned,> >so that''s the error I''d expect. > > Yes it is 0x7B. So even if you tell 2008 to ignore signing from theboot> menu it will still blue screen like that? If so, the only alternativeis to> run with your test-cert signed drivers in test mode (aside from,obviously,> purchasing the legitimate certificate and signing them properly). >I can''t remember exactly how it works. I think you can enable ''testsigning'' mode where it will accept any signature (not just WHQL) but I don''t think you can boot with unsigned drivers. There may be some hacks available to work around this though... James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed, Jul 15, 2009 at 8:29 AM, Oliver Hookins<oliver.hookins@anchor.com.au> wrote:> Hi all, > > I''ve got the need to use the GPLPV drivers on a Windows 2008 domU but it > will be better for me to use unsigned drivers rather than test drivers. I''ve > spent the last couple of days building the drivers using the Windows DDK and > not signing them, but they only make the domU blue screen. I''m not sure if > it is my build environment or the revision of the GPLPV code I''ve checked > out from the repo.Does James'' prebuilt binary works for you? -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed Jul 15, 2009 at 10:07:18 +0700, Fajar A. Nugraha wrote:>On Wed, Jul 15, 2009 at 8:29 AM, Oliver >Hookins<oliver.hookins@anchor.com.au> wrote: >> Hi all, >> >> I''ve got the need to use the GPLPV drivers on a Windows 2008 domU but it >> will be better for me to use unsigned drivers rather than test drivers. I''ve >> spent the last couple of days building the drivers using the Windows DDK and >> not signing them, but they only make the domU blue screen. I''m not sure if >> it is my build environment or the revision of the GPLPV code I''ve checked >> out from the repo. > >Does James'' prebuilt binary works for you?Version 0.10.0.69 works, but I was hoping to be able to install something that didn''t require running the machine permanently in test mode. -- Regards, Oliver Hookins _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed, Jul 15, 2009 at 10:23 AM, Oliver Hookins<oliver.hookins@anchor.com.au> wrote:>>Does James'' prebuilt binary works for you? > > Version 0.10.0.69 works, but I was hoping to be able to install something > that didn''t require running the machine permanently in test mode.And how would having unsigned driver fix that? With unsigned drivers you''d have to choose disable driver signing on every boot (or have something like ready driver plus, which automates some keypress). But if you choose this route, then you can always use 0.10.0.69. It would, in effect, be the same as using unsigned driver. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed Jul 15, 2009 at 10:33:29 +0700, Fajar A. Nugraha wrote:>On Wed, Jul 15, 2009 at 10:23 AM, Oliver >Hookins<oliver.hookins@anchor.com.au> wrote: >>>Does James'' prebuilt binary works for you? >> >> Version 0.10.0.69 works, but I was hoping to be able to install something >> that didn''t require running the machine permanently in test mode. > >And how would having unsigned driver fix that? >With unsigned drivers you''d have to choose disable driver signing on >every boot (or have something like ready driver plus, which automates >some keypress). But if you choose this route, then you can always use >0.10.0.69. It would, in effect, be the same as using unsigned driver.I was under the impression that using bcdedit to set the DDISABLE_INTEGRITY_CHECKS loadoption and nointegritychecks option would remove any restrictions on using unsigned drivers, but it would appear this perhaps on applies to Vista, not Windows 2008. -- Regards, Oliver Hookins _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
>> > >> >What is the BSoD? Is it 0x7B? >> > >> >I don''t think Win2008 x64 will ever load drivers if they are not >signed, >> >so that''s the error I''d expect. >> >> Yes it is 0x7B. So even if you tell 2008 to ignore signing from the >boot >> menu it will still blue screen like that? If so, the only alternative >is to >> run with your test-cert signed drivers in test mode (aside from, >obviously, >> purchasing the legitimate certificate and signing them properly). >> > >I can''t remember exactly how it works. I think you can enable >''testsigning'' mode where it will accept any signature (not just WHQL) >but I don''t think you can boot with unsigned drivers. > >There may be some hacks available to work around this though... > >JamesShould it be possible to install the certificate the driver is signed by into the system so that it effectively becomes trusted (and doesn''t require test mode)? Currently my test domU is blue screening even with test mode enabled so I''m not sure what is going on... -- Regards, Oliver Hookins _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> I was under the impression that using bcdedit to set the> DDISABLE_INTEGRITY_CHECKS loadoption and nointegritychecks option would > remove any restrictions on using unsigned drivers, but it would appear this > perhaps on applies to Vista, not Windows 2008. It even does not work in Vista (starting with SP1). Only way is to use Ready Driver Plus James: is the problem with test signing mode and networking fixed in the port 10.0.69 drivers? Sincerly, Klaus _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed Jul 15, 2009 at 10:56:38 +0200, Klaus Steinberger wrote:> > I was under the impression that using bcdedit to set the > > DDISABLE_INTEGRITY_CHECKS loadoption and nointegritychecks option would > > remove any restrictions on using unsigned drivers, but it would appear > this > > perhaps on applies to Vista, not Windows 2008. > > It even does not work in Vista (starting with SP1). > > Only way is to use Ready Driver PlusYes, I ran that once and my general feeling is that it''s a very hacky "solution". Is there any likelihood of the GPLPV drivers getting signed with a "real" certificate? The Microsoft documents on driver signing are a bit vague on what is actually required but it doesn''t seem as if the full WHQL testing needs to be done, you only need an SPC certificate from a trusted CA. For example Comodo are selling code signing certs for $179 for a year. Could "anyone" then purchase one of these certificates and sign the GPLPV drivers? -- Regards, Oliver Hookins _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Oliver Hookins schrieb:> On Wed Jul 15, 2009 at 10:56:38 +0200, Klaus Steinberger wrote: >>> I was under the impression that using bcdedit to set the >>> DDISABLE_INTEGRITY_CHECKS loadoption and nointegritychecks option would >>> remove any restrictions on using unsigned drivers, but it would appear >> this >>> perhaps on applies to Vista, not Windows 2008. >> It even does not work in Vista (starting with SP1). >> >> Only way is to use Ready Driver Plus > > Yes, I ran that once and my general feeling is that it''s a very hacky > "solution". > > Is there any likelihood of the GPLPV drivers getting signed with a "real" > certificate? The Microsoft documents on driver signing are a bit vague on > what is actually required but it doesn''t seem as if the full WHQL testing > needs to be done, you only need an SPC certificate from a trusted CA. For > example Comodo are selling code signing certs for $179 for a year. > > Could "anyone" then purchase one of these certificates and sign the GPLPV > drivers? >Hmm 179 Dollars would not be much, is it a one time purchase, or every time you sign a driver? Maybe I can arrange something. Sincerly, Klaus _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, I ressend that, as I always forget to switch of signing my mail. The xen-users List don''t like signed Emails.>> Only way is to use Ready Driver Plus > > Yes, I ran that once and my general feeling is that it''s a very hacky > "solution".Hacky, but works. I have it running on several w2k8 vm''s.> Is there any likelihood of the GPLPV drivers getting signed with a "real" > certificate? The Microsoft documents on driver signing are a bit vague on > what is actually required but it doesn''t seem as if the full WHQL testing > needs to be done, you only need an SPC certificate from a trusted CA. For > example Comodo are selling code signing certs for $179 for a year. > > Could "anyone" then purchase one of these certificates and sign the GPLPV > drivers? >Hmm 179 Dollars would not be much, is it a one time purchase, or every time you sign a driver? Maybe I can arrange something. Sincerly, Klaus _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thu Jul 16, 2009 at 08:16:48 +0200, Klaus Steinberger wrote:> Hi, > > I ressend that, as I always forget to switch of signing my mail. The > xen-users List don''t like signed Emails. > >>> Only way is to use Ready Driver Plus >> >> Yes, I ran that once and my general feeling is that it''s a very hacky >> "solution". > Hacky, but works. I have it running on several w2k8 vm''s. > >> Is there any likelihood of the GPLPV drivers getting signed with a "real" >> certificate? The Microsoft documents on driver signing are a bit vague on >> what is actually required but it doesn''t seem as if the full WHQL testing >> needs to be done, you only need an SPC certificate from a trusted CA. For >> example Comodo are selling code signing certs for $179 for a year. >> >> Could "anyone" then purchase one of these certificates and sign the GPLPV >> drivers? >> > Hmm 179 Dollars would not be much, is it a one time purchase, or every > time you sign a driver? > > Maybe I can arrange something.I''m only interested to know if it is possible from a technical standpoint. I''m sure if there was sufficient interest from the community, people could make small donations to fund such a SPC cert for James to use with his releases. That is to say, if any company wasn''t willing to take the initiative and purchase a cert so they could make signed GPLPV drivers available for the community. -- Regards, Oliver Hookins _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> > On Wed Jul 15, 2009 at 10:56:38 +0200, Klaus Steinberger wrote: > > > I was under the impression that using bcdedit to set the > > > DDISABLE_INTEGRITY_CHECKS loadoption and nointegritychecks optionwould> > > remove any restrictions on using unsigned drivers, but it wouldappear> > this > > > perhaps on applies to Vista, not Windows 2008. > > > > It even does not work in Vista (starting with SP1). > > > > Only way is to use Ready Driver Plus > > Yes, I ran that once and my general feeling is that it''s a very hacky > "solution". > > Is there any likelihood of the GPLPV drivers getting signed with a"real"> certificate? The Microsoft documents on driver signing are a bit vagueon> what is actually required but it doesn''t seem as if the full WHQLtesting> needs to be done, you only need an SPC certificate from a trusted CA.For> example Comodo are selling code signing certs for $179 for a year. > > Could "anyone" then purchase one of these certificates and sign theGPLPV> drivers? >I''m pretty sure it doesn''t work that way. The drivers need to be signed by Microsoft (in addition to a regular code signing cert I think). The reasoning from Microsoft''s point of view is that if someone writes crappy drivers it makes Windows look crappy, so they make you test them against Microsoft''s testing framework (WHQL) and then submit the logs to Microsoft, and if they are happy they stamp them with their secret key. I don''t really agree with it (it''s entirely possible to write a crappy driver that passes WHQL) but I can understand where they are coming from. James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users