[Libosinfo] [PATCH 2/8] winxp, installer: Ignore unsigned drivers

Christophe Fergeau cfergeau at redhat.com
Thu Feb 7 15:40:56 UTC 2013


On Thu, Feb 07, 2013 at 04:14:27PM +0100, Christophe Fergeau wrote:
> On Thu, Feb 07, 2013 at 04:49:43PM +0200, Zeeshan Ali (Khattak) wrote:
> > Moreover, even as security measure, its doubtful that MS thought of an
> > application being invovled in the process. The common use case
> > involves only the user and MS' software (mainly the installer). Its a
> > very usual thing to not trust users to know exactly what they are
> > doing. They can get malicious drivers from anywhere and try to install
> > them. In case of libosinfo, there is going to be an app involved,
> > making the decision for the user.
> 
> But once the system is installed, the user will be in control of the OS,
> and signature checking will still be disabled! And this patch is disabling
> this even when no unsigned drivers are involved at all.

NB: If you make sure unsigned drivers cannot be installed after the
automatic installation is done (either using some postinstall scripting
magic, or either because I'm mistaken and these changes are only
valid during the installation process but are thrown away at the end of the
install), then I'm all fine with always disabling signature checking as
long as it only happens during installation, and the installed OS checks
driver signatures.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libosinfo/attachments/20130207/58582cbf/attachment.sig>


More information about the Libosinfo mailing list