[Libosinfo] [PATCH 2/3] install-config, winxp, win7: API to enable/disable driver signing

Christophe Fergeau cfergeau at redhat.com
Thu Mar 14 15:22:22 UTC 2013


On Thu, Mar 14, 2013 at 04:16:58AM +0200, Zeeshan Ali (Khattak) wrote:
> From: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
> 
> While I thought that I had solved the problem of Windows requiring
> signed device drivers and QXL driver being unsigned, I could't be more
> wrong:
> 
> * The registry key magic I used for disabling driver signature checks
>   on XP seems to be far from reliable. I tested it many many times but
>   on a weird broken version of XP home edition that I can't seem to
>   have access to anymore. I now tested against both home and professional
>   editions both with and without this registry key magic and I observed
>   the same result in both cases: Drivers do get installed but they remain
>   unused by the OS after installation. The only reliable way of
>   effectively disabling signture checks during installation is through
>   the 'DriverSigningPolicy' option in .sif file, which means disabling
>   signature checks permanently.
> * On Windows 7, disabling integrity checks and test signing after
>   drivers' installation disables the already installed drivers too if
>   they are not signed.
> * The reason I thought QXL was functional at first was that automatic
>   resolution setting was working. Turns out that unlike on Linux, on
>   windows automatic resolution setting only requires spice-vdagent where
>   as QXL is only required for arbitrary resolutions.
> 
> So to make QXL working out of the box, I'm afraid we don't have any
> choice but to disable driver signature checks permanently. Since
> signature checks is a security measure from vendors, we need to leave
> it to applications to decide whether they want to do this or not.

As whether driver signing is enabled or not is stored in the entity
property OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING, I'm under the
impression that if the user does not call _set_signing(), we will
default to disabling signing (the property is not set, so
we get FALSE when trying to read it, so signing is disabled). Imo we
want to enable signing by default.


> ---
>  data/install-scripts/windows-cmd.xml | 19 +++----------------
>  data/install-scripts/windows-sif.xml |  8 ++++++++
>  osinfo/libosinfo.syms                |  3 +++
>  osinfo/osinfo_install_config.c       | 25 +++++++++++++++++++++++++
>  osinfo/osinfo_install_config.h       |  6 ++++++
>  5 files changed, 45 insertions(+), 16 deletions(-)
> 
> diff --git a/data/install-scripts/windows-cmd.xml b/data/install-scripts/windows-cmd.xml
> index e8ffc35..c45c543 100644
> --- a/data/install-scripts/windows-cmd.xml
> +++ b/data/install-scripts/windows-cmd.xml
> @@ -14,6 +14,7 @@
>        <param name="script-disk" policy="optional"/>
>        <param name="post-install-drivers-disk" policy="optional"/>
>        <param name="post-install-drivers-location" policy="optional"/>
> +      <param name="driver-signing" policy="optional"/>
>      </config>
>      <avatar-format>
>        <mime-type>image/bmp</mime-type>
> @@ -71,27 +72,13 @@ REGEDIT /S <xsl:call-template name="script-disk"/>:\windows.reg
>  </xsl:if>
>  
>  <xsl:call-template name="post-install-drivers-disk"/>:
> -<xsl:choose>
> -  <xsl:when test="os/version < 6.0">
> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
> -  </xsl:when>
> -  <xsl:otherwise>
> +<xsl:if test="config/driver-signing = 'false' and os/version > 5.1">
>  bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
>  bcdedit.exe -set TESTSIGNING ON
> -  </xsl:otherwise>
> -</xsl:choose>
> +</xsl:if>
>  
>  for %%i in ("<xsl:call-template name="post-install-drivers-disk"/>:<xsl:value-of select="config/post-install-drivers-location"/>\*.cmd") do cmd /c %%i
>  
> -<xsl:choose>
> -  <xsl:when test="os/version < 6.0">
> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000001 /f
> -  </xsl:when>
> -  <xsl:otherwise>
> -bcdedit.exe -set loadoptions EENABLE_INTEGRITY_CHECKS
> -bcdedit.exe -set TESTSIGNING OFF
> -  </xsl:otherwise>
> -</xsl:choose>
>  EXIT
>  	</xsl:template>
>        </xsl:stylesheet>
> diff --git a/data/install-scripts/windows-sif.xml b/data/install-scripts/windows-sif.xml
> index 630df56..2bccc5d 100644
> --- a/data/install-scripts/windows-sif.xml
> +++ b/data/install-scripts/windows-sif.xml
> @@ -10,6 +10,7 @@
>        <param name="admin-password" policy="optional"/>
>        <param name="reg-product-key" policy="required"/>
>        <param name="user-realname" policy="required"/>
> +      <param name="driver-signing" policy="optional"/>
>      </config>
>      <template>
>        <xsl:stylesheet
> @@ -30,6 +31,9 @@
>      OemSkipEula=Yes
>      OemPreinstall=No
>      TargetPath=\WINDOWS
> +<xsl:if test="config/driver-signing = 'false'">
> +    DriverSigningPolicy=Ignore
> +</xsl:if>
>      Repartition=Yes
>      WaitForReboot=No
>      UnattendSwitch=Yes
> @@ -78,6 +82,7 @@
>        <param name="user-realname" policy="required"/>
>        <param name="hostname" policy="required"/>
>        <param name="script-disk" policy="optional"/>
> +      <param name="driver-signing" policy="optional"/>
>      </config>
>      <template>
>        <xsl:stylesheet
> @@ -142,6 +147,9 @@
>      TargetPath=\WINNT
>    </xsl:otherwise>
>  </xsl:choose>
> +<xsl:if test="config/driver-signing = 'false'">
> +    DriverSigningPolicy=Ignore
> +</xsl:if>
>      Repartition=Yes
>      WaitForReboot="No"
>      UnattendSwitch="Yes"
> diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
> index df2ba90..0942290 100644
> --- a/osinfo/libosinfo.syms
> +++ b/osinfo/libosinfo.syms
> @@ -403,6 +403,9 @@ LIBOSINFO_0.2.6 {
>      global:
>  	osinfo_device_driver_get_signed;
>  	osinfo_device_driver_set_signed;
> +
> +	osinfo_install_config_get_driver_signing;
> +	osinfo_install_config_set_driver_signing;
>  } LIBOSINFO_0.2.3;
>  
>  /* Symbols in next release...
> diff --git a/osinfo/osinfo_install_config.c b/osinfo/osinfo_install_config.c
> index 1712be5..f6d2561 100644
> --- a/osinfo/osinfo_install_config.c
> +++ b/osinfo/osinfo_install_config.c
> @@ -641,6 +641,31 @@ const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInsta
>               OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION);
>  }
>  
> +/**
> + * osinfo_install_config_set_driver_signing:
> + * @config: the install config
> + * @signing: boolean value
> + *
> + * If a script requires drivers to be signed, this function can be used to
> + * disable that security feature. WARNING: Disable driver signing may very well
> + * mean disabling it permanently.

I think 'disabling driver signing may ...' is better

> + */
> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
> +                                              gboolean signing)
> +{
> +    osinfo_entity_set_param_boolean(OSINFO_ENTITY(config),
> +                                    OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
> +                                    signing);
> +}
> +

Why no API doc for get_driver_signing?

> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config)
> +{
> +    return osinfo_entity_get_param_value_boolean_with_default
> +            (OSINFO_ENTITY(config),
> +             OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
> +             TRUE);
> +}
> +
>  /*
>   * Local variables:
>   *  indent-tabs-mode: nil
> diff --git a/osinfo/osinfo_install_config.h b/osinfo/osinfo_install_config.h
> index d650a0a..b3cfa7e 100644
> --- a/osinfo/osinfo_install_config.h
> +++ b/osinfo/osinfo_install_config.h
> @@ -67,6 +67,8 @@
>  #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK "post-install-drivers-disk"
>  #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION "post-install-drivers-location"
>  
> +#define OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING "driver-signing"
> +
>  typedef struct _OsinfoInstallConfig        OsinfoInstallConfig;
>  typedef struct _OsinfoInstallConfigClass   OsinfoInstallConfigClass;
>  typedef struct _OsinfoInstallConfigPrivate OsinfoInstallConfigPrivate;
> @@ -193,6 +195,10 @@ void osinfo_install_config_set_post_install_drivers_location(OsinfoInstallConfig
>                                                               const gchar *location);
>  const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInstallConfig *config);
>  
> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
> +                                              gboolean signing);
> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config);
> +
>  #endif /* __OSINFO_INSTALL_CONFIG_H__ */
>  /*
>   * Local variables:
> -- 
> 1.8.1.4
> 
> _______________________________________________
> Libosinfo mailing list
> Libosinfo at redhat.com
> https://www.redhat.com/mailman/listinfo/libosinfo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libosinfo/attachments/20130314/99ec8f02/attachment.sig>


More information about the Libosinfo mailing list