[Libosinfo] [PATCH 2/3] install-config, winxp, win7: API to enable/disable driver signing

Zeeshan Ali (Khattak) zeeshanak at gnome.org
Thu Mar 14 15:46:11 UTC 2013


On Thu, Mar 14, 2013 at 5:22 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> On Thu, Mar 14, 2013 at 04:16:58AM +0200, Zeeshan Ali (Khattak) wrote:
>> From: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
>>
>> While I thought that I had solved the problem of Windows requiring
>> signed device drivers and QXL driver being unsigned, I could't be more
>> wrong:
>>
>> * The registry key magic I used for disabling driver signature checks
>>   on XP seems to be far from reliable. I tested it many many times but
>>   on a weird broken version of XP home edition that I can't seem to
>>   have access to anymore. I now tested against both home and professional
>>   editions both with and without this registry key magic and I observed
>>   the same result in both cases: Drivers do get installed but they remain
>>   unused by the OS after installation. The only reliable way of
>>   effectively disabling signture checks during installation is through
>>   the 'DriverSigningPolicy' option in .sif file, which means disabling
>>   signature checks permanently.
>> * On Windows 7, disabling integrity checks and test signing after
>>   drivers' installation disables the already installed drivers too if
>>   they are not signed.
>> * The reason I thought QXL was functional at first was that automatic
>>   resolution setting was working. Turns out that unlike on Linux, on
>>   windows automatic resolution setting only requires spice-vdagent where
>>   as QXL is only required for arbitrary resolutions.
>>
>> So to make QXL working out of the box, I'm afraid we don't have any
>> choice but to disable driver signature checks permanently. Since
>> signature checks is a security measure from vendors, we need to leave
>> it to applications to decide whether they want to do this or not.
>
> As whether driver signing is enabled or not is stored in the entity
> property OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING, I'm under the
> impression that if the user does not call _set_signing(), we will
> default to disabling signing (the property is not set, so
> we get FALSE when trying to read it, so signing is disabled).

If app does not call the setter explicitly, the
OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING entity parameter is never
set so when generating the script from the config,
"config/driver-signing" in XSL evaluates to empty string. Also,
osinfo_install_config_get_driver_signing() returns TRUE if entity is
not found.

>> ---
>>  data/install-scripts/windows-cmd.xml | 19 +++----------------
>>  data/install-scripts/windows-sif.xml |  8 ++++++++
>>  osinfo/libosinfo.syms                |  3 +++
>>  osinfo/osinfo_install_config.c       | 25 +++++++++++++++++++++++++
>>  osinfo/osinfo_install_config.h       |  6 ++++++
>>  5 files changed, 45 insertions(+), 16 deletions(-)
>>
>> diff --git a/data/install-scripts/windows-cmd.xml b/data/install-scripts/windows-cmd.xml
>> index e8ffc35..c45c543 100644
>> --- a/data/install-scripts/windows-cmd.xml
>> +++ b/data/install-scripts/windows-cmd.xml
>> @@ -14,6 +14,7 @@
>>        <param name="script-disk" policy="optional"/>
>>        <param name="post-install-drivers-disk" policy="optional"/>
>>        <param name="post-install-drivers-location" policy="optional"/>
>> +      <param name="driver-signing" policy="optional"/>
>>      </config>
>>      <avatar-format>
>>        <mime-type>image/bmp</mime-type>
>> @@ -71,27 +72,13 @@ REGEDIT /S <xsl:call-template name="script-disk"/>:\windows.reg
>>  </xsl:if>
>>
>>  <xsl:call-template name="post-install-drivers-disk"/>:
>> -<xsl:choose>
>> -  <xsl:when test="os/version < 6.0">
>> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
>> -  </xsl:when>
>> -  <xsl:otherwise>
>> +<xsl:if test="config/driver-signing = 'false' and os/version > 5.1">
>>  bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
>>  bcdedit.exe -set TESTSIGNING ON
>> -  </xsl:otherwise>
>> -</xsl:choose>
>> +</xsl:if>
>>
>>  for %%i in ("<xsl:call-template name="post-install-drivers-disk"/>:<xsl:value-of select="config/post-install-drivers-location"/>\*.cmd") do cmd /c %%i
>>
>> -<xsl:choose>
>> -  <xsl:when test="os/version < 6.0">
>> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000001 /f
>> -  </xsl:when>
>> -  <xsl:otherwise>
>> -bcdedit.exe -set loadoptions EENABLE_INTEGRITY_CHECKS
>> -bcdedit.exe -set TESTSIGNING OFF
>> -  </xsl:otherwise>
>> -</xsl:choose>
>>  EXIT
>>       </xsl:template>
>>        </xsl:stylesheet>
>> diff --git a/data/install-scripts/windows-sif.xml b/data/install-scripts/windows-sif.xml
>> index 630df56..2bccc5d 100644
>> --- a/data/install-scripts/windows-sif.xml
>> +++ b/data/install-scripts/windows-sif.xml
>> @@ -10,6 +10,7 @@
>>        <param name="admin-password" policy="optional"/>
>>        <param name="reg-product-key" policy="required"/>
>>        <param name="user-realname" policy="required"/>
>> +      <param name="driver-signing" policy="optional"/>
>>      </config>
>>      <template>
>>        <xsl:stylesheet
>> @@ -30,6 +31,9 @@
>>      OemSkipEula=Yes
>>      OemPreinstall=No
>>      TargetPath=\WINDOWS
>> +<xsl:if test="config/driver-signing = 'false'">
>> +    DriverSigningPolicy=Ignore
>> +</xsl:if>
>>      Repartition=Yes
>>      WaitForReboot=No
>>      UnattendSwitch=Yes
>> @@ -78,6 +82,7 @@
>>        <param name="user-realname" policy="required"/>
>>        <param name="hostname" policy="required"/>
>>        <param name="script-disk" policy="optional"/>
>> +      <param name="driver-signing" policy="optional"/>
>>      </config>
>>      <template>
>>        <xsl:stylesheet
>> @@ -142,6 +147,9 @@
>>      TargetPath=\WINNT
>>    </xsl:otherwise>
>>  </xsl:choose>
>> +<xsl:if test="config/driver-signing = 'false'">
>> +    DriverSigningPolicy=Ignore
>> +</xsl:if>
>>      Repartition=Yes
>>      WaitForReboot="No"
>>      UnattendSwitch="Yes"
>> diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
>> index df2ba90..0942290 100644
>> --- a/osinfo/libosinfo.syms
>> +++ b/osinfo/libosinfo.syms
>> @@ -403,6 +403,9 @@ LIBOSINFO_0.2.6 {
>>      global:
>>       osinfo_device_driver_get_signed;
>>       osinfo_device_driver_set_signed;
>> +
>> +     osinfo_install_config_get_driver_signing;
>> +     osinfo_install_config_set_driver_signing;
>>  } LIBOSINFO_0.2.3;
>>
>>  /* Symbols in next release...
>> diff --git a/osinfo/osinfo_install_config.c b/osinfo/osinfo_install_config.c
>> index 1712be5..f6d2561 100644
>> --- a/osinfo/osinfo_install_config.c
>> +++ b/osinfo/osinfo_install_config.c
>> @@ -641,6 +641,31 @@ const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInsta
>>               OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION);
>>  }
>>
>> +/**
>> + * osinfo_install_config_set_driver_signing:
>> + * @config: the install config
>> + * @signing: boolean value
>> + *
>> + * If a script requires drivers to be signed, this function can be used to
>> + * disable that security feature. WARNING: Disable driver signing may very well
>> + * mean disabling it permanently.
>
> I think 'disabling driver signing may ...' is better

Thats what I meant to write actually. :)

>> + */
>> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
>> +                                              gboolean signing)
>> +{
>> +    osinfo_entity_set_param_boolean(OSINFO_ENTITY(config),
>> +                                    OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
>> +                                    signing);
>> +}
>> +
>
> Why no API doc for get_driver_signing?

In case of simple getter/setter that will generally have more of less
the same to say in the docs, I skip it for one (depending on which
will be most used) but if you want I can add something.

>> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config)
>> +{
>> +    return osinfo_entity_get_param_value_boolean_with_default
>> +            (OSINFO_ENTITY(config),
>> +             OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
>> +             TRUE);
>> +}
>> +
>>  /*
>>   * Local variables:
>>   *  indent-tabs-mode: nil
>> diff --git a/osinfo/osinfo_install_config.h b/osinfo/osinfo_install_config.h
>> index d650a0a..b3cfa7e 100644
>> --- a/osinfo/osinfo_install_config.h
>> +++ b/osinfo/osinfo_install_config.h
>> @@ -67,6 +67,8 @@
>>  #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK "post-install-drivers-disk"
>>  #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION "post-install-drivers-location"
>>
>> +#define OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING "driver-signing"
>> +
>>  typedef struct _OsinfoInstallConfig        OsinfoInstallConfig;
>>  typedef struct _OsinfoInstallConfigClass   OsinfoInstallConfigClass;
>>  typedef struct _OsinfoInstallConfigPrivate OsinfoInstallConfigPrivate;
>> @@ -193,6 +195,10 @@ void osinfo_install_config_set_post_install_drivers_location(OsinfoInstallConfig
>>                                                               const gchar *location);
>>  const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInstallConfig *config);
>>
>> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
>> +                                              gboolean signing);
>> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config);
>> +
>>  #endif /* __OSINFO_INSTALL_CONFIG_H__ */
>>  /*
>>   * Local variables:
>> --
>> 1.8.1.4
>>
>> _______________________________________________
>> Libosinfo mailing list
>> Libosinfo at redhat.com
>> https://www.redhat.com/mailman/listinfo/libosinfo



-- 
Regards,

Zeeshan Ali (Khattak)
FSF member#5124




More information about the Libosinfo mailing list