[Libosinfo] [PATCH 2/3] install-config, winxp, win7: API to enable/disable driver signing
Zeeshan Ali (Khattak)
zeeshanak at gnome.org
Thu Mar 14 15:46:11 UTC 2013
On Thu, Mar 14, 2013 at 5:22 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> On Thu, Mar 14, 2013 at 04:16:58AM +0200, Zeeshan Ali (Khattak) wrote:
>> From: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
>>
>> While I thought that I had solved the problem of Windows requiring
>> signed device drivers and QXL driver being unsigned, I could't be more
>> wrong:
>>
>> * The registry key magic I used for disabling driver signature checks
>> on XP seems to be far from reliable. I tested it many many times but
>> on a weird broken version of XP home edition that I can't seem to
>> have access to anymore. I now tested against both home and professional
>> editions both with and without this registry key magic and I observed
>> the same result in both cases: Drivers do get installed but they remain
>> unused by the OS after installation. The only reliable way of
>> effectively disabling signture checks during installation is through
>> the 'DriverSigningPolicy' option in .sif file, which means disabling
>> signature checks permanently.
>> * On Windows 7, disabling integrity checks and test signing after
>> drivers' installation disables the already installed drivers too if
>> they are not signed.
>> * The reason I thought QXL was functional at first was that automatic
>> resolution setting was working. Turns out that unlike on Linux, on
>> windows automatic resolution setting only requires spice-vdagent where
>> as QXL is only required for arbitrary resolutions.
>>
>> So to make QXL working out of the box, I'm afraid we don't have any
>> choice but to disable driver signature checks permanently. Since
>> signature checks is a security measure from vendors, we need to leave
>> it to applications to decide whether they want to do this or not.
>
> As whether driver signing is enabled or not is stored in the entity
> property OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING, I'm under the
> impression that if the user does not call _set_signing(), we will
> default to disabling signing (the property is not set, so
> we get FALSE when trying to read it, so signing is disabled).
If app does not call the setter explicitly, the
OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING entity parameter is never
set so when generating the script from the config,
"config/driver-signing" in XSL evaluates to empty string. Also,
osinfo_install_config_get_driver_signing() returns TRUE if entity is
not found.
>> ---
>> data/install-scripts/windows-cmd.xml | 19 +++----------------
>> data/install-scripts/windows-sif.xml | 8 ++++++++
>> osinfo/libosinfo.syms | 3 +++
>> osinfo/osinfo_install_config.c | 25 +++++++++++++++++++++++++
>> osinfo/osinfo_install_config.h | 6 ++++++
>> 5 files changed, 45 insertions(+), 16 deletions(-)
>>
>> diff --git a/data/install-scripts/windows-cmd.xml b/data/install-scripts/windows-cmd.xml
>> index e8ffc35..c45c543 100644
>> --- a/data/install-scripts/windows-cmd.xml
>> +++ b/data/install-scripts/windows-cmd.xml
>> @@ -14,6 +14,7 @@
>> <param name="script-disk" policy="optional"/>
>> <param name="post-install-drivers-disk" policy="optional"/>
>> <param name="post-install-drivers-location" policy="optional"/>
>> + <param name="driver-signing" policy="optional"/>
>> </config>
>> <avatar-format>
>> <mime-type>image/bmp</mime-type>
>> @@ -71,27 +72,13 @@ REGEDIT /S <xsl:call-template name="script-disk"/>:\windows.reg
>> </xsl:if>
>>
>> <xsl:call-template name="post-install-drivers-disk"/>:
>> -<xsl:choose>
>> - <xsl:when test="os/version < 6.0">
>> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
>> - </xsl:when>
>> - <xsl:otherwise>
>> +<xsl:if test="config/driver-signing = 'false' and os/version > 5.1">
>> bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
>> bcdedit.exe -set TESTSIGNING ON
>> - </xsl:otherwise>
>> -</xsl:choose>
>> +</xsl:if>
>>
>> for %%i in ("<xsl:call-template name="post-install-drivers-disk"/>:<xsl:value-of select="config/post-install-drivers-location"/>\*.cmd") do cmd /c %%i
>>
>> -<xsl:choose>
>> - <xsl:when test="os/version < 6.0">
>> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000001 /f
>> - </xsl:when>
>> - <xsl:otherwise>
>> -bcdedit.exe -set loadoptions EENABLE_INTEGRITY_CHECKS
>> -bcdedit.exe -set TESTSIGNING OFF
>> - </xsl:otherwise>
>> -</xsl:choose>
>> EXIT
>> </xsl:template>
>> </xsl:stylesheet>
>> diff --git a/data/install-scripts/windows-sif.xml b/data/install-scripts/windows-sif.xml
>> index 630df56..2bccc5d 100644
>> --- a/data/install-scripts/windows-sif.xml
>> +++ b/data/install-scripts/windows-sif.xml
>> @@ -10,6 +10,7 @@
>> <param name="admin-password" policy="optional"/>
>> <param name="reg-product-key" policy="required"/>
>> <param name="user-realname" policy="required"/>
>> + <param name="driver-signing" policy="optional"/>
>> </config>
>> <template>
>> <xsl:stylesheet
>> @@ -30,6 +31,9 @@
>> OemSkipEula=Yes
>> OemPreinstall=No
>> TargetPath=\WINDOWS
>> +<xsl:if test="config/driver-signing = 'false'">
>> + DriverSigningPolicy=Ignore
>> +</xsl:if>
>> Repartition=Yes
>> WaitForReboot=No
>> UnattendSwitch=Yes
>> @@ -78,6 +82,7 @@
>> <param name="user-realname" policy="required"/>
>> <param name="hostname" policy="required"/>
>> <param name="script-disk" policy="optional"/>
>> + <param name="driver-signing" policy="optional"/>
>> </config>
>> <template>
>> <xsl:stylesheet
>> @@ -142,6 +147,9 @@
>> TargetPath=\WINNT
>> </xsl:otherwise>
>> </xsl:choose>
>> +<xsl:if test="config/driver-signing = 'false'">
>> + DriverSigningPolicy=Ignore
>> +</xsl:if>
>> Repartition=Yes
>> WaitForReboot="No"
>> UnattendSwitch="Yes"
>> diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
>> index df2ba90..0942290 100644
>> --- a/osinfo/libosinfo.syms
>> +++ b/osinfo/libosinfo.syms
>> @@ -403,6 +403,9 @@ LIBOSINFO_0.2.6 {
>> global:
>> osinfo_device_driver_get_signed;
>> osinfo_device_driver_set_signed;
>> +
>> + osinfo_install_config_get_driver_signing;
>> + osinfo_install_config_set_driver_signing;
>> } LIBOSINFO_0.2.3;
>>
>> /* Symbols in next release...
>> diff --git a/osinfo/osinfo_install_config.c b/osinfo/osinfo_install_config.c
>> index 1712be5..f6d2561 100644
>> --- a/osinfo/osinfo_install_config.c
>> +++ b/osinfo/osinfo_install_config.c
>> @@ -641,6 +641,31 @@ const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInsta
>> OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION);
>> }
>>
>> +/**
>> + * osinfo_install_config_set_driver_signing:
>> + * @config: the install config
>> + * @signing: boolean value
>> + *
>> + * If a script requires drivers to be signed, this function can be used to
>> + * disable that security feature. WARNING: Disable driver signing may very well
>> + * mean disabling it permanently.
>
> I think 'disabling driver signing may ...' is better
Thats what I meant to write actually. :)
>> + */
>> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
>> + gboolean signing)
>> +{
>> + osinfo_entity_set_param_boolean(OSINFO_ENTITY(config),
>> + OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
>> + signing);
>> +}
>> +
>
> Why no API doc for get_driver_signing?
In case of simple getter/setter that will generally have more of less
the same to say in the docs, I skip it for one (depending on which
will be most used) but if you want I can add something.
>> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config)
>> +{
>> + return osinfo_entity_get_param_value_boolean_with_default
>> + (OSINFO_ENTITY(config),
>> + OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
>> + TRUE);
>> +}
>> +
>> /*
>> * Local variables:
>> * indent-tabs-mode: nil
>> diff --git a/osinfo/osinfo_install_config.h b/osinfo/osinfo_install_config.h
>> index d650a0a..b3cfa7e 100644
>> --- a/osinfo/osinfo_install_config.h
>> +++ b/osinfo/osinfo_install_config.h
>> @@ -67,6 +67,8 @@
>> #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK "post-install-drivers-disk"
>> #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION "post-install-drivers-location"
>>
>> +#define OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING "driver-signing"
>> +
>> typedef struct _OsinfoInstallConfig OsinfoInstallConfig;
>> typedef struct _OsinfoInstallConfigClass OsinfoInstallConfigClass;
>> typedef struct _OsinfoInstallConfigPrivate OsinfoInstallConfigPrivate;
>> @@ -193,6 +195,10 @@ void osinfo_install_config_set_post_install_drivers_location(OsinfoInstallConfig
>> const gchar *location);
>> const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInstallConfig *config);
>>
>> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
>> + gboolean signing);
>> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config);
>> +
>> #endif /* __OSINFO_INSTALL_CONFIG_H__ */
>> /*
>> * Local variables:
>> --
>> 1.8.1.4
>>
>> _______________________________________________
>> Libosinfo mailing list
>> Libosinfo at redhat.com
>> https://www.redhat.com/mailman/listinfo/libosinfo
--
Regards,
Zeeshan Ali (Khattak)
FSF member#5124
More information about the Libosinfo
mailing list