[Libosinfo] [PATCH v2] install-config, winxp, win7: API to enable/disable driver signing

Christophe Fergeau cfergeau at redhat.com
Fri Mar 15 14:52:15 UTC 2013 

ACK

On Fri, Mar 15, 2013 at 04:23:10PM +0200, Zeeshan Ali (Khattak) wrote:
> From: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
> 
> While I thought that I had solved the problem of Windows requiring
> signed device drivers and QXL driver being unsigned, I could't be more
> wrong:
> 
> * The registry key magic I used for disabling driver signature checks
>   on XP seems to be far from reliable. I tested it many many times but
>   on a weird broken version of XP home edition that I can't seem to
>   have access to anymore. I now tested against both home and professional
>   editions both with and without this registry key magic and I observed
>   the same result in both cases: Drivers do get installed but they remain
>   unused by the OS after installation. The only reliable way of
>   effectively disabling signture checks during installation is through
>   the 'DriverSigningPolicy' option in .sif file, which means disabling
>   signature checks permanently.
> * On Windows 7, disabling integrity checks and test signing after
>   drivers' installation disables the already installed drivers too if
>   they are not signed.
> * The reason I thought QXL was functional at first was that automatic
>   resolution setting was working. Turns out that unlike on Linux, on
>   windows automatic resolution setting only requires spice-vdagent where
>   as QXL is only required for arbitrary resolutions.
> 
> So to make QXL working out of the box, I'm afraid we don't have any
> choice but to disable driver signature checks permanently. Since
> signature checks is a security measure from vendors, we need to leave
> it to applications to decide whether they want to do this or not.
> ---
>  data/install-scripts/windows-cmd.xml | 19 +++----------------
>  data/install-scripts/windows-sif.xml |  8 ++++++++
>  osinfo/libosinfo.syms                |  3 +++
>  osinfo/osinfo_install_config.c       | 33 +++++++++++++++++++++++++++++++++
>  osinfo/osinfo_install_config.h       |  6 ++++++
>  5 files changed, 53 insertions(+), 16 deletions(-)
> 
> diff --git a/data/install-scripts/windows-cmd.xml b/data/install-scripts/windows-cmd.xml
> index e8ffc35..c45c543 100644
> --- a/data/install-scripts/windows-cmd.xml
> +++ b/data/install-scripts/windows-cmd.xml
> @@ -14,6 +14,7 @@
>        <param name="script-disk" policy="optional"/>
>        <param name="post-install-drivers-disk" policy="optional"/>
>        <param name="post-install-drivers-location" policy="optional"/>
> +      <param name="driver-signing" policy="optional"/>
>      </config>
>      <avatar-format>
>        <mime-type>image/bmp</mime-type>
> @@ -71,27 +72,13 @@ REGEDIT /S <xsl:call-template name="script-disk"/>:\windows.reg
>  </xsl:if>
>  
>  <xsl:call-template name="post-install-drivers-disk"/>:
> -<xsl:choose>
> -  <xsl:when test="os/version < 6.0">
> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
> -  </xsl:when>
> -  <xsl:otherwise>
> +<xsl:if test="config/driver-signing = 'false' and os/version > 5.1">
>  bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
>  bcdedit.exe -set TESTSIGNING ON
> -  </xsl:otherwise>
> -</xsl:choose>
> +</xsl:if>
>  
>  for %%i in ("<xsl:call-template name="post-install-drivers-disk"/>:<xsl:value-of select="config/post-install-drivers-location"/>\*.cmd") do cmd /c %%i
>  
> -<xsl:choose>
> -  <xsl:when test="os/version < 6.0">
> -reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000001 /f
> -  </xsl:when>
> -  <xsl:otherwise>
> -bcdedit.exe -set loadoptions EENABLE_INTEGRITY_CHECKS
> -bcdedit.exe -set TESTSIGNING OFF
> -  </xsl:otherwise>
> -</xsl:choose>
>  EXIT
>  	</xsl:template>
>        </xsl:stylesheet>
> diff --git a/data/install-scripts/windows-sif.xml b/data/install-scripts/windows-sif.xml
> index 630df56..2bccc5d 100644
> --- a/data/install-scripts/windows-sif.xml
> +++ b/data/install-scripts/windows-sif.xml
> @@ -10,6 +10,7 @@
>        <param name="admin-password" policy="optional"/>
>        <param name="reg-product-key" policy="required"/>
>        <param name="user-realname" policy="required"/>
> +      <param name="driver-signing" policy="optional"/>
>      </config>
>      <template>
>        <xsl:stylesheet
> @@ -30,6 +31,9 @@
>      OemSkipEula=Yes
>      OemPreinstall=No
>      TargetPath=\WINDOWS
> +<xsl:if test="config/driver-signing = 'false'">
> +    DriverSigningPolicy=Ignore
> +</xsl:if>
>      Repartition=Yes
>      WaitForReboot=No
>      UnattendSwitch=Yes
> @@ -78,6 +82,7 @@
>        <param name="user-realname" policy="required"/>
>        <param name="hostname" policy="required"/>
>        <param name="script-disk" policy="optional"/>
> +      <param name="driver-signing" policy="optional"/>
>      </config>
>      <template>
>        <xsl:stylesheet
> @@ -142,6 +147,9 @@
>      TargetPath=\WINNT
>    </xsl:otherwise>
>  </xsl:choose>
> +<xsl:if test="config/driver-signing = 'false'">
> +    DriverSigningPolicy=Ignore
> +</xsl:if>
>      Repartition=Yes
>      WaitForReboot="No"
>      UnattendSwitch="Yes"
> diff --git a/osinfo/libosinfo.syms b/osinfo/libosinfo.syms
> index df2ba90..0942290 100644
> --- a/osinfo/libosinfo.syms
> +++ b/osinfo/libosinfo.syms
> @@ -403,6 +403,9 @@ LIBOSINFO_0.2.6 {
>      global:
>  	osinfo_device_driver_get_signed;
>  	osinfo_device_driver_set_signed;
> +
> +	osinfo_install_config_get_driver_signing;
> +	osinfo_install_config_set_driver_signing;
>  } LIBOSINFO_0.2.3;
>  
>  /* Symbols in next release...
> diff --git a/osinfo/osinfo_install_config.c b/osinfo/osinfo_install_config.c
> index 1712be5..5a9627a 100644
> --- a/osinfo/osinfo_install_config.c
> +++ b/osinfo/osinfo_install_config.c
> @@ -641,6 +641,39 @@ const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInsta
>               OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION);
>  }
>  
> +/**
> + * osinfo_install_config_set_driver_signing:
> + * @config: the install config
> + * @signing: boolean value
> + *
> + * If a script requires drivers to be signed, this function can be used to
> + * disable that security feature. WARNING: Disabling driver signing may very
> + * well mean disabling it permanently.
> + */
> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
> +                                              gboolean signing)
> +{
> +    osinfo_entity_set_param_boolean(OSINFO_ENTITY(config),
> +                                    OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
> +                                    signing);
> +}
> +
> +/**
> + * osinfo_install_config_get_driver_signing:
> + * @config: the install config
> + *
> + * Returns: %TRUE if driver signing is currently enabled, %FALSE otherwise, see
> + * #osinfo_install_config_set_driver_signing() for more details about driver
> + * signing.
> + */
> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config)
> +{
> +    return osinfo_entity_get_param_value_boolean_with_default
> +            (OSINFO_ENTITY(config),
> +             OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
> +             TRUE);
> +}
> +
>  /*
>   * Local variables:
>   *  indent-tabs-mode: nil
> diff --git a/osinfo/osinfo_install_config.h b/osinfo/osinfo_install_config.h
> index d650a0a..b3cfa7e 100644
> --- a/osinfo/osinfo_install_config.h
> +++ b/osinfo/osinfo_install_config.h
> @@ -67,6 +67,8 @@
>  #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK "post-install-drivers-disk"
>  #define OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION "post-install-drivers-location"
>  
> +#define OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING "driver-signing"
> +
>  typedef struct _OsinfoInstallConfig        OsinfoInstallConfig;
>  typedef struct _OsinfoInstallConfigClass   OsinfoInstallConfigClass;
>  typedef struct _OsinfoInstallConfigPrivate OsinfoInstallConfigPrivate;
> @@ -193,6 +195,10 @@ void osinfo_install_config_set_post_install_drivers_location(OsinfoInstallConfig
>                                                               const gchar *location);
>  const gchar *osinfo_install_config_get_post_install_drivers_location(OsinfoInstallConfig *config);
>  
> +void osinfo_install_config_set_driver_signing(OsinfoInstallConfig *config,
> +                                              gboolean signing);
> +gboolean osinfo_install_config_get_driver_signing(OsinfoInstallConfig *config);
> +
>  #endif /* __OSINFO_INSTALL_CONFIG_H__ */
>  /*
>   * Local variables:
> -- 
> 1.8.1.4
> 
> _______________________________________________
> Libosinfo mailing list
> Libosinfo at redhat.com
> https://www.redhat.com/mailman/listinfo/libosinfo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libosinfo/attachments/20130315/7bf96318/attachment.sig>

More information about the Libosinfo mailing list