[Libosinfo] [PATCH 2/8] winxp, installer: Ignore unsigned drivers

Christophe Fergeau cfergeau at redhat.com
Thu Feb 7 08:56:06 UTC 2013 

On Thu, Feb 07, 2013 at 02:16:52AM +0200, Zeeshan Ali (Khattak) wrote:
> On Wed, Feb 6, 2013 at 3:23 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> > On Wed, Feb 06, 2013 at 03:17:00PM +0200, Zeeshan Ali (Khattak) wrote:
> >> Why not let apps decide that? We are giving them info on the signed
> >> status of drivers and they can make an informed decision.
> >
> > This is exactly my point, applications cannot say "I'm only using signed
> > drivers, don't disable signature checking" with the current series as far
> > as I understand it.
> 
> If applications are only going to use signed drivers, they don't need
> to disable anything. So really there is no app that is going to need
> this API but to get this very important work in, I'll live with a bit
> of redundant API.

Yes, applications using signed drivers will not need to disable anything.
However, my understanding is that you want to use *unsigned* drivers in
your application, in that case you need to disable signature verification.
You are designing the whole thing with the nominal case being unsigned
drivers being case, which makes sense for your use case.

The fact that you are using unsigned drivers in the first place is a 'bug'
imo, and the right way of handling that is doing whatever it takes to get
signed drivers instead the unsigned ones. Hence, the unsigned driver code
in libosinfo is just a workaround for that, and since this workaround
involves disabling some built-in OS checks, then we need an API to
explicitly disable these if that's what we want. I even remember you
telling me that MS says signature checks on Win7 should only be disabled
in test setups, not on production machines, which seems consistent with not
doing this by default in libosinfo..

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libosinfo/attachments/20130207/8f71dc93/attachment.sig>

More information about the Libosinfo mailing list