On Thu, Feb 7, 2013 at 10:56 AM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > On Thu, Feb 07, 2013 at 02:16:52AM +0200, Zeeshan Ali (Khattak) wrote: >> On Wed, Feb 6, 2013 at 3:23 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: >> > On Wed, Feb 06, 2013 at 03:17:00PM +0200, Zeeshan Ali (Khattak) wrote: >> >> Why not let apps decide that? We are giving them info on the signed >> >> status of drivers and they can make an informed decision. >> > >> > This is exactly my point, applications cannot say "I'm only using signed >> > drivers, don't disable signature checking" with the current series as far >> > as I understand it. >> >> If applications are only going to use signed drivers, they don't need >> to disable anything. So really there is no app that is going to need >> this API but to get this very important work in, I'll live with a bit >> of redundant API. > > Yes, applications using signed drivers will not need to disable anything. > However, my understanding is that you want to use *unsigned* drivers in > your application, in that case you need to disable signature verification. > You are designing the whole thing with the nominal case being unsigned > drivers being case, which makes sense for your use case. Not at all. I'm providing application with information that drivers are signed or not. Based on that they can make a decision. If they decide to use unsigned drivers, there is absolutely no reason any app would want to disable some checks as well. Unless you could specify a (not hypothetical) usecase or example of an app that would want such a thing, I don't think there is any need for what you are asking for. Especially since I told you the problems with making this configurable in the last mail. > The fact that you are using unsigned drivers in the first place is a 'bug' > imo, IMO the bug is that Microsoft requires these signatures. Its obvious that not everyone can get their drivers signed no matter how "secure" or good they are so requiring this signature is just wrong of them. Moreover, even as security measure, its doubtful that MS thought of an application being invovled in the process. The common use case involves only the user and MS' software (mainly the installer). Its a very usual thing to not trust users to know exactly what they are doing. They can get malicious drivers from anywhere and try to install them. In case of libosinfo, there is going to be an app involved, making the decision for the user. > and the right way of handling that is doing whatever it takes to get > signed drivers instead the unsigned ones. Hence, the unsigned driver code > in libosinfo is just a workaround for that, and since this workaround > involves disabling some built-in OS checks, then we need an API to > explicitly disable these if that's what we want. Unless you can point out any usecase, I'm not going to add confusing API just to satisfy some particular proprietary vendor. > I even remember you > telling me that MS says signature checks on Win7 should only be disabled > in test setups, not on production machines, which seems consistent with not > doing this by default in libosinfo.. Yes? I don't live to serve MS. :) -- Regards, Zeeshan Ali (Khattak) FSF member#5124 _______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo