On Tue, May 07, 2013 at 11:02:15AM -0500, Frank Moss wrote: > I understand that you do not currently sign the upstream drivers and > that the practice of placing a windows 7 x64 box in test mode is a > possible workaround, but it is not a solution and in some instances can > violate security policy. > That said, the lack of driver signing prevented my former group from > providing this as a VDI solution to a government agency. In addition, > this is hindering my new group's ability to offer this as a transport > mechanism for our DaaS (internal only) offering. > > Why are the stable driver releases unsigned? > What are the barriers to the driver signing? Note that there are 2 different signatures, one that is done by the company building the driver, and another one done by Microsoft as part of the WHQL process (hardware certification). The drivers on spice-space.org have a Red Hat signature, but did not go through WHQL. And newer Windows versions are unfortunately refuse to install drivers without a WHQL signature unless you go through the hacks you mentioned. I think the main barriers to WHQL signing of these drivers is that it costs money, and iirc MS will not sign drivers with a copyleft licence, which would be another issue. Hope that helps, Christophe
Attachment:
pgpA9vVOD0n6y.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel