----- Original Message ----- > From: "Christophe Fergeau" <cfergeau@xxxxxxxxxx> > To: "Frank Moss" <frank@xxxxxxxxxxxxxx> > Cc: spice-devel@xxxxxxxxxxxxxxxxxxxxx > Sent: Thursday, May 16, 2013 5:29:38 AM > Subject: Re: Windows 7 64bit QXL driver not digitally signed > > On Tue, May 07, 2013 at 11:02:15AM -0500, Frank Moss wrote: > > I understand that you do not currently sign the upstream drivers > > and > > that the practice of placing a windows 7 x64 box in test mode is a > > possible workaround, but it is not a solution and in some instances > > can > > violate security policy. > > That said, the lack of driver signing prevented my former group > > from > > providing this as a VDI solution to a government agency. In > > addition, > > this is hindering my new group's ability to offer this as a > > transport > > mechanism for our DaaS (internal only) offering. > > > > Why are the stable driver releases unsigned? > > What are the barriers to the driver signing? > > Note that there are 2 different signatures, one that is done by the > company > building the driver, and another one done by Microsoft as part of the > WHQL > process (hardware certification). The drivers on spice-space.org have > a Red > Hat signature, but did not go through WHQL. And newer Windows > versions are > unfortunately refuse to install drivers without a WHQL signature > unless you > go through the hacks you mentioned. > > I think the main barriers to WHQL signing of these drivers is that it > costs > money, and iirc MS will not sign drivers with a copyleft licence, > which > would be another issue. Because of Microsoft's refusal to certify GPL drivers we have dual licensing the code with both GPL and proprietary license. The community distributed drivers are GPL and signed with Red Hat's signing certificate The proprietary licensed drivers are signed with Red Hat's certificate but also with Microsoft's WHQL signature. These drivers are currently only available to Red Hat subscribers. > > Hope that helps, > > Christophe > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel > _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel