(repost to reply to the whole list now) Hi Xiaofan,
2009/10/13 Xiaofan Chen <[email protected]> > > One of the major issue is that you are now using test-signed driver > with Vista 64bit and Windows 7 64bit. > Yes indeed, although I personally don't consider it as a major issue. It is my personal opinion that, since the certificate store on Windows systems that require signed drivers, is well protected enough (requires administrative privileges to install a code signing cert as trusted root), Windows *should* let users run their own self signed drivers by default, if they went all the trouble installing a root cert for it. Requiring the setting of Windows to Test Mode to run drivers is just another big money making scheme for Verisign & co and a way to oust out Open Source drivers under the false pretence of increasing security. If a user *explicitly* tell an OS that they want to install a self-signed driver, the OS should let them do so by default (just like if a user explicitly tell an OS that they want to run untrusted software, the OS should let them do so). The OS of course should warn the user as much as it can, and protect its critical operations (using signed drivers is a good approach), but in the end, the user should have the final word on what they run on their OS, rather than some ill-defined entity in Redmond... Again, this is my personal opinion, and I'm well aware not everybody thinks along these lines... > As you mentioned in the Spartfun forum post, "PS: I don't care much > about disabling the Test Mode & version report on the Wallpaper. > In fact, I prefer seeing the Windows version I am running." > However, the other users may not be happy with this. And I > am not so sure about Microsoft's policy on distributing > test-signed Windows device drivers to the general public... > Aha, but the thing is, I am not distributing a test-signed device driver. In my archive, I am actually providing *unsigned* drivers, along with the tools & script for users to self-sign them, and I am requiring users to do their own signing before installation. This way, I am not providing a master signing certificate that could potentially be abused. If they follow my guidelines, every single user of the driver will have a unique root signing certificate. This should prevent the kind of attacks where some untrusted parties provides a root code signing certificate for a device driver, and then use that same cert to install rogue drivers on all the computers that use it. I considered both options, and I believe this is the most satisfying one, although, for users who don't want to go through the whole signing process manually, I provide scripts to automate the process, which require Administrative rights to run, and that might make a few people nervous. I do advertise users to check for the tools and scripts they downloaded in a security note though, as the tools provided came from the Windows 7.0.0 DDK, and can be freely downloaded/verified by anyone. For more information, have a look in the drivers/ directory in my archive. Now, I'm pretty sure I saw some talk about trying to get a good soul, with a valid Microsoft Code Signing certificate, to sign an "official" version of the libusb Windows drivers for 64 bit systems. This would avoid this whole test-signing mess when installing OpenOCD w/ libfti on Windows, and the scaring of regular users (or people who don't like the Test Mode). That could probably also benefit other projects relying on LibUSB-Win32 (psplink comes to my mind). Not sure if somebody has agreed to do the signing though... Regards, >NIL: 2009/10/13 Xiaofan Chen <[email protected]> > On Tue, Oct 13, 2009 at 8:57 AM, Redirect "Slash" NIL > <[email protected]> wrote: > > I finally managed to compile a GPL compliant version of OpenOCD for > Windows > > 64 bit system, using libftdi (If you're interested, I posted some > binaries > > in http://forum.sparkfun.com/viewforum.php?f=18 and I'll post my > compilation > > steps soon) > > > > Thanks for the sharing. > > One of the major issue is that you are now using test-signed driver > with Vista 64bit and Windows 7 64bit. > > As you mentioned in the Spartfun forum post, "PS: I don't care much > about disabling the Test Mode & version report on the Wallpaper. > In fact, I prefer seeing the Windows version I am running." > However, the other users may not be happy with this. And I > am not so sure about Microsoft's policy on distributing > test-signed Windows device drivers to the general public... > > > > -- > Xiaofan http://mcuee.blogspot.com >
_______________________________________________ Openocd-development mailing list [email protected] https://lists.berlios.de/mailman/listinfo/openocd-development
