José, On 29.07.2014 15:53, José Massada wrote: > Hi, > > The new hardening code breaks VirtualBox when trying to load a custom > built PDM module (VERR_LDRIV_NOT_SIGNED). This is a custom virtual PCI > device that we've been using for quite some time now.
Yes, that signing requirement is a change which had to be done in 4.3.14. > I've looked at the code and I see that some unsigned dlls are being > ignored if they are in certain system paths. I tried loading it from > \\SystemRoot\\System32\\ but with no luck. There's no signing exemption for PDM modules, so there's no point in moving them to such a directory. > Linux version works fine when installed to a root owned system path. That's comparing apples and oranges, as the systems have a vastly different basic security system design and need different approaches for hardening. > Am I to assume that I'll have to, somehow, sign the dll? Correct. You need a cert suitable for Windows kernel driver signing, nothing else is accepted. There are very few CAs which offer this (as it needs to be cross-signed by Microsoft). > Too much hardening maybe? No, this is intentional and required for the hardening to work. It won't go away in future builds. Klaus > Cheers, > Jose _______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
