Hi Klaus, Thanks for the quick reply.
I tried loading a test-signed PDM module for development (obviously with test-signing enabled in the machine) but it fails with a "no trusted paths" error. I'm guessing that even on development or test machines you require the module to be cross-signed with the Microsoft cert? I'm also guessing you don't debug custom PDM modules with release versions of VirtualBox. Is there any way I can do this without having to sign debug binaries? Thanks, Jose On Tue, Jul 29, 2014 at 7:43 PM, Klaus Espenlaub <[email protected] > wrote: > José, > > On 29.07.2014 15:53, José Massada wrote: > > Hi, > > > > The new hardening code breaks VirtualBox when trying to load a custom > > built PDM module (VERR_LDRIV_NOT_SIGNED). This is a custom virtual PCI > > device that we've been using for quite some time now. > > Yes, that signing requirement is a change which had to be done in 4.3.14. > > > I've looked at the code and I see that some unsigned dlls are being > > ignored if they are in certain system paths. I tried loading it from > > \\SystemRoot\\System32\\ but with no luck. > > There's no signing exemption for PDM modules, so there's no point in > moving them to such a directory. > > > Linux version works fine when installed to a root owned system path. > > That's comparing apples and oranges, as the systems have a vastly > different basic security system design and need different approaches for > hardening. > > > Am I to assume that I'll have to, somehow, sign the dll? > > Correct. You need a cert suitable for Windows kernel driver signing, > nothing else is accepted. There are very few CAs which offer this (as it > needs to be cross-signed by Microsoft). > > > Too much hardening maybe? > > No, this is intentional and required for the hardening to work. It won't > go away in future builds. > > Klaus > > > Cheers, > > Jose > > _______________________________________________ > vbox-dev mailing list > [email protected] > https://www.virtualbox.org/mailman/listinfo/vbox-dev >
_______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
