On Tue, May 07, 2013 at 11:02:15AM -0500, Frank Moss wrote:
> I understand that you do not currently sign the upstream drivers and
> that the practice of placing a windows 7 x64 box in test mode is a
> possible workaround, but it is not a solution and in some instances can
> violate security policy.
> That said, the lack of driver signing prevented my former group from
> providing this as a VDI solution to a government agency. In addition,
> this is hindering my new group's ability to offer this as a transport
> mechanism for our DaaS (internal only) offering.
> 
> Why are the stable driver releases unsigned?
> What are the barriers to the driver signing?

Note that there are 2 different signatures, one that is done by the company
building the driver, and another one done by Microsoft as part of the WHQL
process (hardware certification). The drivers on spice-space.org have a Red
Hat signature, but did not go through WHQL. And newer Windows versions are
unfortunately refuse to install drivers without a WHQL signature unless you
go through the hacks you mentioned.

I think the main barriers to WHQL signing of these drivers is that it costs
money, and iirc MS will not sign drivers with a copyleft licence, which
would be another issue.

Hope that helps,

Christophe

Attachment: pgpj5E5mNZ4d_.pgp
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel

Reply via email to