Hello, > Discussed driver signing issues with Windows Vista / Windows 7. Agreed > that it should be possible to self-sign the drivers OpenVPN uses.
Not for releases, even for public betas this is a no-go. If test signing is enabled DRM content can't be played. Please read the documentation, it's well documented. http://www.microsoft.com/whdc/winlogo/drvsign/drvsign.mspx |Enabling Test Signing |Use the BCDEdit command-line tool to enable test signing. To use BCDEdit, the user must be a member |of the Administrator group on the system and run the command from an elevated command prompt. |An elevated command prompt can be launched by creating a desktop shortcut to cmd.exe, |right-clicking the shortcut, and then clicking Run as administrator. |The following shows an example of running BDCEdit at the command prompt: |// Accept test signed kernel mode signatures |Bcdedit.exe –set TESTSIGNING ON | |// Do not accept test signed kernel mode signatures |Bcdedit.exe –set TESTSIGNING OFF | |The TESTSIGNING boot configuration option determines whether Windows Vista accepts test-signed |kernel-mode binaries. The option is not defined by default, which means that digital signatures |on test-signed kernel-mode drivers will not verify and will not load. When Windows Vista accepts |test-signed kernel-mode binaries, some premium content that is protected may not be accessible on the system. Source: Digital Signatures for Kernel Modules on Systems Running Windows Vista - kmsigning.doc The reason for Kernel-Mode Code Signing is that Microsoft can identify the author of crashing drivers. greetings Carsten
