Hi Carsten, Thanks for the clarifications! The releases will have signed drivers, of course. The idea is to use self-signed drivers for the OpenVPN testing tree only. These drivers change rapidly, so an easy, non-bureaucratic way to sign the drivers is an absolute necessity. If self-signing is the only way to achieve that goal, then the user has to choose between OpenVPN testing and DRM-protected "premium" content.
-- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock > Hello, > > >> Discussed driver signing issues with Windows Vista / Windows 7. Agreed >> that it should be possible to self-sign the drivers OpenVPN uses. >> > > Not for releases, even for public betas this is a no-go. > If test signing is enabled DRM content can't be played. > > Please read the documentation, it's well documented. > http://www.microsoft.com/whdc/winlogo/drvsign/drvsign.mspx > > |Enabling Test Signing > |Use the BCDEdit command-line tool to enable test signing. To use BCDEdit, > the user must be a member > |of the Administrator group on the system and run the command from an > elevated command prompt. > |An elevated command prompt can be launched by creating a desktop shortcut to > cmd.exe, > |right-clicking the shortcut, and then clicking Run as administrator. > |The following shows an example of running BDCEdit at the command prompt: > |// Accept test signed kernel mode signatures > |Bcdedit.exe –set TESTSIGNING ON > | > |// Do not accept test signed kernel mode signatures > |Bcdedit.exe –set TESTSIGNING OFF > | > |The TESTSIGNING boot configuration option determines whether Windows Vista > accepts test-signed > |kernel-mode binaries. The option is not defined by default, which means that > digital signatures > |on test-signed kernel-mode drivers will not verify and will not load. When > Windows Vista accepts > |test-signed kernel-mode binaries, some premium content that is protected may > not be accessible on the system. > > Source: Digital Signatures for Kernel Modules on Systems Running Windows > Vista - kmsigning.doc > > The reason for Kernel-Mode Code Signing is that Microsoft can identify > the author of crashing drivers. > > greetings > Carsten > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
