xxxxx@gmail.com wrote:
Driver signing is the most complex and expensive addition to hit drivers since I have been writing them for 20 years. I am unsure why it has to be this way.
In retrospect, I don’t think this situation is any more complicated than
any of the other learning curves we climb to get a driver out into the
public. There is a large amount of boilerplate in the recipe, but once
you get the recipe right, it just works from then on.
Answers to any of these questions might help me understand this situation:
- Why are there different classes of certificates for driver developers? For instance, why can’t the VeriSign organization certificate be used for code signing or a GlobalSign code signing certificate be used for winqual?
Partly, this is so certificate vendors can generate profit. The
certificate specification (and there IS a spec) does define a large
number of different “certificate uses”. The usage codes are embedded in
the certificate. This goes with the “perceived value” principle; some
usages are perceived as being more valuable than other usages, so the
capitalist principle is that you should pay more.
There IS some overlap. You can get a single VeriSign certificate that
does code signing AND works for Winqual. Neither VeriSign nor Winqual
are particularly interested in reducing your cost of business.
- Why are we absolutely required to do business with VeriSign for logo? What would happen if they went out of business?
This is probably historical. Winqual has had the certificate
requirement for a very very long time, and when they started, there
really were no other alternatives. No one of importance has ever
complained seriously about it, so there has been no incentive to
change. After all, the $99 certificate is a relatively minor cost,
compared to the cost of submitting driver packages. The onesy-twosy
shops are not the important people. The important people are the Dells
and HPs of the world, who submit dozens or hundreds of driver packages
throughout the year.
- Why are certificates forced to expire every 1-3 years. Why can’t we just buy one that lasts forever?
Because people (and companies) move. The fundamental purpose for driver
signing is to provide a reliable path for lawyers to find you when your
driver causes damage. VeriSign is not going to promise that you can
still be reached at the address you signed up with 8 years ago.
- Why are certificates so expensive? And why is it an annual fee based rather than a single setup fee? How much work does VeriSign do year 2 compared to year 1?
Capitalism. You and I both know that the incremental cost of a
certificate is nearly nil. They do 10 minutes of automated background
checking by looking at your Dun & Bradstreet database record, and that’s
pretty much it.
- Why is so much red tape necessary to get a certificate issued? It is impractical to get a certificate for some mobile, internet based consultants who need to meet physical presence tests for somewhere they have barely stayed or won’t be there much longer anyway.
And those are exactly the people who should not be getting certificates,
because they can’t be reached when liability issues arise.
As disgusting and disappointing as it may be, the Windows world of today
is not like the Wild West MS-DOS world of 1987, where virtually all of
the good stuff came from one-off shareware authors doing it for the
fun. Today, what we have is much more like the mainframe world of
1975. PCs are now corporate mission-critical. Rogue kernel code can
cause millions of dollars of damage to a company. If you want to submit
your driver into that world, you need to be willing to submit to a fair
amount of scrutiny. That’s just the way it is.
- Why is signing the driver not part of the build tool? I modified mine by hand that everytime I press build it pops out a perfectly release signed driver, even for checked builds. I and my customers agree this has every advantage and no disdavantage.
I’m not sure what you mean. You can certainly add a “signtool” call to
your sources/makefile setup so that it runs when you call “build”.
There don’t happen to be any samples that show this, but that doesn’t
mean it’s “not part of the build tool”.
- Why aren’t individuals allowed to write drivers anymore? They are prohibited from obtaining a certificate and thus barred from access to new Windows systems.
Liability. Individuals are inherently less reachable than corporations
when subpeona time rolls around.
- Since this forum is riddled with posts about driver signing is it time to open a new forum for it?
I don’t think so. Like most driver questions, once you climb over the
learning curve hump, this becomes a non-issue.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.