Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars

Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 1  
21 Apr 17 12:59
Serge G
Join Date: 13 Apr 2017
Posts To This List: 8
RE: Re: [OSR-DETECTED-SPAM] RE: SecureBoot/Driver signing for corporate usage

Thank you Tim, I understand that. Unfortunately the genuine problem, i.e. Secure Boot compatibility without the attestation of private (by definition) drivers, looks unsolvable so far. So any private entity has to be made "public" for the attestation frist. And there are no reliable options to make it Secure Boot compatible (keeping it private) beyond switching Secure Boot off completely. I still hope that there is a way to sign the driver "privately" by putting the related certificate in the UEFI's DB for the verification. All my experiments failed so far. Maybe because of the DB is used for genuine UEFI binaries verification only, so the kernel drivers are verified somehow else. Maybe because of lack of the diagnostics. I can put a driver's "root" certificate into the DB, the sign verification fails, but I can't realize whether it happens by design or by different certificate format to be used in the DB. Looks like BIOS interface allows adding nearly everything to the DB by just concatenating whatever chosen. Thank you, Serge
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 23:37.

Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license