Msg. 07481 of 60014 (This msg. is a reply to
07480 by
Decomposed)
Jump:
It is. The only other option if ya wanted to was to try windoze 10 or as Zim and yerself are trying, look to Linux.
I have BOTH windoze 7 x64 bit Professional and Windoze 10 on my laptop. Ever since I had my son in law to clean off the hard drive, install a new solid state drive and expand the size of the partition where that drive and everything would be stored, this system now screams. From turning on the laptop to being at desktop is under 15 seconds..
I also am getting more accustomed to using it and can still use all my oolder software programs like microsoft Office 2007 for example.
Anyway, I hope the community speaks up but to me it is not the end of the world...
Microsoft has announced that it is ending the ability to cross-sign drivers, effective 1 July 2021. This will effectively make it impossible to release new or updated drivers for Windows 7, Windows 8, and Windows 8.1 systems, including Server 2012 R2. This is not an exaggeration.
The only option that will remain available to devs who want to release drivers for versions of Windows other than Windows 10 will be to have those drivers pass HLK/WHQL testing. Unfortunately, not all drivers are even eligible for HLK/WHQL testing, and even for those that are eligible, getting some drivers to pass the HLK/WHQL tests is effectively impossible.
I know this sounds like I’m exaggerating. But it’s actually the current plan of record. Read on.
I think we all know that Windows drivers need to be digitally signed in order to allow them to be installed and used. As of today, October 2020, there are three options for this signing:
1. Attestation Signing — This applies to Windows 10 only. You create an account on the Microsoft Partner Center Developer Dashboard. When you have a driver package you want to release to the world, you sign it with your Code Signing Certificate, you upload it to the Dashboard, and Microsoft signs the package for you. You can then download the package and release it however you wish.
This “works” because your Developer Dashboard account unambiguously identifies you to Microsoft, and Microsoft’s signature allows your driver to be installed.
2. Cross Signing — This applies only to versions of Windows prior to Windows 10. You sign your driver package using your Code Signing Certificate and a “Cross-Certificate.”
This “works” because you have proved your identify to the satisfaction of your Certification Authority (a level of proof that varies widely) that issued your Code Signing Certificate. The Cross-Certificate identifies the Certification Authority as one that Microsoft trusts. Together, your cert and the cross-cert allow your driver to be installed.3.
3. Passing the HLK (historically called the WHQL) Tests — This applies to all versions of Windows. You install and run the tests defined by the Windows Hardware Lab Kit (HLK), which is easier said than done. The HLK produces a log file, which you sign and upload to the Microsoft Partner Center Developer Dashboard along with your driver package. The Dashboard reviews the HLK results, and if all goes well you download your signed driver package.
This “works” for the same reason that Attestation Signing works: Your Developer Dashboard account unambiguously identifies you to Microsoft, and Microsoft’s signature on your driver package allows your driver to be installed.
As of 1 July 2021, Microsoft is eliminating option #2, Cross-Signing. This will leave passing the HLK the only option for releasing drivers for Windows versions other than Windows 10.
Microsoft first announced this plan back in the July 2019. And, quite frankly, we didn’t believe it. Like so many such misbegotten ideas (remember “All drivers must pass WHQL or they won’t load on Windows Server”) we hoped that the doc writers were misinformed and/or that the policy folks at Microsoft were floating this idea to gauge the community’s reaction.
Since this announcement we here at OSR have consistently engaged with Microsoft in an attempt to determine the true plan for going forward. As I wrote to one my colleagues at Microsoft back in September 2019:
While our friends have certainly been both concerned and collaborative they have not been able to offer a definitive statement that says anything other than what’s been published.
At one point I did hear a rumor that Attestation Signing would be extended to support Windows versions prior to Windows 10 (recall, that Attestation Signing only works for Windows 10 today). And now I’m not hearing anything about that possibility at all.
Some of you might be thinking: We can still just run and pass the HLKs, so we’ll be OK! I can only guess that the only people thinking this are those who either (a) already run/pass the HLKs, (b) have never before bothered to try to run and pass the HLKs.
Installing and running the HLKs is a heavyweight, time-consuming, and often arduous, frustrating, and often annoyingly arbitrary process. It is primarily designed for testing hardware components for compatibility — and not really aimed at validating the vast eco-system of potential Windows drivers.
Many types of Windows drivers are not eligible for testing by the HLKs. Many common types of Windows drivers — such a many filter drivers — fall into no specific testing category and basically force a test team to choose an arbitrary set of tests to run and attempt to pass. This is the HLK equivalent of forcing a square peg into a round hole. For example, let’s say you have a set of drivers that implement a feature that prevents permanent writes to a disk drive, like Windows Unified Write Filter. You test this entire complex of drivers as a disk drive, right? Obviously. Or not.
Some types of drivers are theoretically eligible for HLK testing, but because of the specifics of the HLK tests have no chance of ever passing. An excellent example of drivers in this category are File System Isolation Minifilters. There are existing HLK tests that are inherently incompatible with the purpose of many such filters. As just one example, consider the case of an Isolation Minifilter that provides transparent encryption. A common feature of such drivers is that encrypted files often include some sort of metadata (groups, and keys, and such). An HLK test might write a file, close the file, and then query the file’s allocation size. Because the test “knows” the allocation policy of the underlying file system, it thinks it “knows” exactly how big the file should be on disk. But our encrypting Minifilter, in doing the work for which it is designed, changes the allocated file size by allocating space for metadata. The test therefore fails. There is no way to change this behavior in a way that will make both applications and the test happy.
Make no mistake: If this policy doesn’t change, the Windows driver ecosystem — and many big Windows users all over the world — are going to be in serious trouble.
Windows 8.1 and Windows Server 2012 R2 are still under Extended Support by Microsoft, and will remain supported until January 2023. Windows Embedded 8 and Windows Embedded 8.1 are supported by Microsoft through July of 2023.
So, Microsoft is still supporting these versions of Windows but IHVs, ISVs, and OEMs will not be able to release updated drivers for these supported OS versions under this plan.
If this proposal doesn’t change, customers using these OS versions will be positively screwed. How? Let me provide some examples.
In the past few years, here at OSR we have written brand new drivers for special-purpose systems that have been targeted a versions of Windows other than Windows 10. These are embedded-type systems used in medical equipment, homeland security hardware, and lab equipment.
If this proposal doesn’t change, we will not be able to support or update these drivers. So… “Sorry, big government contractor… that big, multi-million dollar piece of equipment that you build for the government? We know you found a bug, but we can’t update the drivers anymore, because of Microsoft’s policy.”
We regularly enhance and support products that are installed by commercial clients on (no exaggeration) hundreds of thousands of systems worldwide. Products that provide intellectual property protection and document security for companies and governments in the US, Canada, Europe, and all throughout Asia.
If this proposal doesn’t change, we will not be able to update these drivers. “Sorry, healthcare providers and big financial institutions! Sorry high-tech firms! We can’t add features to or fix any bugs that get found in your document security system. Microsoft won’t let us update the drivers.”
We have heard loudly, clearly and persistently, from the community at large and from our own clients, that the vast majority of drivers written today need to work on Windows versions dating back to Windows 7.
If this proposal doesn’t change, we will not be able to update the vast majority of these drivers.
One thing with which I have historically credited Microsoft is their willingness to listen to the community, and change their course when necessary.
Two examples from recent history illustrate this very clearly.
The first example ws Microsoft’s plan that required an EV Certificate to be used to submit HLK results and driver packages to the Developer Dashboard. While it probably sounded like a reasonable requirement, here at OSR we noted that this would make life exceptionally difficult (if not impossible) for distributed organizations. Let’s say your dev team is in the UK and your test team is in the US. I y dev team’s management arranged for your Developer Dashboard account, how do they get the EV Certificate (which is irrevocably locked onto a particular hardware token) to the test team, so the test team can submit the HLK results? It just doesn’t work.
When we discovered this, we brought the problem to the attention of the community. We asked OEMs, IHVs, and ISVs to have their executives rais t issue with Microsoft. They did this, and the policy was changed.
Another example, mentioned earlier, was Microsoft’s plan to require that all drivers installed on Windows Server systems to pass the HLKs. Again, the OEM, IHV and ISV community spoke-up loudly and clearly about why this plan was perhaps well-intentioned but unrealistic. The policy was changed.
Requiring drivers to pass the HLKs in order to load on versions of Windows prior to Windows 10 is effectively no option at all.
If you agree with this, it’s critically important that you alert your colleagues to this problem. Explain to them the pain this will cause. Encourage your management team to raise this issue to their Microsoft contacts. We know from past experience that Microsoft values the opinions of OEMs, IHVs, and ISV. We know from experience that Microsoft will listen to pushback on plans that may sound good in theory, but that the community recognizes are not workable in practice. We know from experience that Microsoft will change these plans, when the flaws are made clear.
But you must act. You’ve got to raise this issue to your colleagues and your managers. Help them understand the criticality of this issue. You cannot wait until July 2021, when this policy goes info full effect, to act. You must act now.
DON'T BELIEVE A DAMN WORD YOU READ ON THIS WEBSITE!
The reader is responsible for discerning the validity, factuality or implications of information posted here, be it fictional or based on real events. Moderators on this forum make every effort to review the material posted on this site however, it is not realistically possible for a one man team to manually review each and every one of the posts atomicbobs.com gets on a daily basis.
The content of posts on this site, including but not limited to links to other web sites, are the expressed opinion of the original poster and are in no way representative of or endorsed by the owners or administration of this website. The posts on this website are the opinion of the specific author and are not statements of advice, opinion, or factual information on behalf of the owner or administration of Atomicbobs. This site may contain adult language, if you feel you might be offended by such content, you should log off immediately.
Not all posts on this website are intended as truthful or factual assertion by their authors. Some users of this website are participating in internet role playing, with or without the use of an avatar. NO post on this website should be considered factual information on face value alone. Users are encouraged to
USE DISCERNMENT
and do their own follow up research while reading and posting on this website. Atomicbobs.com reserves the right to make changes to, corrections and/or remove entirely at any time posts made on this website without notice. In addition, Atomicbobs.com disclaims any and all liability for damages incurred directly or indirectly as a result of a post on this website.
This website implements certain security features in order to prevent spam and posting abuse. By making a post on this website you consent to any automated security checks required by our system to authenticate your IP address as belonging to an actual human. It is forbidden to make posts on this website from open proxy servers. By making a post on this website you consent to an automated one time limited port scan of your IP address which is required by our security system to validate the authenticity of your internet connection.
This site is provided "as is" without warranty of any kind, either expressed or implied. You should not assume that this site is error-free or that it will be suitable for the particular purpose which you have in mind when using it. In no event shall Atomicbobs.com be liable for any special, incidental, indirect or consequential damages of any kind, or any damages whatsoever, including, without limitation, those resulting from loss of use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this site or other documents which are referenced by or linked to this site.
Some events depicted in certain posting and threads on this website may be fictitious and any similarity to any person living or dead is merely coincidental. Some other articles may be based on actual events but which in certain cases incidents, characters and timelines have been changed for dramatic purposes. Certain characters may be composites, or entirely fictitious.
We do not discriminate against the mentally ill!
Fair Use Notice:
This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. Users may make such material available in an effort to advance awareness and understanding of issues relating to civil rights, economics, individual rights, international affairs, liberty, science & technology, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law.
At some point freedom of speech and copyright law merge. The following interpretation of "Fair Use" and subsequent posting policy were developed with the assistance of qualified legal council however, we are not lawyers and cannot offer you legal advise as to the limits of "Fair Use"
In accordance with industry accepted best practices we ask that users limit their copy / paste of copyrighted material to the relevant portions of the article you wish to discuss and no more than 50% of the source material, provide a link back to the original article and provide your original comments / criticism in your post with the article.
Though legally each situation is evaluated independently according to guidelines that were intentionally left open to interpretation, we believe generally this policy represents "Fair Use" of any such copyrighted material for the purposes of education and discussion.
You are responsible for what you "publish" on the internet. You must be sure any copyrighted material you choose to post for discussion on this forum falls within the limits of "Fair Use" as defined by the law.
If you are a legal copyright holder or a designated agent for such and you believe a post on this website falls outside the boundaries of "Fair Use" and legitimately infringes on yours or your clients copyright
we may be contacted concerning copyright matters at:
If you require a courier address please send a fax or email and we will provide you with the required information.
For expedited human review & removal of potential copyright violations we encourage users & copyright holders to utilize the "Report Copyright Violation" button that accompanies each post published on this website.
In accordance with section 512 of the U.S. Copyright Act our contact information has been registered with the United States Copyright Office. "Safe Harbor" noticing procedures as outlined in the DMCA apply to this website concerning all 3rd party posts published herein.
If notice is given of an alleged copyright violation we will act expeditiously to remove or disable access to the material(s) in question. It is our strict policy to disable access to accounts of repeat copyright violators. We will also ban the IP address of repeat offenders from future posting on this website with or without a registered account.
All 3rd party material posted on this website is copyright the respective owners / authors. Atomicbobs.com makes no claim of copyright on such material.
Please be aware any communications sent complaining about a post on this website may be posted publicly at the discretion of the administration.
---
DON'T BREAK THE LAW!
---
Other than that you can do / say whatever you want on this forum.
We reserve the right to block access to this website by any individual or organization at any time for any reason whatsoever or no reason at all.
| 
