The PARIS Forums


Home » The PARIS Forums » PARIS: Main » Windows 10 driver signing question (What should I do? What would you do?)
Windows 10 driver signing question [message #108948] Thu, 08 October 2015 17:16 Go to next message
mikeaudet   CANADA
Messages: 474
Registered: February 2009
Senior Member
Hi All,

I have a dilemma that I think I've somewhat resolved, but I wanted to consult with the community about it because there is no perfect solution.

Windows 10 has changed the driver signing rules, and the changes aren't good.

Secure boot is a mechanism that checks that boot loader code is digitally signed. It was added in Windows 8.

For me to update the scherzo driver for windows 10 and support secure boot, I'll now have to buy an 'extended validation' security certificate that will cost about $600 Canadian per year. That's completely unfordable for me.

I'll also have to upload the driver to Microsoft servers for them to sign, and I'll have to agree to watch for telemetry data for bugs. That's a good thing if people agree to send telemetry data, but sending telemetry data is mandatory in Windows 10. I personally see mandatory data collection, that includes a list of all applications installed on a personal computer, as a serious privacy violation. I'd be participating in something I'm strongly against in its current form.

I can use the old cross certificate mechanism that Windows 7/8 used, but it will only work with Windows 10 if secure boot is disabled in the BIOS.

All PCs up until the new crop of Windows 10 logo PCs were required to have a BIOS option to turn off secure boot. With new PCs, this switch will be optional. It's possible that some new PCs will not have the ability to disable secure boot.

There's really no good option.

I've contacted Microsoft and asked for help, and they have refused.

There's also the SHA1 vs 2 change that's coming. If I get a new certificate, it will have to be SH2, which will only work on recently patched Windows 7 PCs. Windows VISTA won't load the driver, nor will older builds of Windows 7.

Basically, Microsoft sucks.

I'm leaning to getting a 3 year regular cross certificate and just not supporting secure boot on Windows 10.

What would you guys do?

All the best,

Mike

[Updated on: Thu, 08 October 2015 18:19]

Report message to a moderator

Re: Windows 10 driver signing question [message #108949 is a reply to message #108948] Thu, 08 October 2015 19:40 Go to previous messageGo to next message
Richard Kelley is currently offline  Richard Kelley   UNITED STATES
Messages: 44
Registered: June 2013
Location: Ct.
Member
I honestly think the Paris community should pay the 600.00 beans. What is that compared to the TIME YOU spend Mike !If going windows 10 is the thing to do we should help.
Re: Windows 10 driver signing question [message #108950 is a reply to message #108949] Thu, 08 October 2015 20:09 Go to previous messageGo to next message
mikeaudet   CANADA
Messages: 474
Registered: February 2009
Senior Member
Hi Richard,

It's really nice of you to offer, but it's a lot of money, year after year.

I'll have to promise to watch the telemetry and fix bugs - I want to fix bugs - but what happens if the certificate expires? I can't fix the bugs then, and I've made a commitment.

Right now, turning off secure boot takes less than a minute in the BIOS of any PC. If that changes- and it might - my feeling is that we can look at the EV certificate then.

Windows 10 is so problematic from a privacy perspective, too. Should we even be using it? Does it make sense to spend a bunch of money to support something that's bad?

I really don't think Microsoft should be getting a list of all of anyone's installed applications. If someone wants to run a bit torrent client or a utility to remove copy protection to allow fair use, they shouldn't have to tell Microsoft.

Plus, there's no way to look at the data being sent back. It's all encrypted. Who knows what's in it, really?

The performance improvements of Windows 10 are in Windows 8. And the new start menu sucks so much that I had to install classic shell anyway. I could just do that in Windows 8.1, if I wanted to leave Windows 7, which I don't.

I'm pretty conflicted, though. Maybe some new certificate companies will be added to the supported list and the price will come down. Maybe we'll get to a point that we're confident there will be no changes, so one year will be enough.

I've been chewing on this for a couple of weeks. I'm really glad that we're talking about it.

All the best,

Mike

Re: Windows 10 driver signing question [message #108951 is a reply to message #108950] Thu, 08 October 2015 21:12 Go to previous messageGo to next message
Richard Kelley is currently offline  Richard Kelley   UNITED STATES
Messages: 44
Registered: June 2013
Location: Ct.
Member
My machine is running very well on 8.1 , and I know how it works now, I have a ton of memory and no crashes. My point is that keeping up with the Microsoft Jones' is like a monkey chasing his tail ! All I basically have on my DAW is Paris. I just built it a little over a year and a half so its' parts are pretty up to date. If updating Paris could be handled on 8.1, which is working fine except for those vst problems my motor runs fine soooooo I hate to mess with it except for some Paris experiments. In closing,,zzzzzzzzzz we have to do what we have to do, if the Paris community needs help we need to chip in and help.
Re: Windows 10 driver signing question [message #108952 is a reply to message #108951] Thu, 08 October 2015 22:38 Go to previous messageGo to next message
excelav is currently offline  excelav   UNITED STATES
Messages: 2130
Registered: July 2005
Location: Metro Detroit
Senior Member
I agree with Rich. As for Windows 10, I was going to upgrade, but then I read all the user complaints on the MS forums and so on. Win 10 has plenty of problems, the security issues alone make it a no go. I feel letting big brother in, in anyway is a bad idea and there's no guaranty of privacy or accountability. If they get hacked, so do you. I'm growing tired of the Microsoft and Apple ecosystems. Handing them more money to pay to play their games sucks. Windows 10 is free for a reason. I will stick with Win XP, 7 & 8 until they stop all support. Is Linux an option for the future?

Windows emulators for Linux:

https://www.codeweavers.com/products/crossover-linux/gallery /

https://www.winehq.org/

Here are some Linux distros for multi media work. Mint 17.x with Cinnamon seems to be very popular.

https://en.wikipedia.org/wiki/Linux_Mint

https://en.wikipedia.org/wiki/Cinnamon_(software)

https://en.wikipedia.org/wiki/Ubuntu_Studio

https://en.wikipedia.org/wiki/64_Studio

https://en.wikipedia.org/wiki/Planet_CCRMA


James
Re: Windows 10 driver signing question [message #108953 is a reply to message #108952] Fri, 09 October 2015 02:44 Go to previous messageGo to next message
dnafe is currently offline  dnafe   CANADA
Messages: 390
Registered: February 2009
Senior Member
I'm of the school - screw Microsoft and just inform everyone of the required bios change until such time as that is no longer an option.
Re: Windows 10 driver signing question [message #108954 is a reply to message #108948] Fri, 09 October 2015 16:46 Go to previous messageGo to next message
kerryg is currently offline  kerryg   CANADA
Messages: 1529
Registered: February 2009
Senior Member
Administrator
I'd say whatever happens with the certificate, it shouldn't come out of your pocket. If and when the BIOS fix is no longer possible, this will affect MOST future development for PARIS, so it will be in the community's interest for you to have a certificate. So if and when that day comes I would happily host - and contribute to - a Kickestarter so that we as a community can chip in to buy it for you. Thoughts, folks?

"... being bitter is like swallowing poison and waiting for the other guy to die..." - anon
Re: Windows 10 driver signing question [message #108955 is a reply to message #108954] Fri, 09 October 2015 17:44 Go to previous messageGo to next message
Richard Kelley is currently offline  Richard Kelley   UNITED STATES
Messages: 44
Registered: June 2013
Location: Ct.
Member
100% AGREE !!!!!!!!!!!!! with Kerry
Re: Windows 10 driver signing question [message #108956 is a reply to message #108948] Fri, 09 October 2015 18:56 Go to previous message
mikeaudet   CANADA
Messages: 474
Registered: February 2009
Senior Member
I just ordered a Comodo code signing certificate that will be valid for the next 3 years. It cost me about $290 CA. I'm totally fine with paying that for three years of use. The EV certificate would have been $1800. That's simply ridiculous.

I thought that Windows 8 was a disaster because Microsoft was trying to kill off the desktop and push us into a walled garden where they controlled what could be installed (while taking a 30% cut). We refused to go along, and Windows 10 now allows side loading of universal apps.

Windows 10 is about turning individual users into beta testers for high paying corporate customers. We get the patches first, and Microsoft relies on the non-optional telemetry to make sure everything works 100% before the corporate customers get it a few months later. Our privacy is just the collateral damage of their new business model. I refuse to go along.

The most infuriating part is that they could easily get what they want by making the telemetry opt-out. Most people would never change the default setting. Those that care would turn it off. Everyone would be happy. Maybe they will come to this themselves eventually.

Thanks for being so understanding and supportive, everyone.

Cheers!

Mike
Previous Topic: What's included with driver purchase?
Next Topic: NEBULA Gurus!
Goto Forum:
  


Current Time: Thu Mar 28 03:24:09 PDT 2024

Total time taken to generate the page: 0.01424 seconds