Hi, Last Friday I managed to get tap-windows-9.22.1[1] attestation signed[2]. This means that that particular driver (64-bit variant) should work on any Windows 10. However, according to [2]
"An attestation signed driver will only work for Windows 10. It will not work for other versions of Windows, such as Windows Server 2016,Windows 8.1, or Windows 7." According to [3] it is possible to cross-sign the driver[4] before submitting it to Microsoft for attestation signing. This will enable the driver to work on _almost_ everything. For obscure reasons this dual-signed driver will _not_ work on Windows Server 2016[3]. So we're left with two options: 1) Generate two different tap-windows6 installers (Windows 10 / others) 2) Go through the test suites in HLK (Windows 10) and HCK (Windows 7/8) and submit the test data as part of the driver submission to Microsoft I actually lean towards 2), as that is the only way[3] to provide a driver that works across all Windows versions that are under "mainstream support". That would leave out Windows Server 2008 R2 which is under "extended support" that ends in early 2020: https://support.microsoft.com/en-us/lifecycle/search?alpha=windows%20server%202008 So, if we want to keep on supporting Windows Server 2008 R2 while having just one tap-windows6 driver we (=I) would have to go through three different test suites / certifications: - HLK (Windows 10) - HCK (Windows 7/8) - WLK (Windows 2008 R2) Our projected deadline for the next tap-windows6 release is June 20th. I will start working on HLK/HCK, but I don't know how many obstacles I will encounter. However, as we can now attestation-sign drivers, even in the worst case we could initially release two installers (option 1 above). Then, when HLK/HCK/WLK are in order, we can switch back to using a single installer again. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock [1] Includes Jon Junkee's tap-windows6 build system refactoring patches [2] <https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release> [3] <https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-drivers-signed-by-microsoft-for-multiple-windows-versions> [4] Sign it ourselves using our old signing process
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
