次の方法で共有

Ah, the joys of speaking about pre-release software!

  • [アーティクル]

Two weeks ago I delivered my Windows Vista System Integrity presentation at the TechEds in New Zealand (Auckland) and Australia (Sydney). It was largely the same as the presention at TechEds in America and India, but updated to reflect changes made in the product between the time I wrote the presentation and now.

Pre-release software is like that: it changes. And when you give presentations on beta software, you rely on the details you have to give the most accurate information possible. But there is, of course, no guarantee that functionality as explained in the presentation will exactly match what's delivered when the final product is released. And indeed, in my post on mandatory integrity control, I mentioned some changes.

 

Code integrity and signatures

The latest version of the presentation includes more details on code integrity and code signing. Previously I had described code integrity as applying to all binaries in the operating system; in fact, code integrity applies to the following:

  • All code loaded into a protected process
  • Modules implementing cryptographic functions
  • Modules loaded into the software licensing service

Kernel mode creates special cases that vary depending on the edition of Windows. For 64-bit:

  • All kernel mode code loaded anywhere at any time must be signed -- applies to drivers and non-drivers

For 32-bit, non-driver kernel mode code doesn't require a signature. For drivers, the allow/warn/block behavior of prior versions of Windows is gone. Windows Vista raises a warning if you attempt to install a driver without a signature (only if you're an administrator; standard users can't install unsigned drivers). Drivers with signatures install without prompts. Signatures can come in three forms:

  • Manufacturers can obtain WHQL signatures from Microsoft as part of the Windows logo program; this indicates a certain level of quality
  • Manufacturers can sign drivers themselves; this indicates authenticity but nothing about quality
  • IT departments can self-sign drivers; this allows organizations to silently deploy approved drivers, even if they otherwise lack signatures

For more information, read the whitepapers for 32-bit plug-and-play drivers and 64-bit kernel mode code.

 

Protected processes and high definition content

The Protected Media Path (PMP), part of the new Windows Media Foundation, contains two protected processes. PMP provides a more robust playback environment for high definition rights-protected content. Code integrity checks that all protected processes have valid certificates and that they haven't been revoked.

Based on some details provided to me, I stated that in only 32-bit Windows Vista, next generation high definition protected content will not play at all; 64-bit is the platform for playing back such content. Then I added some conjecture: the media companies wanted this because the risk of unsigned kernel mode code present in memory could thwart content protection.

Turns out that my information and my conjecture weren't correct. Windows will never decide not to play content. PMP itself isn't monitored by code integrity, but it does consume the output of a report generated by the operating system about unsigned code in memory. When you load next generation high definition protected content into a playback application, Windows reports the status of kernel mode drivers loaded into memory: the names of the drivers and whether each of those drivers is signed.

Based on that report, the playback application -- not Windows -- decides what to do: it will either play the content or raise an error and refuse to play. It's also possible for the content itself to indicate what to do, based on instructions contained within the content's embedded license.

Unfortuantely, my initial explanation sparked the interest of a journalist. Originally he was going to write that Microsoft has dropped support for BluRay and HD-DVD movies. I never said that, of course, although I can see how it's easy to leap to that conclusion. Even after I met with the journalist, to ensure he understood the details (as I knew them at the time), his article still generated some controversy: I got Slashdotted!

 

Keeping you informed

I guess that's the risk you take in a job like mine. It's a risk I'm willing to take, because I still believe I have the coolest job in the world: helping you learn everything you can about how to design and operate environments using Microsoft technology as safely and securely as possible.

Fortunately, mechanisms like this blog allow us to ensure that you, our customers, get the most up-to-date information we can give you. Now that I understand how PMP functions with respect to code integrity, I can let all of you know here, as well as ensure that future deliveries of the system integrity presentation will be as accurate as possible.

As always, I extend my sincere gratitute to everyone who takes time to attend my presentations. It means more to me than you'll ever know. I look forward to continuing to see familiar faces at events around the world, and also meeting new folks too. :)

Comments

  • Anonymous
    September 07, 2006
    Hi Steve, I was the journalist who attended your presentation and wrote the story. Thanks for the further update. By the way, in the rushed introduction to our meeting, you mentioned that Microsoft Australia's PR person had told you that I was going to write a story about Microsoft dropping support for BluRay. Unfortunately that was a case of "Chinese Whispers" and I didn't get a chance to explain properly that I was never going to write a story saying that -- but rather, that Microsoft had dropped support for BluRay and HD-DVD movies.

    You then clarified that even that statement wasn't absolutely correct because you could put an MPEG-4 movie on one of those storage formats and play it just fine. To me, that was splitting hairs a bit, since most people would regard that as data storage, not a "BluRay or HD-DVD movie" but nonetheless, my story stated that Microsoft had dropped support for commercially-released BluRay and HD-DVD movies, which I think was an accurate description of the facts as they'd been presented at the time.

    Anyway, that aside, I thought your presentation was fantastic -- I've never seen someone speak so passionately about security, engage with the audience that much and be able to talk about security in such an interesting way.

    I guess my story may have caused a few headaches for you at Microsoft and on a personal level I rather regret that given what an awesome contribution you made to TechEd. However,  on a professional level, I simply couldn't let a story like that pass by, knowing how much anticipation there is for playback of HD content on PCs.)

    Cheers

    Dan Warne
    News editor
    APC Magazine
    Sydney, Australia

    dwarne@acpmagazines.com.au
    http://apcmag.com
  • Anonymous
    September 07, 2006
    Thanks for the compliment. I'm still glad we had a chance to chat, even though the article did create a stir. I'm not unaccustomed to that, given the passion (and opinions) I share in my presentations. I suppose I must admit, grudgingly, that I have to respect you for jumping on the story! LOL
  • Anonymous
    September 21, 2006
    Steve,

    As someone who specifically sought you out as a speaker for a conference (the higher education one in Redmond this past July) I want to say that your audience, well at least and my colleagues, express our gratitude for your presentations.  They are both very engaging and very intelligent.
  • Anonymous
    September 22, 2006
    Brad, thank you indeed :)