Nahimic 3 on "unsupported systems"

Discussion in 'MSI' started by asm1, Sep 7, 2018.

  1. hacktrix2006

    hacktrix2006 Hold My Vodka, I going to kill my GPU

    Reputations:
    392
    Messages:
    1,424
    Likes Received:
    824
    Trophy Points:
    131
    Lol can't be changing my signature to that my DM's would explode lol.

    It just a shame I don't know Visual Studio much else the installer would be based on that.

    However there is still time to learn I suppose.

    I am glad people are enjoying the Driver pack it does help with the boredom right now in this current climate.

    Will see what others say regarding the options as well.

    As for driver signing still would have to make a script for that and have to find a way to time stamp offline too.

    But I think driver sign will be best, means that secure boot doesn't matter that much and it's one less reboot.

    I am getting help/advise from an admin on another forum where you get vbios files which helps specially so when typo's are still in the installer (Cosmetic) how every now I know OCD is triggered.


    Sent from my SNE-LX1 using Tapatalk
     
  2. LeftEyeNine

    LeftEyeNine Notebook Enthusiast

    Reputations:
    0
    Messages:
    38
    Likes Received:
    5
    Trophy Points:
    16
    Take no blame man, there's nothing to apologize for.
     
    hacktrix2006 likes this.
  3. djlenoir

    djlenoir Notebook Guru

    Reputations:
    0
    Messages:
    50
    Likes Received:
    21
    Trophy Points:
    16
    I occasionally use the Full Uninstall option as well to clean up when I have any audio anomalies. That is huge move for you to go with driver signing. I'll be here to help as always. Good luck with the rebuild man, and remember, patience is a virtue.
     
    hacktrix2006 likes this.
  4. hacktrix2006

    hacktrix2006 Hold My Vodka, I going to kill my GPU

    Reputations:
    392
    Messages:
    1,424
    Likes Received:
    824
    Trophy Points:
    131
    Thanks for the kind words man, was never happy with disabling secure boot even temporary.

    However I am trying to think the best way to sign the driver.

    As there is two ways it can be done,

    1) End user's system creates the cert file, then signs the .cat file (Requires an internet connection for time stamp).

    2) I make the cert and sign the files, then include the cert to be imported before driver install.

    However there is security concerns with both in terms of cert abuse.

    Signing the drivers just eliminates the secure boot disabled and enable after as well the risk of busting the BCD boot record.

    Sent from my SNE-LX1 using Tapatalk
     
    djlenoir likes this.
  5. djlenoir

    djlenoir Notebook Guru

    Reputations:
    0
    Messages:
    50
    Likes Received:
    21
    Trophy Points:
    16
    If I understand, then method one is a self-signed certificate, and method two is a code signing certificate purchased (annually) from a certificate authority? My gut instinct tells me the first method is easier and cheaper for you to implement, but possibly has additional security risks associated with it. The second method means you have to actually purchase a code signing certificate, which is money out of your pocket, and then protect the private key, but offers you a way to safely sign all your work. Is this a correct assessment? I feel like your decision is based more on an internal debate, "Do I want to spend my money on an annually renewing code signing certificate?" If you do go with the code signing certificate, then maybe it is time to change that "Buy me a: BEER" link to "Help support this project" link and making it more prominent to help offset your out-of-pocket expenses and time. Just my two cents and probably not worth half that. ;)
     
  6. hacktrix2006

    hacktrix2006 Hold My Vodka, I going to kill my GPU

    Reputations:
    392
    Messages:
    1,424
    Likes Received:
    824
    Trophy Points:
    131
    Both 1 and 2 would be self sign certs, just that number 1 would mean the self cert would be made on end users computer.

    Number 2 would just mean the cert would be made by my computer then imported to end users system.

    Have you seen the cost of getting a driver EV Cert. It's very very expensive.

    Even if I did buy a cert, I would of took the hit anyways as not everyone can afford donating to cover a cost even though they would directly benefit from it.



    Sent from my SNE-LX1 using Tapatalk
     
  7. djlenoir

    djlenoir Notebook Guru

    Reputations:
    0
    Messages:
    50
    Likes Received:
    21
    Trophy Points:
    16
    Ah, I understand now, thank you for explaining that a little further for me. In that case, I really think option 1 is the better option, where the self signed certificate is local to each person's computer. I did some quick research and a EV Code Signing Certificate is pretty expensive. The cheapest I found it is from ssl.com for $249/year, but that is a three year discounted price, so $747 total (yikes).
     
    hacktrix2006 likes this.
  8. hacktrix2006

    hacktrix2006 Hold My Vodka, I going to kill my GPU

    Reputations:
    392
    Messages:
    1,424
    Likes Received:
    824
    Trophy Points:
    131
    Option 1 will take the longest to complete whilst Option 2 would not change the time it takes to install the driver much, Also option 1 would make the installer larger in size whilst option 2 would only add another 4kb.
     
    djlenoir likes this.
  9. djlenoir

    djlenoir Notebook Guru

    Reputations:
    0
    Messages:
    50
    Likes Received:
    21
    Trophy Points:
    16
    I was just thinking about it from a 'security' perspective. I would think option 1 would be more secure, but if I am mistaken and there is more work implementing option 1, then option 2 seems like the obvious choice. :)
     
  10. hacktrix2006

    hacktrix2006 Hold My Vodka, I going to kill my GPU

    Reputations:
    392
    Messages:
    1,424
    Likes Received:
    824
    Trophy Points:
    131
    Both option 1 and 2 requires work on the installer anyways. I just thought i'd give the end user the choice. However even with option 2 i could for security reasons make it obscure enough. But there is a lot to decide as i am also on the Security Perspective as well. I can talk more in a DM of my ideas though if your up for it.
     
Loading...
Similar Threads - Nahimic unsupported systems
  1. Crustieraxe01
    Replies:
    1
    Views:
    406

Share This Page