fix(packaging/windows): Windows 11 22H2 floor + tray install task + stale console-port fixes
The OS floor is now enforced at install time (MinVersion=10.0.22621 with an explanatory [Messages] override): pf-vdisplay is built against IddCx 1.10, and on Windows 10 (incl. LTSC) / Win11 21H2 the device fails start with Code 10 STATUS_DEVICE_POWER_FAILURE (field-reported). Docs (site requirements/install/ windows-host pages + README) state the floor; new docs-site Security page. Installer also gains the trayicon task (punktfunk-tray.exe file + HKLM Run key, post-install launch as the signed-in user, upgrade taskkill + uninstall --quit/taskkill choreography before file deletion), and the wizard/cleanup text/port sweeps move off the stale :3000 web-console references to :47992 (cleanups sweep both for upgrades from old installs). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -19,6 +19,9 @@ mid-stream. You flip between Gaming Mode and Desktop with Bazzite's normal Steam
|
||||
> pure desktop machine, [Ubuntu/Fedora KDE](/docs/ubuntu-kde) or [GNOME](/docs/ubuntu-gnome) are
|
||||
> simpler.
|
||||
|
||||
> New here? Read [Security & Safe Use](/docs/security) first — a streaming host is remote control of
|
||||
> the machine, so keep it on a trusted LAN or VPN and require pairing.
|
||||
|
||||
## Install
|
||||
|
||||
The host ships as an RPM in punktfunk's **Gitea RPM registry** (public), so a Bazzite / Fedora
|
||||
|
||||
@@ -10,6 +10,9 @@ systemd service and uses KWin to create per-client virtual displays, captured ze
|
||||
> Validated live on **Fedora 44 KDE Plasma** with an RTX 4090: KWin virtual output + full
|
||||
> zero-copy capture. Everything below is the reproducible flow — paste it on a fresh box.
|
||||
|
||||
> New here? Read [Security & Safe Use](/docs/security) first — a streaming host is remote control of
|
||||
> the machine, so keep it on a trusted LAN or VPN and require pairing.
|
||||
|
||||
The setup has three parts: **NVIDIA driver** → **host RPM** → **KWin streaming session**.
|
||||
|
||||
## 1. NVIDIA driver (RPM Fusion akmod)
|
||||
|
||||
@@ -6,7 +6,11 @@ description: Install the punktfunk host — on Linux from its package registry,
|
||||
On Linux, the package registries are the real distribution channel. Pick your distro, add the repo, and
|
||||
install with your native package manager. Each row links to the full per-distro guide (add the repo,
|
||||
first-run steps, the web console) — those are the source of truth, so this page doesn't duplicate them.
|
||||
On **Windows** (NVIDIA), the host ships as a signed installer instead — see [Windows](#windows-nvidia).
|
||||
On **Windows**, the host ships as a signed installer instead — see [Windows](#windows).
|
||||
|
||||
> **First, read [Security & Safe Use](/docs/security).** A streaming host is remote control of the
|
||||
> machine. It's built for trusted local networks — don't expose it to the internet, and be thoughtful
|
||||
> about which machine you host on (especially on Windows).
|
||||
|
||||
## Pick your distro
|
||||
|
||||
@@ -26,10 +30,10 @@ tracks new builds automatically.
|
||||
> at the **canary** channel instead (`canary` apt distribution / `*-canary` rpm group). See
|
||||
> [Release Channels](/docs/channels).
|
||||
|
||||
## Windows (NVIDIA)
|
||||
## Windows
|
||||
|
||||
punktfunk also runs as a native host on **Windows 10/11 (x64) with an NVIDIA GPU**, shipped as a
|
||||
signed installer — see [Windows Host](/docs/windows-host) for what it includes and its limitations.
|
||||
punktfunk also runs as a native host on **Windows 11 22H2+ (x64)**, shipped as a signed
|
||||
installer — see [Windows Host](/docs/windows-host) for what it includes and its limitations.
|
||||
|
||||
1. From the [packages page](https://git.unom.io/unom/-/packages) (generic group), download the newest
|
||||
**`punktfunk-host-setup-<ver>.exe`** and its matching **`.cer`**.
|
||||
@@ -53,7 +57,7 @@ fallback without one. More detail — including the CLI `punktfunk-host service
|
||||
|
||||
## What the packages are
|
||||
|
||||
- **`punktfunk-host`** — the streaming host. Install this on your Linux + NVIDIA gaming machine.
|
||||
- **`punktfunk-host`** — the streaming host. Install this on your Linux gaming machine.
|
||||
- **`punktfunk-web`** — the browser management console (pairing + status). Recommended alongside the
|
||||
host; on RPM list it explicitly (`rpm-ostree install punktfunk punktfunk-web`).
|
||||
- **`punktfunk-client`** — the GTK4 desktop client, for streaming *to* a Linux box (also shipped via
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
"pages": [
|
||||
"index",
|
||||
"how-it-works",
|
||||
"security",
|
||||
"quickstart",
|
||||
"install",
|
||||
"---Host Setup---",
|
||||
|
||||
@@ -5,16 +5,20 @@ description: From nothing to streaming — set up a host and connect your first
|
||||
|
||||
This is the shortest path to a working stream. Each step links to the details.
|
||||
|
||||
> A streaming host is remote control of the machine, so it's built for **trusted local networks** — keep
|
||||
> it on your LAN or a VPN and don't expose it to the internet. Two minutes on
|
||||
> [Security & Safe Use](/docs/security) before you start is worth it.
|
||||
|
||||
## 1. Set up the host
|
||||
|
||||
On your Linux + NVIDIA machine, follow the guide for your system:
|
||||
On your Linux gaming machine (NVIDIA, AMD, or Intel GPU), follow the guide for your system:
|
||||
|
||||
- [Ubuntu — GNOME](/docs/ubuntu-gnome)
|
||||
- [Ubuntu — KDE Plasma](/docs/ubuntu-kde)
|
||||
- [Fedora — KDE Plasma](/docs/fedora-kde)
|
||||
- [Bazzite — gamescope / Steam](/docs/bazzite)
|
||||
|
||||
Each one covers the NVIDIA driver, the dependencies, and how to build and run the host. Check the
|
||||
Each one covers the GPU driver, the dependencies, and how to build and run the host. Check the
|
||||
[Requirements](/docs/requirements) first if you're not sure your machine is a fit.
|
||||
|
||||
## 2. Start the host
|
||||
|
||||
@@ -20,8 +20,9 @@ environments it supports today, each with its own guide:
|
||||
Other wlroots compositors (Sway/Hyprland) also work but aren't a primary target. If your desktop isn't
|
||||
listed, the host still needs one of these compositor backends to create a virtual display.
|
||||
|
||||
> **Windows host:** punktfunk also runs as a native host on **Windows 10/11 (x64)** — a signed
|
||||
> installer that registers a service and bundles a virtual-display driver. It encodes on NVIDIA
|
||||
> **Windows host:** punktfunk also runs as a native host on **Windows 11 22H2 or newer (x64)** — a
|
||||
> signed installer that registers a service and bundles a virtual-display driver (whose driver-
|
||||
> framework needs make 22H2 the hard floor — Windows 10 is not supported). It encodes on NVIDIA
|
||||
> (NVENC), AMD (AMF), or Intel (QSV), with a software fallback, and is newer than the Linux host; see
|
||||
> [Windows Host](/docs/windows-host).
|
||||
|
||||
@@ -63,10 +64,16 @@ Minimum compositor versions (newer is fine):
|
||||
## Network
|
||||
|
||||
- Host and client on the **same network** — a LAN, or a VPN that puts them on one subnet. punktfunk
|
||||
assumes a trusted local network; it's not built to be exposed to the public internet.
|
||||
assumes a trusted local network; it's **not built to be exposed to the public internet — don't
|
||||
port-forward it.** To stream from outside your home, use a VPN so the remote client is on the same
|
||||
private subnet.
|
||||
- For best results, a wired or fast Wi-Fi link. The host can run a built-in **speed test** to pick a
|
||||
bitrate for your link (see [Configuration](/docs/configuration)).
|
||||
|
||||
> **Before you set up a host, read [Security & Safe Use](/docs/security).** A streaming host is
|
||||
> remote control of the machine — it's important to understand what that exposes, why to keep it on a
|
||||
> trusted network, and how pairing protects you.
|
||||
|
||||
## A client
|
||||
|
||||
You also need something to stream *to* — see [Connect a Client](/docs/clients). There are native
|
||||
|
||||
@@ -91,7 +91,8 @@ session unit — see [Bazzite](/docs/bazzite).
|
||||
|
||||
On Windows the host runs as a `LocalSystem` service that launches into the interactive session, so it
|
||||
captures the secure desktop (UAC / lock screen) and survives reboots with nobody logged in — the same
|
||||
model Sunshine/Apollo use.
|
||||
model Sunshine/Apollo use. Because it runs at that privilege level, keep it on a trusted network and be
|
||||
deliberate about which machine you host on — see [Security & Safe Use](/docs/security).
|
||||
|
||||
The easy path is the **signed installer**: download `punktfunk-host-setup-<ver>.exe` from the package
|
||||
registry ([`punktfunk-host-windows`](https://git.unom.io/unom/-/packages)) and run it. It drops the host
|
||||
|
||||
@@ -0,0 +1,153 @@
|
||||
---
|
||||
title: Security & Safe Use
|
||||
description: What a streaming host actually exposes, why to keep it on a trusted network, and how punktfunk protects you.
|
||||
---
|
||||
|
||||
Read this before you put a host on a network you don't fully control. punktfunk is built to be secure
|
||||
**on a trusted local network**, and that's the setting we support today. This page is upfront about what
|
||||
a streaming host is, what protects it, and where the honest limits are.
|
||||
|
||||
> **The short version**
|
||||
> - **Keep the host on a network you trust** — your home LAN, or a private VPN that puts host and client
|
||||
> on the same subnet. **Do not port-forward it to the public internet.**
|
||||
> - **A streaming host is remote control of the machine.** Anyone who can stream to it sees the screen
|
||||
> and can move the mouse, type, and act as a controller — the same as sitting at the keyboard.
|
||||
> - **Pairing is the security boundary.** Require pairing (the default), pick a strong console
|
||||
> password, and review your paired devices from time to time.
|
||||
> - **Be thoughtful about *which* machine you run it on** — especially on Windows, where the host runs
|
||||
> with high system privileges so it can do its job. Prefer a dedicated or gaming PC over one holding
|
||||
> your most sensitive data.
|
||||
|
||||
## What a streaming host really is
|
||||
|
||||
Low-latency desktop and game streaming means two things travel over the network: **the screen goes
|
||||
out, and input comes back in.** A paired client doesn't just watch — it drives. Its mouse, keyboard,
|
||||
and controller are injected into the host's desktop, so **for anything it can reach, a streaming client
|
||||
is equivalent to a person sitting at that machine.**
|
||||
|
||||
That's the feature. It's also the risk to understand:
|
||||
|
||||
- The host can capture the **secure desktop** — UAC elevation prompts and the lock screen — so a
|
||||
connected client can see and interact with those too. (This is what lets you unlock and administer a
|
||||
headless box remotely; it's the same capability Sunshine and Apollo provide.)
|
||||
- Injected input isn't sandboxed to a game. Whoever is streaming can alt-tab, open a terminal, read
|
||||
files, or change settings — whatever the logged-in session can do.
|
||||
|
||||
This is true of **every** remote-access and game-streaming tool, not just punktfunk. The takeaway isn't
|
||||
"don't use it" — it's "treat access to your host the way you'd treat handing someone your unlocked
|
||||
keyboard." The rest of this page is about making sure only people you intend can get that access.
|
||||
|
||||
## Keep it on a trusted network
|
||||
|
||||
**punktfunk assumes a trusted local network. It is not designed, tested, or hardened to be exposed to
|
||||
the public internet — do not port-forward it.** There is no WAN-hardening story yet: no rate-limited
|
||||
public authentication gateway, no DDoS protection, no assumption that hostile traffic is constantly
|
||||
probing the ports. Exposing the streaming ports directly to the internet puts an interactive
|
||||
control surface for your machine in front of the entire world.
|
||||
|
||||
If you want to stream from outside your home, tunnel in instead of opening up:
|
||||
|
||||
- **Use a VPN** — WireGuard, Tailscale, or your router's built-in VPN. This puts your remote client on
|
||||
the *same private subnet* as the host, so from punktfunk's point of view it's still a local
|
||||
connection, and the tunnel (not punktfunk) handles internet-facing authentication and encryption.
|
||||
Discovery, pairing, and streaming then work exactly as they do at home.
|
||||
- **Don't** map a router port to the host. A port-forward turns "trusted LAN service" into
|
||||
"internet-facing service" with none of the protections that implies.
|
||||
|
||||
A note for **portable machines**: the installer opens the streaming ports on the firewall for *all*
|
||||
network profiles, including Public. That's convenient at home but means that if you take a laptop host
|
||||
onto an untrusted network — a café, a hotel, a conference — other devices on that network can reach the
|
||||
ports and attempt to pair. Pairing still protects you (an attacker who doesn't know the PIN can't get
|
||||
in), but the safest habit is to stop the host service, or firewall it off, when you're on a network you
|
||||
don't control.
|
||||
|
||||
## What actually protects you
|
||||
|
||||
punktfunk has **no accounts and no cloud**. Trust is established directly, device-to-device, and then
|
||||
pinned. The layers, from the outside in:
|
||||
|
||||
- **Pairing is required by default.** A new device can't stream until it completes a one-time
|
||||
**PIN pairing ceremony** (SPAKE2): the host shows a 4-digit PIN, you enter it on the client, and the
|
||||
exchange cryptographically binds both identities. An attacker who doesn't know the PIN gets a
|
||||
*single online guess* — no offline cracking, no dictionary attack. See
|
||||
[Pairing & Trust](/docs/pairing).
|
||||
- **Identities are pinned.** After pairing, the client remembers the host's certificate fingerprint and
|
||||
the host stores the client's. Reconnects are automatic and mutually authenticated; if a host's
|
||||
fingerprint ever changes, the client refuses to auto-trust it and forces re-pairing.
|
||||
- **The admin surface is loopback-only.** The management API's read-only status is reachable by paired
|
||||
clients over the LAN (authenticated by their certificate), but every state-changing action — arming
|
||||
pairing, removing devices, session control — is honored **only from the local machine** (the web
|
||||
console connects over loopback). It is never exposed to the network.
|
||||
- **The web console has its own password.** On Windows it's set during install (a strong random default)
|
||||
and stored readable only by Administrators and SYSTEM.
|
||||
|
||||
**GameStream / Moonlight compatibility is the weak-crypto path — trusted LAN only.** To interoperate
|
||||
with stock Moonlight clients, punktfunk can speak the legacy GameStream protocol, which pairs over
|
||||
plain HTTP and uses older encryption. It is **opt-in** (`serve --gamestream`) and appropriate only on a
|
||||
network you fully trust. The default native `punktfunk/1` protocol is the secure path (modern AEAD
|
||||
crypto, pinned identities); leave GameStream off unless you specifically need Moonlight.
|
||||
|
||||
## Choosing which machine to host on
|
||||
|
||||
We've put real work into hardening the host — sealed capture and gamepad channels, no kernel drivers,
|
||||
loopback-gated admin, pinned trust — and we'll keep at it. But security is also about *blast radius*:
|
||||
if a host is ever compromised, or you misconfigure trust, what does the attacker get? So pick the
|
||||
machine with that in mind.
|
||||
|
||||
### The Windows host runs with high privileges
|
||||
|
||||
To capture the secure desktop (UAC, lock screen) and stream across reboots with nobody logged in, the
|
||||
Windows host installs a service that runs as **`LocalSystem` (SYSTEM)** — the highest local privilege on
|
||||
Windows. This is the same design Sunshine and Apollo use, and it's what makes headless, log-in-optional
|
||||
streaming possible. It also means the host is a high-value component: a compromise of the host, or a
|
||||
device you paired that you shouldn't have, is a foothold at the most powerful level of that machine.
|
||||
|
||||
We mitigate this deliberately:
|
||||
|
||||
- **Zero kernel drivers.** The virtual display and all three virtual gamepads are **user-mode (UMDF)**
|
||||
drivers, so a driver bug is contained to a restricted service account — never ring-0, never
|
||||
full-system. (This is why punktfunk dropped ViGEmBus.)
|
||||
- **Sealed internal channels.** The desktop-frame ring and the gamepad input/output channels are
|
||||
passed between the host and its drivers as duplicated handles to unnamed objects, so another local
|
||||
service can't open them by name to read your screen or forge controller input. (Details:
|
||||
[`idd-push-security.md`](https://git.unom.io/unom/punktfunk/src/branch/main/design/idd-push-security.md)
|
||||
and [`gamepad-channel-sealing.md`](https://git.unom.io/unom/punktfunk/src/branch/main/design/gamepad-channel-sealing.md).)
|
||||
- **Secrets are locked down.** The management token, the host identity key, and the console password
|
||||
are stored with Administrators/SYSTEM-only permissions.
|
||||
|
||||
**The honest floor still applies.** None of this defends against an attacker who is *already* an
|
||||
administrator or SYSTEM on the box — at that level they own the machine regardless of punktfunk. And a
|
||||
virtual display is a real monitor: any process already running in your desktop session can capture it
|
||||
through the ordinary OS screen-capture APIs, exactly as it could capture a physical monitor. That floor
|
||||
is the same for every virtual-display streaming stack.
|
||||
|
||||
**Recommendation:** run the Windows host on a **dedicated or gaming PC**, not on a machine that also
|
||||
holds your most sensitive material (work laptop, financial records, the box with your password vault).
|
||||
A gaming rig you stream from is a great fit; your primary secrets machine is not.
|
||||
|
||||
### The Linux host runs as your desktop user
|
||||
|
||||
The Linux host runs inside your normal desktop session as your **regular user account**, not root — so a
|
||||
worst-case compromise is scoped to that user rather than the whole system. The same network guidance
|
||||
applies: keep it on a trusted LAN or a VPN, require pairing, and don't expose it to the internet.
|
||||
|
||||
## A short hardening checklist
|
||||
|
||||
- **Require pairing** — it's the default; don't run `--open` / `--allow-tofu` except on a network you
|
||||
fully trust and control.
|
||||
- **Use a strong console password** and keep it out of shared documents.
|
||||
- **Stay on a trusted network** — LAN or VPN. Never port-forward to the internet.
|
||||
- **Leave GameStream off** unless you specifically need Moonlight compatibility.
|
||||
- **Review paired devices** in the web console periodically; remove anything you don't recognize.
|
||||
- **Keep the host updated** — security fixes ship in new builds.
|
||||
- **On portable hosts**, stop the service when you're on an untrusted network.
|
||||
|
||||
## For the technically curious
|
||||
|
||||
The deeper security design lives in the repository, and it's candid about residual limits:
|
||||
|
||||
- [`design/idd-push-security.md`](https://git.unom.io/unom/punktfunk/src/branch/main/design/idd-push-security.md) — the sealed frame channel (why the Windows capture path is isolated), and its honest floor.
|
||||
- [`design/gamepad-channel-sealing.md`](https://git.unom.io/unom/punktfunk/src/branch/main/design/gamepad-channel-sealing.md) — the sealed gamepad channel.
|
||||
- [`design/security-review-2026-06-28.md`](https://git.unom.io/unom/punktfunk/src/branch/main/design/security-review-2026-06-28.md) and [`design/security-review.md`](https://git.unom.io/unom/punktfunk/src/branch/main/design/security-review.md) — the standing security reviews.
|
||||
|
||||
Found a security issue? Please report it privately rather than opening a public issue.
|
||||
@@ -12,6 +12,9 @@ desktop-class SteamOS box is a natural always-on streaming host. The **Steam Dec
|
||||
device we can test on today, so it's what these instructions are validated against; the same
|
||||
on-device build works on any SteamOS 3 system.
|
||||
|
||||
> New here? Read [Security & Safe Use](/docs/security) first — a streaming host is remote control of
|
||||
> the machine, so keep it on a trusted LAN or VPN and require pairing.
|
||||
|
||||
SteamOS is an immutable, read-only Arch base, so the host isn't a system package. Instead a single
|
||||
script builds the host **natively inside a Debian-trixie distrobox** (ABI-matched to SteamOS's
|
||||
FFmpeg/glibc — the binary then runs natively on SteamOS) and wires it up as systemd user services.
|
||||
|
||||
@@ -73,6 +73,17 @@ Then log out and back in. On other distros this is `sudo usermod -aG input $USER
|
||||
concurrent native sessions (up to 4 by default); heavy load is usually bitrate-bound, so
|
||||
lower the bitrate first.
|
||||
|
||||
## Windows: "punktfunk Virtual Display" shows Code 10 in Device Manager
|
||||
|
||||
Sessions end with *"pf-vdisplay driver interface not found"* and Device Manager shows the
|
||||
**punktfunk Virtual Display** device failed with **Code 10** (`STATUS_DEVICE_POWER_FAILURE`).
|
||||
|
||||
This means your Windows version is too old. The virtual-display driver requires the **IddCx 1.10**
|
||||
driver framework, which first shipped in **Windows 11 22H2 (build 22621)** — on Windows 10
|
||||
(including LTSC) and Windows 11 21H2 the driver installs but cannot start. Reinstalling won't help;
|
||||
the fix is updating to Windows 11 22H2 or newer. (Current installers refuse to run on older
|
||||
Windows for this reason; if you see this, the host was likely installed with an older installer.)
|
||||
|
||||
## Still stuck?
|
||||
|
||||
Run the host with `RUST_LOG=info` (or `debug`) and check `journalctl --user -u punktfunk-host` for the
|
||||
|
||||
@@ -6,7 +6,9 @@ description: Set up a punktfunk host on Ubuntu with the GNOME desktop (Mutter).
|
||||
Set up a punktfunk host on **Ubuntu** (Desktop or Server) running **GNOME**. The host uses GNOME's
|
||||
Mutter compositor to create a per-client virtual display. Tested on Ubuntu 24.04+ and GNOME 48+.
|
||||
|
||||
> New to this? Skim [Requirements](/docs/requirements) first.
|
||||
> New to this? Skim [Requirements](/docs/requirements) first, and read
|
||||
> [Security & Safe Use](/docs/security) — a streaming host is remote control of the machine, so keep it
|
||||
> on a trusted LAN or VPN and require pairing.
|
||||
|
||||
## 1. NVIDIA driver
|
||||
|
||||
|
||||
@@ -6,7 +6,9 @@ description: Set up a punktfunk host on Ubuntu with KDE Plasma (KWin).
|
||||
Set up a punktfunk host on **Ubuntu** running **KDE Plasma**. The host uses KDE's KWin compositor to
|
||||
create a per-client virtual display. Needs **KWin 6.5.6 or newer**.
|
||||
|
||||
> New to this? Skim [Requirements](/docs/requirements) first.
|
||||
> New to this? Skim [Requirements](/docs/requirements) first, and read
|
||||
> [Security & Safe Use](/docs/security) — a streaming host is remote control of the machine, so keep it
|
||||
> on a trusted LAN or VPN and require pairing.
|
||||
|
||||
## 1. NVIDIA driver
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ title: "Windows Host"
|
||||
description: "Run the Punktfunk streaming host on a Windows PC — a first-class, all-vendor, virtual-display host."
|
||||
---
|
||||
|
||||
Set up a Punktfunk host on a **Windows 10/11 PC** and stream its desktop or games to any Punktfunk or
|
||||
Set up a Punktfunk host on a **Windows 11 PC (22H2 or newer)** and stream its desktop or games to any Punktfunk or
|
||||
[Moonlight](/docs/moonlight) client. A signed installer registers a Windows service that streams at the
|
||||
client's **exact resolution and refresh** via Punktfunk's own **virtual display** — including
|
||||
**HDR10** (10-bit BT.2020 PQ) when your Windows desktop is in HDR mode. The virtual display is created
|
||||
@@ -12,13 +12,22 @@ the secure desktop (UAC prompts, the lock screen).
|
||||
|
||||
> New to this? Skim [Requirements](/docs/requirements) first.
|
||||
|
||||
> **Read [Security & Safe Use](/docs/security) before you set this up.** The Windows host runs as a
|
||||
> `LocalSystem` service (so it can capture the secure desktop and stream headless), which makes it a
|
||||
> high-privilege component — keep it on a trusted network, never expose it to the internet, and prefer
|
||||
> a dedicated or gaming PC over a machine that holds your most sensitive data.
|
||||
|
||||
> This page is about the Windows **host** — streaming *from* a Windows PC. To stream *to* a Windows PC,
|
||||
> see the [Windows client](/docs/clients#windows-desktop-client).
|
||||
|
||||
## Requirements
|
||||
|
||||
- **Windows 10 or 11, x64.** ARM64 is not built (no ARM64 NVIDIA driver, and the virtual-display
|
||||
driver is x64-only).
|
||||
- **Windows 11 22H2 (build 22621) or newer, x64.** Windows 10 — including LTSC — and Windows 11
|
||||
21H2 are **not supported**: the virtual-display driver needs the IddCx 1.10 driver framework,
|
||||
which first shipped in Windows 11 22H2. On older Windows the driver installs but can't start
|
||||
("punktfunk Virtual Display" shows **Code 10** in Device Manager and streaming fails); the
|
||||
installer therefore refuses to run there. ARM64 is not built either (no ARM64 NVIDIA driver, and
|
||||
the virtual-display driver is x64-only).
|
||||
- **A GPU for hardware encode** — the host auto-detects the vendor:
|
||||
- **NVIDIA** → NVENC
|
||||
- **AMD** → AMF
|
||||
@@ -96,6 +105,13 @@ prompts, the lock screen) and keep streaming across reboots with nobody logged i
|
||||
Sunshine and Apollo use. Service registration, firewall rules, and the supervisor all live in
|
||||
`punktfunk-host service install`; the installer just lays the exe down and calls it elevated.
|
||||
|
||||
Running as SYSTEM is what makes headless, log-in-optional streaming work — and it's why the host is a
|
||||
high-privilege component worth being deliberate about. punktfunk mitigates this with **zero kernel
|
||||
drivers** (the virtual display and gamepads are user-mode UMDF drivers), **sealed internal channels**
|
||||
between the host and its drivers, and Administrators/SYSTEM-only permissions on its secrets. See
|
||||
[Security & Safe Use](/docs/security) for the full picture, including why we recommend not hosting on
|
||||
your most sensitive machine.
|
||||
|
||||
### One core, Windows backends
|
||||
|
||||
Most of Punktfunk is platform-agnostic. `punktfunk-core` (protocol, FEC, crypto, session, transport,
|
||||
|
||||
Reference in New Issue
Block a user