64-bit signed driver

Discussion:

(too old to reply)

Peter

2010-07-19 09:34:28 UTC

Hi All,

We have a digital ID from Verisign and sign a 64-bit driver . Does anyone
know the signed 64-bit driver (non-WHQL) can install Vista 64-bit / win7
64-bit successfully without selecting "Disable Driver Signature Enforcement"

Thanks
Peter

Maxim S. Shatskih

2010-07-19 16:35:01 UTC

Permalink

Post by Peter
We have a digital ID from Verisign and sign a 64-bit driver . Does anyone
know the signed 64-bit driver (non-WHQL) can install Vista 64-bit / win7
64-bit successfully without selecting "Disable Driver Signature Enforcement"

Yes, it can.

The maximum you can achieve without WHQL is the blue large dialog box on _installation_ (not on load) about "Do you trust this software?".

If the driver is installed not by PnP/INF, but by CreateService - then even this is bypassed.

You can also bypass the dialog by forcing your cert to Trusted Publishers in your driver's install app.

--
Maxim S. Shatskih
Windows DDK MVP
***@storagecraft.com
http://www.storagecraft.com

Peter

2010-07-20 01:34:13 UTC

Permalink

Hi,

Thanks for your reply !

How to force my cert to Trusted Publishers in my driver's install app ?

Peter

Yes, it can.

The maximum you can achieve without WHQL is the blue large dialog box on
_installation_ (not on load) about "Do you trust this software?".

If the driver is installed not by PnP/INF, but by CreateService - then even
this is bypassed.

You can also bypass the dialog by forcing your cert to Trusted Publishers in
your driver's install app.

--
Maxim S. Shatskih
Windows DDK MVP
***@storagecraft.com
http://www.storagecraft.com

Tim Roberts

2010-07-21 05:46:44 UTC

Permalink

Remember that a digital ID is not enough for KMCS. It has to be a Class 3
Code Signing Certificate. If you got the inexpensive $99 digital
certificate from Verisign, you may have wasted your money, because that
cannot be used to satisfy the 64-bit OS load-time signature check.

--
Tim Roberts, ***@probo.com
Providenza & Boekelheide, Inc.