I have a kernel mode driver and I have to install t on 64 bit Windows 7. It needs to be digitally signed. I digitally signed it using the dseo13b.exe. But when I load the driver I get an error in the system event log saying:
The driver failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
I don't want to use the testsigning mode. How do I resolve this? Do I need to get a certificate from Microsoft?
I have developed the driver and am now making it work on the 64 bit machine...
Only for 64 bit builds: setting up self signing
Part 1: creating and installing the test certificate
- Launch an elevated command line shell (Vista and later).
- makecert.exe -r -pe -ss my -n "CN=MyTestCertificate" mytestcert.cer
- certmgr.exe -add mytestcert.cer -s -r localMachine root
- Start certmgr.exe and check that "MyTestCertificate" is listed both under "Personal" and "Trusted Root Certification Authorities".
- Keep the mytestcert.cer file in a safe place.
Part 2: configuring the system to run test signed code (Vista and later)
- Launch an elevated command line shell (Vista and later).
- Run Bcdedit.exe -set TESTSIGNING ON on an elevated cmd.exe prompt.
- certmgr.exe -add mytestcert.cer -s -r localMachine root
- certmgr.exe -add mytestcert.cer -s -r localMachine trustedpublisher
- Reboot.
- Vista: "Test Mode" will appear in all four corners of the desktop and "Microsoft (R) Windows (R) (Build 6000)" will appear on the top. Windows 7: "Test ModeWindows 7Build 7600" will appear in the lower right corner.
Two useful resources to sign drivers
Windows 7
Windows Server 2012 and Windows 8.1(kind of)
summery:
1.Get a RSA certificate from(Digicert or Verisign or anywhere in your budget) or create a certificate yourself if you need to install it only in your computer
2.When you have a certificate you will also have a private key
3.To distribute the driver you need this certificate to be traceable, Microsoft uses a system called Trusted Root Certification Authority.Now there are other authorities that gives certificate beside these but they will need windows update to verify those. type certmgr.msc to get the list. And look for the ones with code signing permission
4.Either add the certificate in that list or get a certificate from that list
5.Sign the driver with the certificate[details in the links above]
6.Now distribute the driver
there are many tutorials in internet for signing a driver.
NB: WHQL is a pricey option you can consider if your company can manage to pay
All you should need is a trusted certificate (signed by Verisign, Thawte, etc.).
Look through these resources:
- Driver Signing Requirements for Windows (MSDN)
- Kernel-Mode Code Signing Walkthrough (MSDN)
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我欲成王,谁敢阻挡 的文章《How to sign my driver so it will install on Window》','https://www.manongdao.com/article-161854.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}