Monday, 15 June 2015

64bit - Signing a 64-bit Windows driver for one machine I own -


I need to run a driver on a computer that I myself (with the possibility of adding a digital certificate) that is not connected Is on the internet

Microsoft said in the detailed table that we can sign 64-bit drivers with every trusted party when Safe Boot is disabled.

However, in the page it seems that we can only sign with specific parties. Is the definition of "release" relevant to me here? I am installing the driver on a specific machine on which I am own and I am not releasing it all over the world.

In addition, (which I do not know has been updated) mentions that " components must be signed by a certificate that" trust "" Windows What does this mean? Does it include only Microsoft root-certified drivers, or just the certificate that knows the local machine?

So, what are the exact requirements of the case when a person is ready to run the driver on his machine, but not with the certificate signed by the test?

There are several driver packages in which there is no SYS file (a kernel mode driver), and for them The signature requirements are less strict. In your case, because you have a SYS file, only one type of signature that will accept Windows (starting with Windows Vista 64-bit) is a signature from a certificate, whose trust goes back to the Microsoft code verification route is.

Note: I have not tested Windows Server 2008 or Server 2012; My experience is limited to the consumer versions of Windows.

Since you probably do not want to pay $ 200 for such a certificate, I would suggest instead, I believe this will allow you to run an unsigned kernel module, though I try to do this It does not, of course, lets you install an unsigned driver package, but this is a different problem.

I have completed a lot of things with signing the USB driver and written in an article written about my experience.


No comments:

Post a Comment