Menu
I have a kernel mode driver and I have to install t on 64 bit Windows 7. It needs to be digitally signed. I digitally signed it using the dseo13b.exe. But when I load the driver I get an error in the system event log saying:
The driver failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
I don't want to use the testsigning mode. How do I resolve this? Do I need to get a certificate from Microsoft?
I have developed the driver and am now making it work on the 64 bit machine...
784
In order to sign a driver, a certificate is required. You can create your own certificate to sign your driver with during development and testing. However, for a public release you must sign your driver with a certificate issued by a trusted root authority.
In Local Group Policy Editor, from the left panel, click on User Configuration option. Then, from the main window double-click on Administrative Templates. From the menu that will open double-click on System and then go to Driver Installation. Next, select the Code signing for device drivers entry.
Press and tap the F8 key about every second until you see the Advanced Boot Options. Use the arrow keys to select an advanced option to Disable Driver Signature Enforcement. NOTE: This is the temporary solution. You have to repeat the process every time you want to use unsigned drivers.
Two useful resources to sign drivers
Windows 7
Windows Server 2012 and Windows 8.1(kind of)
summery:
1.Get a RSA certificate from(Digicert or Verisign or anywhere in your budget) or create a certificate yourself if you need to install it only in your computer
2.When you have a certificate you will also have a private key
3.To distribute the driver you need this certificate to be traceable, Microsoft uses a system called Trusted Root Certification Authority.Now there are other authorities that gives certificate beside these but they will need windows update to verify those. type certmgr.msc to get the list. And look for the ones with code signing permission
4.Either add the certificate in that list or get a certificate from that list
5.Sign the driver with the certificate[details in the links above]
6.Now distribute the driver
there are many tutorials in internet for signing a driver. NB: WHQL is a pricey option you can consider if your company can manage to pay
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
