我可以在不禁用驱动程序签名的情况下安装带有测试证书的 x64 驱动程序吗?
我正在开发一个虚拟驱动程序,QA 需要在多个 Windows 7 上检查 x64 版本机器。我已严格遵循生成用于测试目的的证书的说明,但仍然存在一些问题。因此,我已完成以下步骤:
Makecert -r -pe -n "CN=TestCertForWDK" -ss "TestCert" mccert.cer
我添加了按照安装程序中的两行在远程计算机上进行自动证书安装
certmgr.exe -add mccert.cer -s -r localMachine root
certmgr.exe -add mccert.cer -s -r localMachine trustedpublisher
Inf2cat.exe /driver:D:\Projects\MyDrv\package\ /os:7_X64
最后
signtool sign /a /v /s "TestCert" /n "TestCertForWDK" mydrv.cat
signtool sign /a /v /s "TestCert" /n "TestCertForWDK" mydrv.sys
顺便说一句,一开始我'我尝试通过 devcon 安装。报告“devcon 成功”,但设备管理器中的设备标有黄色感叹号(不可信签名)。
后来,我尝试使用 hdwwiz - 当我手动输入驱动程序的路径(从磁盘)时 - hdwwiz 显示驱动程序具有签名并且安装继续进行,没有任何警告。但之后,正如我已经提到的,由于签名无效(黄色“!”),设备无法工作,
我在 Winqual,但是驱动还处于开发状态,我还不想付费提交。我做错了什么吗?是否可以使用我自己的 makecert.exe 生成的证书安装 x64 驱动程序,并且无需在最终用户 PC 上禁用驱动程序签名(这对我来说是不可接受的) )?
I'm developing a virtual driver and QA needs to check out the x64 version on several Windows 7 machines. I have strictly followed the instructions on generating a certificate for test purposes, but I still have some problems. So, I've done the following steps:
Makecert -r -pe -n "CN=TestCertForWDK" -ss "TestCert" mccert.cer
I've added the following two lines in the installer to make auto certificate installation on the remote machines
certmgr.exe -add mccert.cer -s -r localMachine root
certmgr.exe -add mccert.cer -s -r localMachine trustedpublisher
Inf2cat.exe /driver:D:\Projects\MyDrv\package\ /os:7_X64
And finally
signtool sign /a /v /s "TestCert" /n "TestCertForWDK" mydrv.cat
signtool sign /a /v /s "TestCert" /n "TestCertForWDK" mydrv.sys
BTW, at first I've tried installing via devcon. It reported that "devcon succeeded", but the device in Device Manager was marked with yellow exclamation mark (not trusted signature).
Later, I've tried using hdwwiz - when I manually enter the path to driver (Have disk) - hdwwiz shows that driver has a signature and installation proceeds without any warnings. But after that, as I've already metioned, the device is not working because of invalid signature (yellow "!")
I have an account on Winqual, but the driver is still in development state, and I don't want to pay money for submission yet. Am I doing something wrong? Is it possible to install a x64 driver with my own makecert.exe-generated certificate and without disabling a driver signature on the end-user PC (this is not acceptable for me)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不幸的是,您还需要获得 Microsoft 的交叉签名。有关详细信息,请参阅此处。
即使您想使用自己的测试证书,也需要使用 BCDEdit 工具。
这将允许使用您的测试证书。这是使用测试证书的唯一方法。
Unfortunately, you need to have it cross signed by Microsoft as well. See here for more details.
Even if you want to use your own test certificate, you need to make changes using the BCDEdit tool.
This will allow your test certificate to be used. This is the only way to use a test certificate.