Vistas "Authenticode" .. a pain in the ...

  • Thread starter Thread starter Sascha
  • Start date Start date
S

Sascha

Vista refuses to load a driver and gives warnings in the logfiles about
that.

It doesn't BSOD or crash, it just refuses to load , just because it isn't
digitally signed !

In Beta2 and some RC of Vista it was possible to disable Code Integrity
Checks ( Signed Drivers ) via this command :

Bcdedit.exe -set nointegritychecks ON



This command has no function on rtm build x64 ( and x86 too ) of Windows.

I have the need to load a driver during startup, this is not written by any
Manufacturer or Hardwarevendor but by myself, so I want Vista to force
loading it for development purposes.

To develop on Betacode is not worth it, as rtm is out the door - so what can
I do ?


I searched this technet Howtos on BCDEDIT and cannot find how to permanently
disable codeintegritychecks for the Vista Kernel.

If somebody knows how to achieve this .

Any Help would be great.

I searched this technet Howtos on BCDEDIT and cannot find how to permanently
disable codeintegritychecks for the Vista Kernel.

http://technet2.microsoft.com/Windo...c349-427c-b035-c2719d4af7781033.mspx?mfr=true

"Digital Signatures for Kernel Modules.." :

http://209.85.129.104/search?q=cach...isable+codeintegrity&hl=de&gl=de&ct=clnk&cd=3
 
Sascha:
Press F8 during post, there you can disable driver signing for that
session. Have a great day.
 
Jimmy Brush said:
Instead of disabling driver signature checks, you could sign your driver
with a test certificate:
http://msdn2.microsoft.com/en-us/library/aa906285.aspx
Click to expand...

The procedure and tools involved in the process of singning Vista drivers
with test certificates are also described in document OP was referring to:

Digital Signatures for Kernel Modules on Systems Running Windows Vista:
http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx

One of key steps is to configure Vista to accept test-signed drivers using
BCDEDIT (fortunately, this setting is permanent):

Bcdedit.exe -set TESTSIGNING ON

Othervise Vista requires one of hardcoded into kernel root certs to be in
certificate chain. Which means that you need to buy commercial software
publishing certificate.
 
Back
Top