I have two 64-bit Win7 boxes which both have the same test cert installed in the Trusted Root Certification Authority and Trusted Publishers. On one box I can install my driver just fine. On the other box, I get the message box saying the signature couldn’t be validated. On the box where it fails, signtool says the signature is fine. (See below.) Is there some other setting that could be keeping the one box from thinking the signature isn’t valid, even though signtool says it is?
Verifying: objd\amd64\ROF.sys
Hash of file (sha1): CCCB52BB8E5ED97D8FCD49F9C21FBF368D5A690E
Signing Certificate Chain:
Issued to: Windows Mobile Test
Issued by: Windows Mobile Test
Expires: Sat Dec 31 16:59:59 2039
SHA1 hash: 6B4B9C8D4587061DF20F74D5296DE186B2FA7B8B
The signature is timestamped: Tue Feb 02 22:16:06 2010
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: Thu Dec 31 16:59:59 2020
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: Tue Dec 03 16:59:59 2013
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Issued to: VeriSign Time Stamping Services Signer - G2
Issued by: VeriSign Time Stamping Services CA
Expires: Thu Jun 14 16:59:59 2012
SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Successfully verified: objd\amd64\ROF.sys
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
I reproed this with minispy as well:
- Build minispy.sys/.exe.
- Use MakeCertExample.bat to create a cert.
- Add cert to Trusted Root Certification Authority and Trusted Publishers.
- Sign driver using new cert.
- Install using .inf.
On the good box, everything’s fine and I can start minspy. On the bad box, I get the error.