Can drivers be signed against a another certificate?

Hi all,

I’m in the process of preparing a driver signing submission for some USB
devices.

The problem we have is that these devices are produced in low volumes
and are a
bespoke development for a client. They aren’t available commercially but
are only available
from our client if you are a client of theirs. (They form part of a
service centre
suite for their service centre software.)

Some of their clients have their machines set up with the driver
policies set to
disallow unsigned drivers (and there are no “onsite” admins)

This doesn’t cause a problem when the drivers are installed as they are
put on the
machines by an admin. It is a problem when later on a non-admin plugs a
USB device into
a USB port that hasn’t been used before.

This results in the actual number of people needing this ‘fix’ being
very small.

However, Some members of our team have raised an interesting question.

As part of our development we have been using the root test certificate.

If you’re not familiar with this, it allows us to create a ‘test signed’

package… And as long as the certificate is on the machine the drivers
can
be installed.

Does anyone know if it is (or isn’t) possible to create our own
certificate to work
in a similar manner.

We could then give this certificate to the client, along with drivers
signed against
It and (in theory) we could install on machines authorised to do so.

So could their client install a certificate saying “we trust stuff from
these guys”?

Or are we forced to sign drivers just for a handful of machines at a
particular site?

Btw… We have to support Windows 2000 and Windows XP.

BR,

Rob Linegar
Software Engineer
Data Encryption Systems Limited
www.des.co.uk | www.deslock.com