Bob Kjelgaard wrote:
FWIW, I didn’t have problems using self-signed certs on
XP (even Win2K, although we dropped that from automation
eventually), but I also suspect we configured the OS to default
to ignoring unsigned drivers, probably without knowing it.
So just out of curiosity, you’re saying that by following this process (making the fake cert, installing it as trusted root, signing your driver with it), you can get a silent device install on XP? No hardware wizard, no warning box … at least for non-logo setup classes?
> So just out of curiosity, you’re saying that by following this process (making the fake cert, installing it
as trusted root, signing your driver with it), you can get a silent device install on XP? No hardware
wizard, no warning box … at least for non-logo setup classes?
I second this question.
I’ve managed to do silent install of System class using this way in 2003+, but not in XP.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
>> KMCS does not use cert stores, and thus requires the cross-cert,
> which is the “trusted root” embedded to the binary itself.
Almost correct. The “trusted root” in this case is very likely an “MSCV
root” certificate compiled into the boot driver loader.
Thanks for correction.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
>>>
So just out of curiosity, you’re saying that by following this process
(making the fake cert, installing it as trusted root, signing your
driver with it), you can get a silent device install on XP? No hardware wizard, no warning box … at least for non-logo setup classes?
I second this question.
I’ve managed to do silent install of System class using this way in 2003+, but not in XP.
<<<<
Max, this is the phrase you and Chris are referring to:
“FWIW, I didn’t have problems using self-signed certs on XP (even Win2K, although we dropped that from automation eventually), but I also suspect we configured the OS to default to ignoring unsigned drivers, probably without knowing it”
Meaning I have my doubts that this mechanism works on XP- it seemed to, but I’ve heard from credible sources [including you] that it doesn’t- I’ve not had free time to investigate why something mundane like this works when there are many things that aren’t working and getting them working is much more important. I don’t have end-to-end control of the automation, and silently ignoring unsigned drivers would be a useful way to pre-configure a test system- but that’s just a guess. I was curious, but I didn’t have enough time to get anywhere trying to sort it out. Without getting into why- it is now moot for me.
I deliberately prefaced it by FWIW, as well- meaning it might be worth nothing- I can’t really tell. That was my experience- it worked, or at least seemed to.