Newbie questiosn on driver signing

Hi all,

I’m new on driver signing. As a tutorial, I try to sign the Toaster
driver in WDK.
I follow all the steps described in the doc “KernelMode Code Signing
Walkthrough” from Miscosoft.
When I test my Toasterpkg on a test machine running WinVista-Ultimate
x64 I have the Windows security error “Windows can’t verify the publisher of
this driver software”.
It looks like the Toaster driver I made is still not sigmed…

However if I run the following commands ont the test machine, they all
complete with success
Signtool verify /pa /v tstamd64.cat
Signtool verify /pa /v /c tstamd64.cat amd64\toaster.sys

Can you please tell me what I’m missing or what I should do to resolve
the problem.

Thanks,
QUANG

Quang Vu wrote:

I’m new on driver signing. As a tutorial, I try to sign the Toaster
driver in WDK.
I follow all the steps described in the doc “KernelMode Code Signing
Walkthrough” from Miscosoft.
When I test my Toasterpkg on a test machine running WinVista-Ultimate
x64 I have the Windows security error “Windows can’t verify the publisher of
this driver software”.
It looks like the Toaster driver I made is still not sigmed…

However if I run the following commands ont the test machine, they all
complete with success
Signtool verify /pa /v tstamd64.cat
Signtool verify /pa /v /c tstamd64.cat amd64\toaster.sys

Can you please tell me what I’m missing or what I should do to resolve
the problem.

Did you add your certificate to the proper certificate store on your
Vista 64 machine? Did you turn on test signing mode using bcdedit? If
you did, your screen should say “test mode” in the 4 corners of the screen.

The procedure does work. I’ve done it, and I was a signing skeptic.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi Tim,

Thanks for your response.

Yes I did add the test certificate to the root and trustedPublisher on the
test machine. I did turn on TESTSIGNING and see TestMode on 4 corners on the
screen. As I mentioned, if I run signtool verify on the same test machine,
they complete with success, that mean my driver has a valid signature.

Why does Widnows still say that my driver which has valid signature as
unsigned driver ?

Thanks for help

QUANG

“Tim Roberts” wrote in message news:xxxxx@ntdev…
> Quang Vu wrote:
>> I’m new on driver signing. As a tutorial, I try to sign the Toaster
>> driver in WDK.
>> I follow all the steps described in the doc “KernelMode Code Signing
>> Walkthrough” from Miscosoft.
>> When I test my Toasterpkg on a test machine running WinVista-Ultimate
>> x64 I have the Windows security error “Windows can’t verify the publisher
>> of
>> this driver software”.
>> It looks like the Toaster driver I made is still not sigmed…
>>
>> However if I run the following commands ont the test machine, they
>> all
>> complete with success
>> Signtool verify /pa /v tstamd64.cat
>> Signtool verify /pa /v /c tstamd64.cat amd64\toaster.sys
>>
>> Can you please tell me what I’m missing or what I should do to
>> resolve
>> the problem.
>>
>
> Did you add your certificate to the proper certificate store on your
> Vista 64 machine? Did you turn on test signing mode using bcdedit? If
> you did, your screen should say “test mode” in the 4 corners of the
> screen.
>
> The procedure does work. I’ve done it, and I was a signing skeptic.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>