Question about unsigned driver on Win7 64bit during DTM

NTDEV
1

Hi All,

I found that it was not easy to pass DTM smoothly . everytime the PC reboot ,i should wait by the side of PC and press F8 to disable the signature .

Is there any methods to disable the signature as BCDEDIT command in Vista (without SP) : “bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS” ; or maybe the" test sign" would solved this , but it is not a good looking to release to end user, for there would be a “test sign signature” tab in the *.sys file properties ,and that would confused the end user .

Would Microsft consider to disable signature for DTM account as default setting . i thought that is not conflict to your policies as the end user rarely install the WLK package .
Maybe my thought is not good as the “disable signature” is not in the same level of “account” ? Nonetheless, the DMT tester would prefer to have that mechanism.

2

The whole point of DTM is to test your driver before it is WHQL signed. Are you sure you have correctly embedded the correct kernel mode cross-signed signature? I have DTM tested 5 different drivers on the usual 64bit OSes and none of them needed such manual intervention.

Tim.

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com [xxxxx@hotmail.com]
Sent: 17 August 2011 03:58
To: Windows System Software Devs Interest List
Subject: [ntdev] Question about unsigned driver on Win7 64bit during DTM

Hi All,

I found that it was not easy to pass DTM smoothly . everytime the PC reboot ,i should wait by the side of PC and press F8 to disable the signature .

Is there any methods to disable the signature as BCDEDIT command in Vista (without SP) : “bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS” ; or maybe the" test sign" would solved this , but it is not a good looking to release to end user, for there would be a “test sign signature” tab in the *.sys file properties ,and that would confused the end user .

Would Microsft consider to disable signature for DTM account as default setting . i thought that is not conflict to your policies as the end user rarely install the WLK package .
Maybe my thought is not good as the “disable signature” is not in the same level of “account” ? Nonetheless, the DMT tester would prefer to have that mechanism.

3

>> Are you sure you have correctly embedded the correct kernel mode cross-signed signature?

Sorry Tim, I didn’t aware of that . did i miss some knowledge about signature ? would you clarify it ?
Is that meaning the test sign or something else. with the precondition that i have a unsigned driver and a Win7 64 bit client , what would be next about the “kernel mode cross-signed signature” ?

4

> -----Original Message-----

From: xxxxx@lists.osr.com [mailto:bounce-470747-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: 17 August 2011 10:08
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Question about unsigned driver on Win7 64bit during DTM

>> Are you sure you have correctly embedded the correct kernel mode cross-
signed signature?

Sorry Tim, I didn’t aware of that . did i miss some knowledge about
signature ? would you clarify it ?
Is that meaning the test sign or something else. with the precondition that
i have a unsigned driver and a Win7 64 bit client , what would be next about
the “kernel mode cross-signed signature” ?

Read and follow Kernel-Mode Code Signing Walkthrough:

http://msdn.microsoft.com/en-us/windows/hardware/gg487328

Regards,
Tim.

5

xxxxx@hotmail.com wrote:

I found that it was not easy to pass DTM smoothly . everytime the PC reboot ,i should wait by the side of PC and press F8 to disable the signature .

Is there any methods to disable the signature as BCDEDIT command in Vista (without SP) : “bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS” ; or maybe the" test sign" would solved this , but it is not a good looking to release to end user, for there would be a “test sign signature” tab in the *.sys file properties ,and that would confused the end user .

Would Microsft consider to disable signature for DTM account as default setting . i thought that is not conflict to your policies as the end user rarely install the WLK package .
Maybe my thought is not good as the “disable signature” is not in the same level of “account” ? Nonetheless, the DMT tester would prefer to have that mechanism.

The RIGHT answer, of course, is to buy a certificate and sign your
driver. Then, all of these problems go away.

You’re trying to save a few bucks here, and the inconvenience is the
price you pay.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.