Windows XP custom USB class driver, pre-install without WHQL signing?

I'm working on a Windows driver for a USB device and the installation has to override the built-in class driver from Microsoft, so that the device uses my driver.

The driver is self-signed but not WHQL signed. Installation is not a problem on Vista or Win7, where SetupAPI acknowledges the driver as signed and selects it as the preferred driver over the built-in class driver.

However, this does not work on Windows XP SP3. The SetupAPI log tells me that it finds the driver, but considers it untrusted. (Log excerpt: "Driver node not trusted, rank changed from 0x00000001 to 0x0000c001")

Previous answers to similar questions here on stackoverflow, and other place开发者_运维知识库s, suggest that WHQL signing is the only way for this to work on XP. Is that really the case, or are there any known workarounds?

Does anybody have any links to resources with information about workarounds, or a solution to the problem?

I appreciate any help on the matter.

Yes, this is really the case.

I might've mentioned a workaround we use in my project, but it's irrelevant for you, as your product is intended for the broad market and you cannot rely on your devices having a static Device Instance ID. (To maintain a "known" Device Instance ID, we use a filter driver on top of the USB hub. I'm only mentioning this because you might be curious about that "mysterious" workaround we use.)

By the way, maybe you could rewrite your driver as a device filter driver. They're not subject to the same WHQL limitations.

Edit: If you're willing to install your certificate into your customers' root certificate stores (a risky choice that might alienate your customers), there might be a solution for you: Preinstalling WinXP USB drivers to be able to connect device without interaction