"Windows cannot verify the digital signature" for a driver I signed — what to do?
I have a kernel mode driver and I have to install it on 64-Bit Windows 7. It needs to be digitally signed. I digitally signed it using the dseo13b.exe
. But when I load the driver, I get an error in the system event log sa开发者_JAVA百科ying
The driver failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
I don't want to use the test signing mode. How do I resolve this? Do I need to get a certificate from Microsoft?
I have developed the driver and am now trying to make it work on the 64-Bit machine.
The whole point of signing is to guarantee the driver was released by source Microsoft trusts. This means the signature alone does not help you, your key has to be signed by MS for the chain of trust be in place.
You need to purchase an Authenticode certificate (from Verisign) to properly sign the driver for Windows x64. See the following links:
http://msdn.microsoft.com/en-us/windows/hardware/gg487317
http://msdn.microsoft.com/en-us/windows/hardware/gg487328
Certificates can be purchased here: http://www.verisign.com/code-signing/microsoft-authenticode/
More on this at the following links.
http://winprogger.com/cross-signing-kernel-mode-drivers/
http://winprogger.com/certificate-for-kernel-mode-driver-signing/
No. You don't need MS to sign it. You do need a code signing certificate that chains to something MS trusts. There is more than one vendor that can sell you the cert.
Try this: 1) Ensure that windows is fully updated. This actually fixed the problem on one of my pcs. 2) Check out https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/0b00c9d4-dff9-4fbe-b741-768c9b39349c/practical-windows-code-and-driver-signing-discussion?forum=wdk
This is an in depth (with references) doc.
The only reliable and effective way to get rid of "Windows cannot verify the digital signature" message is to disable digital signature enforcement through Windows startup options. The solution is temporarily and stays active during current Windows session, but it can be activated again during each startup. Here's a detail explanation for each Windows version: http://freewisdoms.com/windows-cannot-verify-the-digital-signature-code-52-driver-fix/
Ideally you should have digitally signed driver trusted by Microsoft. However, there is a workaround, but not recommended.
Windows 8 and above
- Search and open Recovery in System settings.
- Select Advanced start-up and Restart now.
- During booting, in Advanced Boot Options, select Disable Driver Signature Enforcement.
Note: This setting will apply to a single user session.
Windows 7
- Restart PC.
- Keep pressing F8 till Advanced Boot Options menu is shown.
- Select Disable Driver Signature Enforcement.
Source: How to Fix “Windows cannot verify the digital signature (Code 52)” Driver Problem?
精彩评论