Author Topic: Code signing certificate 64-bit driver  (Read 4907 times)

Offline windoze

  • Newbie
  • *
  • Posts: 2
Code signing certificate 64-bit driver
« on: January 08, 2015, 07:29:46 PM »
Hello,

I just received my Comodo code signing certificate today, picked it up through my browser and exported it (with private key) to a .pfx file. I am able to sign Windows executables fine and when I run a .exe I see the proper publisher information as expected but I have not been able to load any 64-bit kernel drivers that I have signed. I am very confused as to which cross-certificate I need. The ones I have tried are successfully signed (no errors or warnings) but Windows 7 x64 continues to prompt me saying that Windows only supports signed drivers. During the ordering process from ksoftware I selected "SHA1" since it was recommended for signing drivers. I don't know what's going on here. I am using the following command to sign

signtool.exe sign /v /ac "AddTrust External CA Root.crt" /f MyCert.pfx /p XxX /tr http://timestamp.comodoca.com/rfc3161 "c:\driver.sys"

Offline windoze

  • Newbie
  • *
  • Posts: 2
Re: Code signing certificate 64-bit driver
« Reply #1 on: January 08, 2015, 09:18:36 PM »
After running a few more tests I realized that I was in fact signing the driver correctly with the cross-certificate because it now loads on Windows 8 x64 and Windows 10 (technical preview) x64. I do however have a major problem since Windows 7 x64 will not load my signed drivers. I ordered the SHA-1 specifically to sign drivers and avoid this kind of mess. How can I verify that I do in fact have a SHA-1 cert? I've read on here that SHA-2 has issues with Windows 7 and vista driver signing, perhaps I was given a SHA-2 cert?

Offline Aftn

  • Newbie
  • *
  • Posts: 2
Re: Code signing certificate 64-bit driver
« Reply #2 on: December 27, 2015, 02:30:27 AM »
Hello!
I have the same problem.
I have not been able to load any 64-bit kernel drivers that I have signed with my SHA256 Kernel Mode Code Signing (KMCS) certificate.
Instead I get Code 52 error - "Windows cannot verify digital signature".
How did You solve that issue?
« Last Edit: December 27, 2015, 04:37:25 AM by Aftn »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek