Driver Signing

[Kurt Harriger]

I'm trying to install VMWare v 1.0.3-44356 on Vista x64 but keep getting an
error that windows requires a signed driver. I've tried restarting and
selecting Disable Driver Signing option, tried Bcdedit.exe /set
nointegritychecks ON, and gpedit changing the Code Signing for drivers
drivers setting to enabled/ignore. None of these have worked, and I still
get a error when installing VMWare. Whats the deal?

- Kurt

 

[Paul Adare]

I'm trying to install VMWare v 1.0.3-44356 on Vista x64 but keep getting an
error that windows requires a signed driver. I've tried restarting and
selecting Disable Driver Signing option, tried Bcdedit.exe /set
nointegritychecks ON, and gpedit changing the Code Signing for drivers
drivers setting to enabled/ignore. None of these have worked, and I still
get a error when installing VMWare. Whats the deal?

All kernel mode drivers in Vista x64 must be signed and there is no way
around that at all with x64. VMWare will need to get their drivers signed.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

 

[Kurt Harriger]

Can I self-sign them?

I can understand a signature requirement if vista actually validates the
signature and ensures the file has not been altered at every startup (which
I kinda doubt) in which case vista should just give me the option to
self-sign it, but if only used to tell me who the author the file then its a
stupid feature and should be removed or at least have the option to disable
it, in either case I should be able to install the drivers if I want to
without having to jump over a bunch of artifical walls MS puts in my way.

- Kurt

 

[Paul Adare]

Can I self-sign them?

No.

 

[Brian Komar]

Can I self-sign them?

I can understand a signature requirement if vista actually validates the
signature and ensures the file has not been altered at every startup (which
I kinda doubt) in which case vista should just give me the option to
self-sign it, but if only used to tell me who the author the file then its a
stupid feature and should be removed or at least have the option to disable
it, in either case I should be able to install the drivers if I want to
without having to jump over a bunch of artifical walls MS puts in my way.

- Kurt

To do this you must switch back to the 32-bit OS. 64-bit *requires* signed
drivers, no exceptions.
Sorry to be blunt, but that is the way it is
Brian

 

[mikeyhsd]

isn't there a newer version of vmware that works in visa 64 including the driver signing part.



(e-mail address removed)

Can I self-sign them?

No.

 

[Darrell Gorter[MSFT]]

Hello Kurt,
Read the following paper for driver signing options.
http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx

Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|>From: "Kurt Harriger" <[email protected]>
|>References: <[email protected]>
<[email protected]>
|>In-Reply-To: <[email protected]>
|>Subject: Re: Driver Signing
|>Date: Mon, 30 Apr 2007 15:36:32 -0600
|>Lines: 39
|>Message-ID: <[email protected]>
|>MIME-Version: 1.0
|>Content-Type: text/plain;
|> format=flowed;
|> charset="iso-8859-1";
|> reply-type=original
|>Content-Transfer-Encoding: 7bit
|>X-Priority: 3
|>X-MSMail-Priority: Normal
|>X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
|>X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
|>X-MS-CommunityGroup-PostID: {9FE23A04-41A8-4584-B952-993D4DBFBDAD}
|>X-MS-CommunityGroup-ThreadID: D7445439-EB95-4157-8D37-518537CAD920
|>X-MS-CommunityGroup-ParentID: E68AF057-E7D3-4954-8A3D-935B8856C61D
|>Newsgroups: microsoft.public.windows.vista.security
|>Path: TK2MSFTNGHUB02.phx.gbl
|>Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.security:4967
|>NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
|>X-Tomcat-NG: microsoft.public.windows.vista.security
|>
|>Can I self-sign them?
|>
|>I can understand a signature requirement if vista actually validates the
|>signature and ensures the file has not been altered at every startup
(which
|>I kinda doubt) in which case vista should just give me the option to
|>self-sign it, but if only used to tell me who the author the file then
its a
|>stupid feature and should be removed or at least have the option to
disable
|>it, in either case I should be able to install the drivers if I want to
|>without having to jump over a bunch of artifical walls MS puts in my way.
|>
|>- Kurt
|>
|>
|>|>> On Mon, 30 Apr 2007 00:04:11 -0600, Kurt Harriger wrote:
|>>
|>>> I'm trying to install VMWare v 1.0.3-44356 on Vista x64 but keep
getting
|>>> an
|>>> error that windows requires a signed driver. I've tried restarting and
|>>> selecting Disable Driver Signing option, tried Bcdedit.exe /set
|>>> nointegritychecks ON, and gpedit changing the Code Signing for drivers
|>>> drivers setting to enabled/ignore. None of these have worked, and I
|>>> still
|>>> get a error when installing VMWare. Whats the deal?
|>>
|>> All kernel mode drivers in Vista x64 must be signed and there is no way
|>> around that at all with x64. VMWare will need to get their drivers
signed.
|>>
|>> --
|>> Paul Adare
|>> MVP - Windows - Virtual Machine
|>> http://www.identit.ca
|>> "The English language, complete with irony, satire, and sarcasm, has
|>> survived for centuries without smileys. Only the new crop of modern
|>> computer geeks finds it impossible to detect a joke that is not clearly
|>> labeled as such."
|>> Ray Shea
|>
|>

 

[Kurt Harriger]

Thanks. I think managed to get the driver installed using a test
certificate, been years since I wrote any C code, good fun! The device now
appears in device manager and says its working properly but still having
some errors when starting the services. "The VMware vmx86 service failed to
start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware
or software change might have installed a file that is signed incorrectly or
damaged, or that might be malicious software from an unknown source."
Although, I just noticed while trying to reinstall it that I'm missing some
other drivers, I got lucky with the network drivers and stumbled on the dir
it placed the drivers and associated inf file during install, but don't see
where it put the other drivers, so perhaps the error has nothing to do with
the network drivers but with the other drivers I didn't sign. I'll mess
around with it a bit more some other day see if I can't use the windows
installer sdk to extract the other driver files out of the msi, hopefully
VMWare will beat me to it and I wont need to bother . I'm actually kinda
surprised I got as far as I did.

Anyways, thanks for your help.

- Kurt

Hello Kurt,
Read the following paper for driver signing options.
http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx

Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|>From: "Kurt Harriger" <[email protected]>
|>References: <[email protected]>
<[email protected]>
|>In-Reply-To: <[email protected]>
|>Subject: Re: Driver Signing
|>Date: Mon, 30 Apr 2007 15:36:32 -0600
|>Lines: 39
|>Message-ID: <[email protected]>
|>MIME-Version: 1.0
|>Content-Type: text/plain;
|> format=flowed;
|> charset="iso-8859-1";
|> reply-type=original
|>Content-Transfer-Encoding: 7bit
|>X-Priority: 3
|>X-MSMail-Priority: Normal
|>X-Newsreader: Microsoft Windows Mail 6.0.6000.16386
|>X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16386
|>X-MS-CommunityGroup-PostID: {9FE23A04-41A8-4584-B952-993D4DBFBDAD}
|>X-MS-CommunityGroup-ThreadID: D7445439-EB95-4157-8D37-518537CAD920
|>X-MS-CommunityGroup-ParentID: E68AF057-E7D3-4954-8A3D-935B8856C61D
|>Newsgroups: microsoft.public.windows.vista.security
|>Path: TK2MSFTNGHUB02.phx.gbl
|>Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.security:4967
|>NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
|>X-Tomcat-NG: microsoft.public.windows.vista.security
|>
|>Can I self-sign them?
|>
|>I can understand a signature requirement if vista actually validates the
|>signature and ensures the file has not been altered at every startup
(which
|>I kinda doubt) in which case vista should just give me the option to
|>self-sign it, but if only used to tell me who the author the file then
its a
|>stupid feature and should be removed or at least have the option to
disable
|>it, in either case I should be able to install the drivers if I want to
|>without having to jump over a bunch of artifical walls MS puts in my
way.
|>
|>- Kurt
|>
|>
|>|>> On Mon, 30 Apr 2007 00:04:11 -0600, Kurt Harriger wrote:
|>>
|>>> I'm trying to install VMWare v 1.0.3-44356 on Vista x64 but keep
getting
|>>> an
|>>> error that windows requires a signed driver. I've tried restarting
and
|>>> selecting Disable Driver Signing option, tried Bcdedit.exe /set
|>>> nointegritychecks ON, and gpedit changing the Code Signing for
drivers
|>>> drivers setting to enabled/ignore. None of these have worked, and I
|>>> still
|>>> get a error when installing VMWare. Whats the deal?
|>>
|>> All kernel mode drivers in Vista x64 must be signed and there is no
way
|>> around that at all with x64. VMWare will need to get their drivers
signed.
|>>
|>> --
|>> Paul Adare
|>> MVP - Windows - Virtual Machine
|>> http://www.identit.ca
|>> "The English language, complete with irony, satire, and sarcasm, has
|>> survived for centuries without smileys. Only the new crop of modern
|>> computer geeks finds it impossible to detect a joke that is not
clearly
|>> labeled as such."
|>> Ray Shea
|>
|>