Vistas "Authenticode" .. a pain in the ...

[Sascha]

Vista refuses to load a driver and gives warnings in the logfiles about
that.

It doesn't BSOD or crash, it just refuses to load , just because it isn't
digitally signed !

In Beta2 and some RC of Vista it was possible to disable Code Integrity
Checks ( Signed Drivers ) via this command :

Bcdedit.exe -set nointegritychecks ON



This command has no function on rtm build x64 ( and x86 too ) of Windows.

I have the need to load a driver during startup, this is not written by any
Manufacturer or Hardwarevendor but by myself, so I want Vista to force
loading it for development purposes.

To develop on Betacode is not worth it, as rtm is out the door - so what can
I do ?


I searched this technet Howtos on BCDEDIT and cannot find how to permanently
disable codeintegritychecks for the Vista Kernel.

If somebody knows how to achieve this .

Any Help would be great.

I searched this technet Howtos on BCDEDIT and cannot find how to permanently
disable codeintegritychecks for the Vista Kernel.

http://technet2.microsoft.com/Windo...c349-427c-b035-c2719d4af7781033.mspx?mfr=true

"Digital Signatures for Kernel Modules.." :

http://209.85.129.104/search?q=cach...isable+codeintegrity&hl=de&gl=de&ct=clnk&cd=3

 

[Dennis Pack]

Sascha:
Press F8 during post, there you can disable driver signing for that
session. Have a great day.

 

[Jimmy Brush]

Instead of disabling driver signature checks, you could sign your driver
with a test certificate:

http://msdn2.microsoft.com/en-us/library/aa906285.aspx


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/

 

[Alexander Suhovey]

Instead of disabling driver signature checks, you could sign your driver
with a test certificate:
http://msdn2.microsoft.com/en-us/library/aa906285.aspx

The procedure and tools involved in the process of singning Vista drivers
with test certificates are also described in document OP was referring to:

Digital Signatures for Kernel Modules on Systems Running Windows Vista:
http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx

One of key steps is to configure Vista to accept test-signed drivers using
BCDEDIT (fortunately, this setting is permanent):

Bcdedit.exe -set TESTSIGNING ON

Othervise Vista requires one of hardcoded into kernel root certs to be in
certificate chain. Which means that you need to buy commercial software
publishing certificate.