tags:

views:

486

answers:

3
+2  Q: 

Cheap windows driver signing for 64 bit Windows 7

I need to install the libusb-win32 driver on Windows 7 64 bit machines. This driver is open source so it is not digitally signed so I want to do this my self but I wonder if this can be done WITHOUT paying lot of money. Is it possible to use a certificate which is NOT signed by Verisign or GlobalSign? Maybe self-signed or by using StartSSL instead? And if yes, how do I do it? According to this howto I have to use a "cross-certificate" (And there are only six available on the Microsoft list and most of them are for CAs which are no longer active)

I don't care if the user is confronted with a warning message. I can even accept if the user has to install a special CA certificate first. I only require that the driver runs without manually disabling the signature check on each windows startup.

A: 

To allow loading into kernel, you have to sign with those CA and have WHDL checked.

The only alternative would be using the user mode driver framework. (but libusb does not support it -- it was discussed, but never implemented)

J-16 SDiZ  2010-05-17 07:15:48
Can you explain what "WHDL checked" means?
kayahr  2010-05-17 07:20:58
Drivers don't need to go through WHQL to be loaded onto x64 Windows, they just need to be signed.
BruceCran  2010-09-12 00:09:56
A: 

You could try CACert as a means to getting a free certificate.

Jason Williams  2010-05-17 07:49:03
And how do I use it? I have to specify a "cross-certificate" (Provided by Microsoft for six listed CAs) when I use signtool.exe to sign the driver. How do I do that with a CA for which Microsoft doesn't give me a cross-certificate?
kayahr  2010-05-17 07:52:59
I don't know - I don't develop drivers. I assume (perhaps incorrectly) that if you need a free certificate, the above *might* be a helpful lead.
Jason Williams  2010-05-17 10:40:49
CACert give out SSL certificates. The browsers don't trust them by default, and Windows certainly doesn't. Probably the cheapest option is going to be to buy a certificate from GlobalSign. Tucows give out free Authenticode certificates for people writing open source software, but those can't be used for signing drivers.
BruceCran  2010-09-12 00:14:22
+2  A: 

No, the driver has to be cross signed by one of those specific certificates and thus the driver has to be signed by one of those CAs. You can disable driver signing on the machine for testing purposes, but obviously you don't want to do this on production machines. Sorry, that's just the way it is.

Luke  2010-05-17 13:33:34
And there is no way to inject a custom CA certificate so Windows accepts drivers signed by this custom CA?
kayahr  2010-05-18 06:41:07
No, the driver needs to be cross-signed with one of the certificates Microsoft provides. You can add your own CA certificate, but without a matching cross-signing certificate it's not going to help you; only Microsoft can generate the cross-signing certificates.
Luke  2010-05-18 18:49:57

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)