I have a kernel mode driver and I have to install it on 64 bit win 7. It needs to be digitally signed. I digitally signed it using the dseo13b.exe. But when I load the driver I get error in the system event log saying
The driver failed to start due to the following error: Windows cannot
verify the digital signature for this file. A recent hardware or
software change might have installed a file that is signed incorrectly
or damaged, or that might be malicious software from an unknown
source.
I don't want to use the test signing mode. How do I resolve this? Do I need to get certificate from Microsoft?
I have developed the driver and now making it work on the 64 bit machine.
My company might purchase the certificate from verisign but What do I do after I acquire a certificate. How do I link the driver file with the certificate I get? And Also how do I link the cross certificate downloaded from internet with the certificate I get from verisign? I read the doc KMSC_WalkThru (How to Release-Sign a Kernel Module) but these things were not clear from it. Can you please help.
Also How do I get the following:
mySPCfile.spc Your public key certificate file.
myPVKfile.pvk Your private key certificate file.
myPVKpassword
The password for the private key certificate file. Mentioned in here
Best Answer
Yes, you need to purchase a certificate from a Trusted Certificate Authority. If anyone could make a certificate, there'd be countless certificates claiming to be "Microsoft Corporation" and it would be virus heaven.
That document you mention is what I used to learn how to sign drivers. I highly recommend you set aside a few days and run through it start to finish. I spent a good part of the week going through it.
All I can offer on top of that is the following batch file which I execute from VS2010 in post-build. It uses a certificate from the computer's certificate store, not a file. The reason it's so complex is I use it in many different circcumstances for many different projects.
Sign.bat