Friday, November 18, 2011

How to sign device drivers with a test certificate

This: http://msdn.microsoft.com/en-us/library/bb530195.aspx has a long, unwieldy explanation.

Here is a much simpler, step-by-step protocol:
1) Run the following from an elevated CMD window (RunAs Administrator):
    bcdedit /set testsigning on
    bcdedit /set nointegritychecks on
2) Reboot
3) Make a certificate. From a DDK command line window, type:
    makecert -r -pe -ss MyTestCertStore -n "CN=MyTestCert" mytestcert.cer
4) From an elevated CMD window
    certmgr -add mytestcert.cer -s -r localmachine root
    certmgr -add mytestcert.cer -s -r localmachine trustedpublisher
5) From certmgr window that just opened in step one or two (or type certmgr):
  a) Right click on Trusted Root Certification Authorities -> All Tasks -> Import
  b) Navigate to the cert file you have just created in step (3) (mytestcert.cer).
  c) Say "yes"
6) To sign the driver:
    signtool sign /n MyTestCert /s "MyTestCert" yourdrivername.sys

Why can't our documentation people produce something similar???

1 comment:

John Green said...

Great Information, Thanks for Sharing