How to test Sign the driver in Windows Vista and Server 2008

windows_logoMany of us use to skip the Driver signature warning message while installing the Windows driver. But this is not possible in the case of Windows Vista and Server 2008 – 64-bit editions. In case of 64-bit systems, it is becoming mandatory to digitally sign the driver. Getting the digital signature is the final process for any Windows driver development. To get it done, your driver has to pass through Windows WHQL test.

All these are fine. But how can a driver developer test the driver during development? Microsoft has formulated a procedure for that. Here is a HOWTO on that.

Step 1. Make sure that your driver is build successfully in development system. Create a batch file called sign_driver.cmd in the driver build directory. Sample batch file given at the end of this HOWTO. Just go through the script and replace your driver files name wherever necessary.

Step 2. Ensure that your INF file is available in build directory. Run the sign_driver.cmd from WDK (Windows Driver Kit) build command prompt. In case of Server 2008, pass the argument to the script as “Server2008_X64”. In case of Vista, argument is “Vista_X64”.

Step 3. The script will generate signed catalog file in build directory and signed driver file (.sys) in AMD64 directory. Now your signed driver is ready., i.e, INF file, signed catalog file and SYS file. Apart from thse you will find MyCertificate.cer file also. We need this later.

Step 4. Now let us go to Driver Test Machine. Here you have two options. One is to run this machine in Debug mode. Another option is to run the machine with TESTSIGNING option enabled. Please refer bcdedit command to enable one of these.

Step 5. Now it is time to install the MyCertificate.cer in the Driver Test Machine. You have to install this certificate in Trusted Root Certification Authorities and Root Publishers certificate stores. Just double click this file and follow the wizard to do the same.

Step 6. Yes, we are done. Now install the signed driver in Test Machine. You should not get signature warning since you are using a test signed driver. Enjoy 🙂

——————————— Start of sign_driver.cmd ——————————–

@echo off
REM Driver Test-Sign tool for Windows Server 2008 and Vista – 64 bit editions only

REM Delete any old certificates
certmgr -del -all -s PrivateCertStore >junk.txt
set CERTDIR=%CD%
del junk.txt
set myproc=AMD64
cls

echo *********************  Driver Test-Sign tool ***********************
if “%1” == “Server2008_X64” goto Continue
if not “%1” == “Vista_X64” goto Error

:Continue
echo Creating a self signed certificate in PrivateCertStore of local machine
Makecert -r -pe -ss PrivateCertStore -n “CN=MyCertificate” MyCertificate.cer
pause

echo It is time to create a catalog file for your driver. Ensure that .inf file available.
copy %myproc%\your_driver.sys %CERTDIR%
inf2cat.exe /driver:%CERTDIR% /os:%1
pause

echo Okey, now let us sign the driver file and catalog file
SignTool sign /s PrivateCertStore %CERTDIR%\%myproc%\your_driver.sys
SignTool sign /s PrivateCertStore %CERTDIR%\your_driver.cat

goto End

:Error
echo “Syntax sign_driver <Server2008_X64 | Vista_X64>”

:End

———————————- End of sign_driver.cmd ——————————–

Refer this MSDN Link for more details.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *