Prev: CreateFile and GetVolumeInformation fail
Next: ndis 6.0 miniport bluescreen after miniportinitializeex
From: dzar on 16 Feb 2007 00:12
I'm trying to install some signed (Authenticode, not WHQL) PnP drivers
under XP without the user being prompted for either the "non-WHQL"
messages or the "find a driver" messages that are typical of PnP
installs. I understand that if I had WHQL signed drivers, this would be
supported, but under Vista this works much nicer and I was hoping
someone more experienced than I am would have some pointers.

I am installing drivers for a kernel USB device (two, actually) and
while I have used DPinst to install them, I get multiple PnP messages
during the install and when I plug my devices in. I expected DPinst to
help me hide all of that, but maybe that's only possible with WHQL
signed drivers?

I use the same install setup on Vista and it works great once I accept
the digital certificate.

Thanks,
Dave
From: Daniel Whitaker [MSFT] on 22 Feb 2007 16:57
Greetings,

>>I'm trying to install some signed (Authenticode, not WHQL) PnP drivers
>>under XP without the user being prompted for either the "non-WHQL"
>>messages or the "find a driver" messages that are typical of PnP
>>installs.

This can be due to the way your cert was created. Self signed
(authenticode) signatures don't work "out the gate" because they have not
been placed into the trusted certificate store as normal WHQL certs are (by
default they already exist there). You have to manually add the cert to
the "Trusted Root CA" and "Trusted Publishers" before the system considers
the signature valid and therefore subsequent drivers signed. This is also
referred to as a "test" certificate and is intended only for 1 machine. It
can not be used as a distribution cert to the public.

For test certs, I generally use the following command line with MAKECERT:

C:> makecert -r -pe -n "CN=Self Root CA" -b 01/01/2006 -e 01/01/2099 -eku
1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.6 -sv selfcert.pvk selfcert.cer

This usually works for me on XP just fine. Once you create it, you will
need to add it to the certificate store by right clicking on the PVK file
and manually selecting the above 2 stores. Once that's done, your driver
will be "considered" signed for your machine only. This can not be
automaticially installed on other machines.

Let me know if this helps or if you have any questions.

Best regards,

Daniel Whitaker
WDK Support
From: dzar on 22 Feb 2007 22:52
.... This can not be automaticially installed on other machines.

That's what I needed to know. What I read is that if I do not have WHQL
certification, I cannot do a "silent" install. Now it's time to bite the WHQL
bullet, I gather!

Thanks,
Dave
 | 
Pages: 1
Prev: CreateFile and GetVolumeInformation fail
Next: ndis 6.0 miniport bluescreen after miniportinitializeex