Reputation:
"Windows cannot verify the digital signature" for a driver I signed — what to do?
I have a kernel mode driver and I have to install it on 64-Bit Windows 7. It needs to be digitally signed. I digitally signed it using the dseo13b.exe. But when I load the driver, I get an error in the system event log saying
The driver failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
I don't want to use the test signing mode. How do I resolve this? Do I need to get a certificate from Microsoft?
I have developed the driver and am now trying to make it work on the 64-Bit machine.
Upvotes: 2
Views: 14423
Answers (6)
Reputation: 166319
Ideally you should have digitally signed driver trusted by Microsoft. However, there is a workaround, but not recommended.
Windows 8 and above
- Search and open Recovery in System settings.
- Select Advanced start-up and Restart now.
- During booting, in Advanced Boot Options, select Disable Driver Signature Enforcement.
Note: This setting will apply to a single user session.
Windows 7
- Restart PC.
- Keep pressing F8 till Advanced Boot Options menu is shown.
- Select Disable Driver Signature Enforcement.
Source: How to Fix “Windows cannot verify the digital signature (Code 52)” Driver Problem?
Upvotes: 0
Reputation: 31
The only reliable and effective way to get rid of "Windows cannot verify the digital signature" message is to disable digital signature enforcement through Windows startup options. The solution is temporarily and stays active during current Windows session, but it can be activated again during each startup. Here's a detail explanation for each Windows version: http://freewisdoms.com/windows-cannot-verify-the-digital-signature-code-52-driver-fix/
Upvotes: 0
Reputation: 171
No. You don't need MS to sign it. You do need a code signing certificate that chains to something MS trusts. There is more than one vendor that can sell you the cert.
Try this: 1) Ensure that windows is fully updated. This actually fixed the problem on one of my pcs. 2) Check out https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/0b00c9d4-dff9-4fbe-b741-768c9b39349c/practical-windows-code-and-driver-signing-discussion?forum=wdk
This is an in depth (with references) doc.
Upvotes: 1
Reputation: 31
More on this at the following links.
http://winprogger.com/cross-signing-kernel-mode-drivers/
http://winprogger.com/certificate-for-kernel-mode-driver-signing/
Upvotes: 1
Reputation: 6425
You need to purchase an Authenticode certificate (from Verisign) to properly sign the driver for Windows x64. See the following links:
http://msdn.microsoft.com/en-us/windows/hardware/gg487317
http://msdn.microsoft.com/en-us/windows/hardware/gg487328
Certificates can be purchased here: http://www.verisign.com/code-signing/microsoft-authenticode/
Upvotes: 2
Reputation: 4359
The whole point of signing is to guarantee the driver was released by source Microsoft trusts. This means the signature alone does not help you, your key has to be signed by MS for the chain of trust be in place.
Upvotes: 3
Related Questions
- Windows 10 driver reported by SignTool as having no signature, but is signed
- Disable signature enforcement
- Windows Driver - Unable to sign my own driver correctly
- Win7 64bit legacy nt4 driver signing issue
- Failure in create signed driver by Microsoft
- How to Sign My Driver? And is it necessary?
- How to sign my driver so it will install on Windows 7 64-bit?
- Windows 8.1 and signed driver problems
- Driver Install Fails Because Cross Signing Chain doesn't contain microsoft
- Uncertified Windows Driver