powershelldriverself-signed-certificateinf

Do drivers INF signed using self made certificates really dont work unless i go into testsigning mode on my windows?


im sorry if this sounds stupid,

I discovered this PS2 Eyetoy driver online that someone created to use the eyetoy as a webcam on my PC, it works if i install the driver and go to testsigning mode on my windows 10, but i really want to use it with testsign mode off.

so i have been doing research on how to self sign my drivers and i followed this tutorial

I was able to sign the INF driver but, it still only works on testsigning mode. it said error code 53 when not on testsigning mode.

and i observed that other working drivers says "This driver is digitally signed" but mine says "This is signed by an Authenticode(TM) signature"

This method was done by New-SelfSignedCertificate feature of powershell then signed by windows WDK kit.

I saw another method using openSSL, will i get the same result

is it not possible to do this using self signed certificates ?

Thank you!


Solution

  • Ok, so.. there's like an unlikely answer to your question, and then there are assured solutions to your actual problem.

    Putting aside user-mode drivers, as I explained at lengths in another question you can in fact self-sign whatever customized driver packages you want as long as the kernel module itself still retains a valid signature. But despite sounding good here, that's nonetheless a problem because I'm going to assume you are probably talking about this, the usual old Hercules Classic Webcam driver repurposed for different cameras. And it doesn't have a signature embedded into the .sys, but rather it is detached into the same .cat file that you are going to invalidate with your .inf edit.

    The instructions argue that you can just play with the boot configuration, just temporarily enable test mode, and then calling it a day (and by all means you should still take a stab at it.. they did seem to report some degree of success even in W10, at least with its older versions?) but I'm skeptical that could continue to work even after you restore the boot settings to normal. I wouldn't definitively rule this out as impossible then (as I hint at the end of my first link above, maybe you could try to install the original Vista 64 driver and then see if test-signing your modifications survives) but I wouldn't hold my breath.

    For the love of everything though, please disable Secure Boot while you do all this tinkering. I'm not sure how specifically it could interfere, but it's certainly not going to help.


    With this said then, there are actually quite a few ways that this problem could be tackled (given this question is kinda worded about pulling this off at all for you rather than to ship to production or something). You can also: