About Kernel Mode Code Signing in 64 bit Vista

Discussion in 'Windows Vista Drivers' started by shou nagai, Jul 13, 2006.

  1. shou nagai

    shou nagai Guest

    Hello! all!

    I have a question about Kernel Mode Code Signing in 64bit Vista.

    If I don't use Windows Logo program and I use selfsign,
    all selfsign methods need to import the certification in the evaluation PC.
    Is my understanding right?
    If it is no, could you please teach about KMCS that doesn't have to import
    the certification?

    Thank you.

    Regards,
    Shoh
     
    shou nagai, Jul 13, 2006
    #1
    1. Advertisements

  2. shou nagai

    minway Guest

    You will need to sign your driver binary and your catalog file with
    your PIC(certificate).
    The target PC doesn't need to import any certificate.
     
    minway, Jul 31, 2006
    #2
    1. Advertisements

  3. You need to sign with a Software Publisher Certificate for which Microsoft
    has issued a Cross Certificate for the issuer of the Software Publisher
    Certificate. All of these vendors are already in the Trusted Root store of
    the OS.

    So, you do not need to add certificates to the Trusted Root store. You need
    to obtain a Software Publisher Certificate from a vendor that is already
    there.

    For a list of Certificate vendors that have Cross Certificates, check the
    WHDC website.

    -Jennifer
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jennifer Stepler [MSFT], Sep 29, 2006
    #3
  4. shou nagai

    RichN Guest

    Jennifer,
    I have a 64-bit kernel-mode driver that I want to be usable with 64 bit
    Vista. I recently (Oct 11, 2006) called VeriSign to purchase a Software
    Publisher Certificate (SPC) and the the tech support person informed me that
    "VeriSign has not yet been approved as Certificate Authority (CA) vendor for
    Vista". Assuming the tech support person new what they were talking about, I
    thought this was strange since Verisign has a cross certificate.

    Can you point me to a CA from which I can buy a SPC that can be used with
    64-bit Vista?

    Thank you!
     
    RichN, Oct 11, 2006
    #4
  5. Hi Rich,
    What you want to get from Verisign is a "class 3" code signing certificate.
    If you tell the Verisign support that you are a software publisher and need a
    certificate to sign code, you will get the right thing. Certificates are not
    specific to any given Windows OS.

    You can see the list of other vendors from which you can obtain a
    certificate at "cross certifcate" website.
    (http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx)

    I don't have contact information or know the process for obtaining their
    certs. Sorry.

    Jennifer
     
    Jennifer Stepler [MSFT], Oct 26, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.