Quiet Install Using DPinst under XP

Discussion in 'Windows Vista Drivers' started by dzar, Feb 16, 2007.

  1. dzar

    dzar Guest

    I'm trying to install some signed (Authenticode, not WHQL) PnP drivers
    under XP without the user being prompted for either the "non-WHQL"
    messages or the "find a driver" messages that are typical of PnP
    installs. I understand that if I had WHQL signed drivers, this would be
    supported, but under Vista this works much nicer and I was hoping
    someone more experienced than I am would have some pointers.

    I am installing drivers for a kernel USB device (two, actually) and
    while I have used DPinst to install them, I get multiple PnP messages
    during the install and when I plug my devices in. I expected DPinst to
    help me hide all of that, but maybe that's only possible with WHQL
    signed drivers?

    I use the same install setup on Vista and it works great once I accept
    the digital certificate.

    Thanks,
    Dave
     
    dzar, Feb 16, 2007
    #1
    1. Advertisements

  2. Greetings,

    This can be due to the way your cert was created. Self signed
    (authenticode) signatures don't work "out the gate" because they have not
    been placed into the trusted certificate store as normal WHQL certs are (by
    default they already exist there). You have to manually add the cert to
    the "Trusted Root CA" and "Trusted Publishers" before the system considers
    the signature valid and therefore subsequent drivers signed. This is also
    referred to as a "test" certificate and is intended only for 1 machine. It
    can not be used as a distribution cert to the public.

    For test certs, I generally use the following command line with MAKECERT:

    C:> makecert -r -pe -n "CN=Self Root CA" -b 01/01/2006 -e 01/01/2099 -eku
    1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.6 -sv selfcert.pvk selfcert.cer

    This usually works for me on XP just fine. Once you create it, you will
    need to add it to the certificate store by right clicking on the PVK file
    and manually selecting the above 2 stores. Once that's done, your driver
    will be "considered" signed for your machine only. This can not be
    automaticially installed on other machines.

    Let me know if this helps or if you have any questions.

    Best regards,

    Daniel Whitaker
    WDK Support
     
    Daniel Whitaker [MSFT], Feb 22, 2007
    #2
    1. Advertisements

  3. dzar

    dzar Guest

    .... This can not be automaticially installed on other machines.

    That's what I needed to know. What I read is that if I do not have WHQL
    certification, I cannot do a "silent" install. Now it's time to bite the WHQL
    bullet, I gather!

    Thanks,
    Dave
     
    dzar, Feb 23, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.