Jump to content
LaptopVideo2Go Forums
Sign in to follow this  
Followers 0
ricktendo64

Why not sign your INF's?

By ricktendo64, in Projects, Tools, Utilities & Customized INFs

Recommended Posts

ricktendo64    0

ricktendo64
Posted

I know a guy who is doing a unofficial service pack 4 for XP and I had a couple drivers INF that I updated and needed to be signed, so I asked him if he could do it and he did... All that was needed after this was to apply a REG file to make the certificate he uses 'Trusted' and then one can install the INF without the need to Disable Driver Signature Enforcement

 

Here are the drivers in case you think this would be a good idea

 

http://adf.ly/1713566/winusbdrv
MD5: 1f4767332798a2f57cbca2baeab9d659
Size: 8.50

Share this post

Link to post
Share on other sites

erp-ster7n    0

erp-ster7n
Posted

does this tip apply to Windows versions like Vista, 7 & 8.x?  what about XP?

Share this post

Link to post
Share on other sites

ricktendo64    0

ricktendo64
Posted

The INF and files are signed for Vista and 7 x86/x64, I asked him to leave out XP because there was no need for it

 

These are some instructions on how he does the signing

 

http://www.ryanvm.net/forum/viewtopic.php?p=136382#136382

Share this post

Link to post
Share on other sites

ricktendo64    0

ricktendo64
Posted

OK so I found a pretty EASY way to create a PFX for use with signing drivers, its SelfCert

 

1- Use SelfCert to generate your PFX, input these into the dialog boxes

 

x.500 distinguished name: cn=name_here,o=org_here,e=email@example.com

Key size: 2048

Valid from: today

Valid to: your choice (5-10 yrs is good IMO)

 

Now put in a password in and save as PFX

 

Here is a example list from a WHQL cert with other optional information you can use in distinguished name selfcert box:

CN = Microsoft Windows Hardware Compatibility PCA
O = Microsoft Corporation
L = Redmond
S = Washington
C = US

E = Your Email

 

OK now that you have your PFX, you can generate a CAT for your modded driver and sing it (you will need the latest Windows Driver Kit)

 

Re-generate a new CAT with Inf2Cat

Inf2Cat /driver:<path_to_folder_with_INF_&_Files> /os:Vista_X86,Vista_X64,Server2008_X86,Server2008_X64,7_X86,7_X64,Server8_X64,8_X86,8_X64,Server6_3_X64,6_3_X86,6_3_X64

Sign the new CAT with your PFX

signtool sign /f <filename>.pfx /p <password> "<path_to_folder>\nv_disp.cat"

Finally timesamp your CAT

signtool timestamp /t http://timestamp.verisign.com/scripts/timstamp.dll "<path_to_folder>\nv_disp.cat"

Now what you need to do, is get the cert from your PFX, install it in the Trusted Root Cert. Auth. and get the reg from this to give to users to apply

 

If the admin needs help with this I would be willing to help over Skype, PM me if interested


 

Share this post

Link to post
Share on other sites

mobilenvidia    0

mobilenvidia
Posted

I'll have a closer look at this once i get my self sorted with new ISP, currently surfing via Cellphone, bit cumbersome

Taking a bit of time to get it setup.

definitely very interesting stuff

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...