1

我正在尝试在 Windows 10 (10.0.18362) 上安装自签名内核驱动程序,这是我遵循的步骤和我得到的错误。如何解决这个问题?谢谢

c:\>makecert -r -pe -ss PrivateCertStore -n CN=Contoso.com(Test) -eku 1.3.6.1.5.5.7.3.3 ContosoTest.cer

c:\>certmgr /add ContosoTest.cer /s /r localMachine root
// now manually verified Cert Store, yes the Contoso test cert is there

c:\>Signtool sign /v /fd sha256 /s PrivateCertStore /n Contoso.com(Test) /t http://timestamp.digicert.com "C:\VC\TPriority\x64\TPriorityDriver.sys"

c:\>sc create "TPriority" binPath="c:/windows/system32/drivers/TPriorityDriver.sys" type=kernel

// now copied file TPriorityDriver.sys to "C\Windows\System32\drivers" path

c:\>sc start "TPriority"
[SC] StartService FAILED 577:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
4

1 回答 1

1

阅读驱动程序签名让我相信自签名证书不适用于驱动程序,无论证书是否安装在根存储中。您也许可以完全禁用证书检查以进行测试(我知道这曾经是可能的,但不确定是否仍然如此)但我不建议在任何东西上使用,除非是一次性 VM 或完全气隙的硬件。

于 2020-08-27T19:53:24.237 回答