Forum Replies Created
-
Posts
-
I have made many attempts and finally found that after HCK testing, the. hck file obtained can be selected with these options after submission, which should solve this problem. (Actually, my HCK test failed, so my submission was rejected.)
Hope it’s helpful to everyone。
Requested Signatures:
Windows Server 2008
Windows Server 2008 X64
Windows Vista Client
Windows Vista Client X64
Windows Server 2003
Windows Server 2003 X64
Windows XP
Windows XP X64
Windows 2000Thank you, I may know the reason now. The previous certificate could directly sign the driver and run successfully. But after Microsoft banned it, this method no longer works. I noticed that the certificate used in the ndisrd demo will expire on August 25, 2024. Please try again with a new certificate when possible, and I suspect there will also be a 577 error.
=======================================================
The Microsoft Trusted Root Program no longer supports root certificates that have kernel mode signing capabilities.
The Microsoft Trusted Root Program no longer supports root certificates that have kernel mode signing capabilities.
For policy requirements, see Windows 10 Kernel Mode Code Signing Requirements.
Existing cross-signed root certificates with kernel mode code signing capabilities will continue working until expiration. As a result, all software publisher certificates, commercial release certificates, and commercial test certificates that chain back to these root certificates also become invalid on the same schedule. To get your driver signed, first Register for the Windows Hardware Dev Center program.
signtool sign /f Mycert.cer /tr http://timestamp.digicert.com /td sha256 /fd sha256 /csp "eToken Base Cryptographic Provider" /k "[{{TokenPasswordHere}}]=KeyContainerNameHere" myfile.exeThe command I used to sign sys and cat files failed with error 577. I noticed that the certificate for the ndisrd demo will expire on August 25, 2024. Please try using your new certificate to see if it can run on Windows 7/8. I suspect that my situation is related to ‘The Microsoft Trusted Root Program no longer supports root certificates that have kernel mode significant capabilities’.
Excuse me, did the ndisrd demo not use HCK testing? It works successfully on Win7/8, but mine will prompt that the signature is invalid. Error 577 is reported when executing the command ‘sc start ndisrd’.
The main reason is that the CA of my certificate is not in the system’s trusted list and needs to be manually imported. I mistakenly thought that HCK testing was needed.
Thank you, I succeeded! I just realized that sha1 signatures can still be used now.I don’t need an HCK test now.
The last step cannot be done without additional signatures (only retaining Microsoft signatures)
https://partner.microsoft.com/en-us/dashboard/hardware/driver/
Select All
Requested Signatures
Windows 10 Client versions 1506 and 1511 x64 (TH2)
Windows 10 Client version 1607 x64 (RS1)
Windows 10 Client version 1703 Client x64 (RS2)
Windows 10 Client version 1709 Client x64 (RS3)
Windows 10 Client version 1709 Client ARM64 (RS3)
Windows 10 Client version 1803 Client x64 (RS4)
Windows 10 Client version 1803 Client ARM64 (RS4)
Windows 10 Client version 1809 Client x64 (RS5)
Windows 10 Client version 1809 Client ARM64 (RS5)
Windows 10 19H1 Client x64
Windows 10 19H1 Client ARM64
Windows 10 Client version 2004 x64 (Vb)
Windows 10 Client version 2004 ARM64 (Vb)
Windows – Client, version 21H2 x64 (Co)
Windows – Client, version 21H2 ARM64 (Co)
Windows 11 Client, version 22H2 x64 (Ni)
Windows 11 Client, version 22H2 ARM64 (Ni)
Windows 11 Client, version 24H2 x64 (Ge)
Windows 11 Client, version 24H2 ARM64 (Ge)I have a sha256 EA certificate, and the process is to compile it ->package it into. cab (only sign cab, not sys inside) ->submit it to “partner.microsoft.com”, download it back and attach a signature to sys. Is there a problem with this step? According to this process, netfiltersdk runs well on Win7/8/10/11, but ndisrd only runs on Win10/11, so I suspect HCK testing is needed.
