适用于 64 位 Windows 7 的廉价 Windows 驱动程序签名
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2847181/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Cheap Windows driver signing for 64 bit Windows 7
提问by kayahr
I need to install the libusb-win32driver on Windows 7 64 bit machines. This driver is open source so it is not digitally signed so I want to do this myself, but I wonder if this can be done WITHOUT paying lot of money. Is it possible to use a certificate which is NOT signed by Verisignor GlobalSign? Maybe self-signed or by using StartSSLinstead?
我需要在 Windows 7 64 位机器上安装libusb-win32驱动程序。这个驱动程序是开源的,所以它没有数字签名,所以我想自己做这个,但我想知道这是否可以在不花很多钱的情况下完成。是否可以使用未经 Verisign或GlobalSign签名的证书?也许是自签名或使用StartSSL代替?
And if yes, how do I do it? According to a how-to, The Practical Truth About x64 Kernel Driver Signing, I have to use a "cross-certificate" (and there are only six available on the Microsoft list and most of them are for CAs which are no longer active).
如果是,我该怎么做?根据操作方法,关于 x64 内核驱动程序签名的实际真相,我必须使用“交叉证书”(Microsoft 列表中只有六个可用,其中大部分用于不再处于活动状态的 CA) .
I don't care if the user is confronted with a warning message. I can even accept if the user has to install a special CAcertificate first. I only require that the driver runs without manually disabling the signature check on each Windows startup.
我不在乎用户是否遇到警告消息。如果用户必须先安装特殊的CA证书,我什至可以接受。我只需要驱动程序运行,而无需在每次 Windows 启动时手动禁用签名检查。
采纳答案by Luke
No, the driver has to be cross signed by one of those specific certificates and thus the driver has to be signed by one of those CAs. You can disable driver signing on the machine for testing purposes, but obviously you don't want to do this on production machines. Sorry, that's just the way it is.
不,驱动程序必须由这些特定证书之一交叉签名,因此驱动程序必须由这些 CA 之一签名。您可以出于测试目的在机器上禁用驱动程序签名,但显然您不想在生产机器上执行此操作。抱歉,事情就是这样。
回答by JCH2k
LibUSB_win32 is now already signed, according to http://sourceforge.net/apps/trac/libusb-win32/wiki
根据http://sourceforge.net/apps/trac/libusb-win32/wiki,LibUSB_win32现在已经签名
It says: "Vista/7/2008/2008R2 64 bit are supported from version 1.2.0.0 since a Microsoft KMCS accepted digital signature is embedded in the kernel driver libusb0.sys."
它说:“从版本 1.2.0.0 开始支持 Vista/7/2008/2008R2 64 位,因为 Microsoft KMCS 接受的数字签名嵌入在内核驱动程序 libusb0.sys 中。”
So the only thing you have to do is update your libusb_win32 driver.
所以你唯一需要做的就是更新你的 libusb_win32 驱动程序。
回答by J-16 SDiZ
To allow loading into kernel, you have to sign with those CA and have WHDL checked.
要允许加载到内核中,您必须与那些 CA 签署并检查 WHDL。
The only alternative would be using the user mode driver framework. (but libusbdoes not support it -- it was discussed, but never implemented)
唯一的选择是使用用户模式驱动程序框架。(但libusb不支持 - 讨论过,但从未实施)
