How to sign the driver Windows 10, 8.1 and Windows 7 x64 and x86

Windows 10, 8.1 and Windows 7 allow you to disable the required verification of digital driver signatures and install an unsigned driver, however, if in the latest OS versions you need to do on an ongoing basis, the change in options using BCDEDIT does not help. However, the driver's own signature can help and its subsequent installation, which will talk about.

In this manual, it is detailed how to independently sign the driver for Windows 10, 8.1 or Windows 7 x64 or 32-bit (x86) for the subsequent installation in the system on an ongoing basis without disconnecting the digital signature of the drivers, avoiding the errors like "Infidid Side The manufacturer does not contain information about the signature. "

What will need for driver signature

In order to perform all the steps described below, download and install the following tools from Microsoft:

• Microsoft Windows SDK for Windows 7 https://www.microsoft.com/en-us/download/details.aspx?id=8279
• Windows Driver Kit 7.1.0 https://www.microsoft.com/en-us/download/details.aspx?id=11800

From the first set, it will be enough to install Tools, from the second (it is an ISO image with the installer from which you want to start kitsetup.exe) - select Build Environments and Tools.

Please note: This is not the latest versions of the tools, but they are equally suitable for self-signature drivers for subsequent installation in all OS from Windows 10 to Windows 7, while the instructions will not need to go into some additional nuances.

Self signature process

In the process in order to sign the driver independently, we need: Create a certificate, sign the driver by this certificate, set the certificate in the system and install the driver. Let's start.

1. Create in the root of the disc from any folder (so it will be easier to contact it in the future), for example, C: \ CERT, where we will work with certificates and drivers.
2. Run the command line on behalf of the administrator (needed for the 18th step). Next, we use the following commands in order. Driver files do not yet need. During the execution of the second command, you will be asked to enter the password, I use Password in the query window and then in commands, you can use your own.
3. CD "C: \ Program Files \ Microsoft SDKS \ Windows \ v7.1 \ bin"
4. MakeCERT -R -SV C: \ CERT \ DRIVER.PVK -N CN = "REMONTKA" C: \ CERT \ DRIVER.CER
5. CERT2SPC C: \ CERT \ DRIVER.CER C: \ CERT \ DRIVER.SPC
6. PVK2PFX -PVK C: \ CERT \ DRIVER.PVK -PI PASSWORD -SPC C: \ CERT \ DRIVER.SPC -PFX C: \ CERT \ DRIVER.PFX -PO PASSWORD
7. Until this stage, everything should pass as on the screenshot below, do not close the command line.

   

8. In the C: \ CERT folder, create an invested folder, such as DrV and place your driver files there. But: If you need a driver for x64 only, do not copy .inf file for x86 systems to this folder and vice versa.

   

   In the command prompt, we use the following commands:
9. CD C: \ Winddk \ 7600.16385.1 \ Bin \ SelfSign \
10. inf2cat.exe / driver: "C: \ CERT \ DRV" / OS: 7_x64 / Verbose
11. In the previous command for the 32-bit driver, specify x86 instead of x64. If you are prompted to download .NET Framework, you will agree, install, and then re-run the command. Ideally, you will need to receive a message about the successful creation of .cat file for signature. However, errors are possible, about the most frequent - the next two points. After fixing errors, repeat the command from paragraph 10.
12. DriverVer Set to Incorrect Date - occurs when the driver files in the driver file until April 21, 2009. Solution: Open the .inf file from the DRV folder in a text editor (you can in notepad) and in the Driverver string, install another date (format: month / day / year).
13. Missing AMD64 CATALOGFILE ENTRY (for 64-bit) or Missing 32-bit Catalogfile Entry. Solution: Open the .inf file from the DRV folder in a text editor and in [VERSION] section. Add the CATALOGFILE = CATALOG.CAT string
14. As a result, you must receive a message: Catalog Generation Complete with the path to the directory file, in my case - C: \ CERT \ DRV \ Catalog.cat. Next, we use the following commands (Internet connection is required).

    

15. CD "C: \ Program Files \ Microsoft SDKS \ Windows \ v7.1 \ bin"
16. SIGNTOOL SIGN / F C: \ CERT \ DRIVER.PFX / P Password / t http://timestamp.verisign.com/scripts/TimeStamp.dll / V C: \ CERT \ DRV \ Catalog.cat
17. The result of the driver's signature of the driver without errors in the screenshot is below. The next step is to add a self-signed certificate to the list of trusted in the system, this can be done by the following two commands in order.

    

18. Certmgr.exe -ADD C: \ CERT \ DRIVER.CER -S -R LOCALMACHINE ROOT CERTMGR.EXE -ADD C: \ CERT \ DRIVER.CER -S -R LOCALMACHINE TRUSTEDPUBLISHER
19. As a result, you must receive the message "Certmgr Succeeded". If Failed or Certmgr.exe is not an internal or external command - make sure that the command line is running on the administrator name, and you are in the desired folder (see 15 step).

And now you can close the command line and install the driver from the C: \ CERT \ DRV folder using the device manager, or by right-clicking on .inf file and selecting the "Install" item. It will be necessary to confirm the installation of the driver in the "Failed to check the publisher of these drivers" - click "Set this driver anyway."

Please note that possible errors in the device manager displayed for the device with an independently signed driver usually do not have a relationship directly to the signature process (the same error will appear for them and without signature, with a simple disconnection of the digital signature of the drivers in special download options). Those. In this case, you need to look for something else and read the detailed instructions for using the driver (for example, in the case of drivers for FlashTool).