Page 1 of 1

Disable certification enforcing during dev phase.

Posted: Tue May 05, 2015 10:09 am
by Davita
Hi guys. I think the title says it all. I'm aware that madshi added driver signing for security reason and he did it right, but I don't see why the library should require it during development. As you already know, windows has a feature to boot in unsecured mode where you can run unsigned drivers, for development purpose of course. I understand that it would be a bit risky, but I think it's possible to configure the driver to run on one specific hardware, just like we are configuring it to work with specific injection dlls.
What do you think? Is it doable/possible?

Thanks.

Re: Disable certification enforcing during dev phase.

Posted: Tue May 05, 2015 10:15 am
by madshi
I guess it should be possible, but I haven't tried it myself. Signing is pretty fast, so I don't see much of an advantage *not* doing it. Unless you don't have a certificate, of course...

Re: Disable certification enforcing during dev phase.

Posted: Tue May 05, 2015 10:25 am
by Davita
Yes, it's very fast and technically not a problem at all. The problem is that development takes time, and certificate costs money. It's an expense that can be avoided I think :)

Re: Disable certification enforcing during dev phase.

Posted: Tue May 05, 2015 10:28 am
by madshi
Ok. You could also google "selfcert". Maybe that helps. But I haven't tried that one myself, either.

Re: Disable certification enforcing during dev phase.

Posted: Tue May 05, 2015 10:34 am
by Davita
You mean self signing the certificate? It will work if the driver doesn't check if it is signed with trusted certificate provider... Does it? :)

Re: Disable certification enforcing during dev phase.

Posted: Tue May 05, 2015 12:05 pm
by madshi
My driver doesn't currently check whether it's signed at all. As long as you make the OS happy, the driver is happy, too.

Re: Disable certification enforcing during dev phase.

Posted: Wed May 06, 2015 9:49 am
by Davita
Thats quite a news. I saw Iconic saying that the cert does require the certificate (just can't find the link). Maybe I misunderstood something :)

Thanks madshi, I'll give a try :)