Old OSs signing and driver configuring issue

c++ / delphi package - dll injection and api hooking

Old OSs signing and driver configuring issue

Postby silvershield » Tue Aug 20, 2019 10:37 am

Could you please help us in such issue:
We use MadCodeHook for loading of 3 DLLs. It has to work on Windows from XP to Win 10.
For driver signing we use sha1 digital cert. But our sha1 cert will expire in a few days. So we will have to sign by sha256 soon and it will not work at XP and Vista.

Of course we can sign driver now, while sha1 cert is actual, but when we will change DLLs in a future, they will sign by sha256 cert. Will it work?

Are there any solutions for such issue? How can we change DLLs without having to reconfigure and sign the driver?

Or maybe there is some other solution to our problem?

Thank you in advance!
silvershield
 
Posts: 2
Joined: Tue Aug 20, 2019 10:34 am

Re: Old OSs signing and driver configuring issue

Postby madshi » Tue Aug 20, 2019 11:47 am

Please use either forum or email for support, but not both.

With GlobalSign, I recently bought (renewed) a SHA256 certificate, but I was able to reissue the same certificate as SHA1, as well, so I have both SHA1 and SHA256. For signing, I first sign with SHA1, and then add an SHA256 certificate on top. This seems to make both older and newer OSs happy.
madshi
Site Admin
 
Posts: 10033
Joined: Sun Mar 21, 2004 5:25 pm

Re: Old OSs signing and driver configuring issue

Postby silvershield » Mon Aug 26, 2019 9:48 am

Thank you!
silvershield
 
Posts: 2
Joined: Tue Aug 20, 2019 10:34 am

Re: Old OSs signing and driver configuring issue

Postby iconic » Mon Aug 26, 2019 7:52 pm

Another important piece of information to factor in. As of Windows 10 1607 all new versions of Windows you wish to support Secure Boot with will require an EV signed driver and also Microsoft's signature from the dashboard/dev portal. The portal is what actually enforces the EV certificate requirement, not the OS itself. Just keep this in mind if you intend to support Secure Boot.

Source:
https://techcommunity.microsoft.com/t5/ ... a-p/364894


--Iconic
iconic
Site Admin
 
Posts: 889
Joined: Wed Jun 08, 2005 5:08 am


Return to madCodeHook

Who is online

Users browsing this forum: Google [Bot] and 3 guests