Tag Archives: x64

Test-Signing Drivers

Posted on by
Reply

Previously, I wrote about how not having signed drivers can be quite a pain on a 64-bit Windows system. I remedied that and made it less of a pain today.

Microsoft provides a set of tools in it’s Windows Driver Kit for the test-signing of drivers to be used for development purposes. What this means in simple terms is that it provides a way for the self-signing of drivers, and thus, getting the system to accept it as though it were digital signed by MS. This would avoid having to disable driver signature enforcement on start-up each time.

To begin with, download the Windows Driver Kit, and install the build environment and tools. Once that is done, launch the x64 Free Build Environment shortcut from the shortcuts created in the start menu with administrative rights. In my case, I made a folder consisting of my extracted raid drivers which look like this:

rr174x.cat
rr174x.inf
rr174x.sys

Now, to create the test certificate, we run the following:

makecert -r - pe -ss PrivateCertStore -n CN=mythokia.net(Test) TestCert.cer

Where mythokia.net(Test) can be replaced by any name. ‘Suceeded’ would be echoed upon successful execution of the above. That being done, we proceed to install the certificate on the machine as a Trusted Root Certificate Authority and Trusted Publishers so that items signed by this particular certificate would be recognized.

certmgr /add TestCert.cer /s /r localMachine root
certmgr /add TestCert.cer /s /r localMachine trustedpublisher

‘CertMgr Succeeded’ should be echoed for each. Now to sign the drivers with our certificate. This can be done either by signing the catalog file (one with the .cat extension), and/or the embedding the signature directly into the binary. From Microsoft’s explanation, drivers loaded at boot time are required to have their signatures embedded in the driver’s binary file itself. Unsure if signing just the binary is sufficient, I went ahead and did both.

signtool sign /v /s PrivateCertStore /n mythokia.net(Test) /t http://timestamp.verisign.com/scripts/timestamp.dll rr174x.cat
signtool sign /v /s PrivateCertStore /n mythokia.net(Test) /t http://timestamp.verisign.com/scripts/timestamp.dll rr174x.sys

Watch the output to see if both were successful. We’re almost ready to install the driver now, but one last twist. The bootloader has to be configured to allow for the running of test drivers. We issue this:

bcdedit -set TestSigning on

This adds an unobtrusive watermark to the bottom right of the screen that says ‘Test Mode’ that I can live with. Besides, I run my server headless anyway, except for the occasion RDP into it.

Now all that is done, we can finally install our self-signed driver like you would a normal driver. No more manually disabling the enforcement of digitally signed drivers every boot up.

Once again, these steps are detailed, and a lot more thoroughly so on MSDN, but here’s the rough guide to the self-signing of drivers for use on Windows x64 systems. I can finally remove that keyboard from my server.

Win 2008 R2 and signed drivers

Posted on by
1

After replacing yet another failed disk in my raid array this weekend, I replaced the Windows Vista installation on it with Windows Server 2008 R2, released last week.

I overlooked one important factor before installing Server 2008 R2 on it – I did not have signed drivers for my HighPoint 1740 raid controller. I had assumed, and wrongly so, that the drivers which had worked on Vista x64 would continue to do so in Server 2008 R2 (Win 2008 R2 is only available in x64 flavors), which is only partially the case.

On all x64 versions of Windows, drivers have to be digitally signed. I guess the logic behind this is for reasons and stability and compatibility. You could however, still force an install of a non-signed driver. The result however, could be some annoyance.

Afte the installation of the raid drivers, Windows refused to start and instead, booted into a recovery state. It was only then that I discover that although most drivers that worked under Vista/Server 2008 will work on Windows 7/Server 2008 R2, the signature is only valid for the particular version of the operating system they’re signed for.

To get around this, driver signature enforcement would have be disabled at each start up. The way this is done is to hit F5 right after the BIOS POST screen and before Windows start, and then hit F8 to bring up the advance options, and select disable driver signature enforcement. Troublesome.

There is yet another alternative, which I have not explored. The Windows Driver Kit provides a way to self-sign drivers for testing purposes. The MSDN article on how to go about doing this is here. I’ll have to look into it when I more time at my disposal.

The Path to x64

Posted on by
Reply

RAM prices are dirt cheap, and with the amount of work I’m doing on virtual machines lately, it would be silly to not get another stick of 2 GB to my existing 2 GB.

2 + 2 might make 5 if you were in the world of Big Brother, but in the 32-bit world, 2 + 2 is somewhere in the range of 3 ~ 3.5 GB. 32-bit systems are not always able to address up to the full 4 GB of available physical memory, the reason is a bit complicated and has to do with virtual addressing limits. I’ll save myself from rehashing what others have written on the topic and refer you to the excellent article here.

The transition from 32-bits to 64-bits was smoother than I expected. First of all, I’m running on an OEM version of Windows Vista Business 32-bit, and I needed a 64-bit copy of Windows. Luckily obtaining the installation media wasn’t an issue for me as I had a copy of Windows Ultimate lying around, which I won from a Microsoft talk last year. I admit I was a reluctant to open the shrink wrap at first, but I desperately needed the media.

It is worthwhile to note that serial keys for Windows Vista are tied to the edition (Home Premium, Business, Ultimate etc) but not to the bitness (32-bit or 64-bit). Therefore, using my old Business edition serial was perfectly fine and I can save my Ultimate edition license for another day.

There is no difference in the installation process between the two bitness. The only difference, and deal breaker for many is that 64-bit Vista requires 64-bit drivers, and the drivers have to be digitally signed. The only two drivers that I have trouble with were Sony Ericsson’s PC Suit, which was required to sync my phone and Adobe’s PDF printer. It seems that I’m out of luck for the former, but the latter got addressed with a patch.

The only issue I had was with poorly written applications which hardcode their installation paths. In Windows x64, program space is separated depending on if they’re 32 or 64 bit (with a few naming oddities I must say, but they’re all preserved for compatibility reasons). However, SOE’s launchpad absolutely insists on writing to C:\Program Files\Sony\Station\LaunchPad despite the fact that 32-bit applications are suppposed to be redirected to C:\Program Files (x86). The problem exists with only the launchpad itself though, it is able to patch EQ2 in its correct C:\Program Files (x86) path.

The other problem I have was with 64-bit Java; it didn’t provide a plugin for 32-bit Firefox. There exists a way to work around this on Linux, but as far as my Google skills go, I couldn’t find a solution on Windows. Therefore, I went back to 32-bit Java.

With a full 4 GB of addressable memory, there certainly has been some changes to my workflow. I’m gradually becoming a huge fan of keeping my system clean and moving my work onto virtual machines. I might be a terribly messy person in real life, but I almost have a certain OCD when it comes to organizing my system. I’d almost do all my work exclusively inside virtual machines if not for the fact that I’m a gamer, and that virtualized 3D hardware acceleration isn’t quite here yet, but it will be one day. Guaranteed its not much and it’ll take another year or two, or even longer, before the technology matures, but VMWare Fusion already has experimental Direct X 9 support, and its the road that we’re going to take.

There’s still a vacuum as far as 64-bit software is concerned. Let’s face it, there’s not that many applications that would benefit from a 32-bit to 64-bit transition. WoW64 does its job of running 32-bit applications on Windows x64 just fine without any performance degradation, despite all the rumors that fly around.