内核模式代码签名 [英] Kernel mode code signing
问题描述
我做了一个驱动程序,现在需要签名。它以内核模式运行。
I made a driver, and now I need to sign it. It runs in kernel mode.
从我在Microsoft的内核模式代码签名演练,我必须从商业 CA 。他们说要看最后,然后按照此链接可以从中购买该证书的CA列表。我发现链接非常混乱,因为我无法确切地知道我需要购买的什么证书。我需要对驱动程序进行签名,以便将其安装在64位Windows系统上。直接链接将非常受欢迎(我想从GlobalSign购买)。
From what I've read in Microsoft's Kernel Mode Code Signing Walkthrough, I have to buy a software publisher certificate from a commercial CA. In that document, they say to look at the end, and follow this link for a list of CAs from which I can buy that certificate. I find the link very confusing somehow because I can't figure out exactly what certificate I need to buy. I need to sign the driver so that it will install on 64-bit Windows systems. A direct link would be very welcome (I would like to buy it from GlobalSign).
它是来自此处?
推荐答案
前段时间,我在Microsoft Drivers Developers论坛中提出了类似的问题。这就是他们的答案:
I asked a similar question in Microsoft Drivers Developers Forum some time ago. This is their answer:
您需要让您的公司从GlobalSign或VeriSign获得代码签名证书(该链接中列出的其他证书)不再提供)。 GlobalSign便宜一些,但是Verisign的优势是,如果您的公司感兴趣,可以使用WHQL。这些都不便宜,Verisign证书的价格为每年499美元。拥有
证书后,就可以使用它代替测试证书来对驱动程序进行签名。
You need to have your company get a code signing certificate from either GlobalSign or VeriSign (the others listed in that link are no longer offered). GlobalSign is cheaper, but Verisign has the advantage of providing access to WHQL if that is of interest to your firm. These are not cheap, the Verisign certificate costs $499 per year. Once you have the cert you can use it instead of the test cert to sign the driver.
您的链接包含此内容支持的平台中的信息:通过Authenticode(32位和64位.exe,对Windows ActiveX 控件进行数字签名), .ocx,.dll或其他)和Windows内核软件。兼容Windows 7。
Your link contains this information in Supported Platforms: Digitally sign Windows ActiveX controls via Authenticode (32 bit and 64 bit .exe, .ocx, .dll or other) and kernel software for Windows. Windows 7 compatible.
看起来您来对地方了。
准确地说:还没有使用过代码认证,我才学到了。建议您在osronline或Microsoft驱动程序开发人员论坛中验证此答案。
Just to be precise: I have not used the code certification yet, I just learned it. I recommend you to verify this answer in osronline or Microsoft Drivers Developers Forum.
这篇关于内核模式代码签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
