windows 8/server 2012 unsigned driver hell no more.

So I have this nice new computer that I built with a asus p9x79 motherboard. I wanted it to become a 2012 server for some stuff. After loading the OS I found out that the nic is “incompatible” seeing intel thinks that its a desktop board and should not be used in a server. I went looking though the inf file and found out that it was ignoring the hardware id’s.

[ControlFlags]
ExcludeFromSelect = \
PCI\VEN_8086&DEV_1502,\
PCI\VEN_8086&DEV_1503

Well this sucks…. lets fix it.

I then removed the exludefromselect and the two lines fallowing it.

went to install the modified driver and ended up with image

well at least I know its ok :). Now lets fix the catalog’s hash.

A hunt on google told me I needed inf2cat so lets download it here.

inf2cat /driver:”C:\Driver” /os:8_X64

My new catalog was created :).
went and tried installing my new driver once again and Damm :(… digital signature is missing wtf???? how the hell am I going to fix that I thought.

A little more searching found out we can make a self signed cert and attach it to a driver “he he”…. nice try Microsoft…..

So lets get this sucker signed. download here

makecert -r -n "CN=Intelnic" -pe -ss MyCertStore -sr LocalMachine

Now I needed to export this cert with its private key so we can import it into “Trusted Root CAs” and “Trusted Publishers” on my local machine I was creating the driver and also on the target machine I wanted to install my driver at :).

Now that we have it imported lets sign this sucker.
signtool sign /s MyCertStore /n "Intelnic" /t http://timestamp.verisign.com/scripts/timestamp.dll "C:\Driver\e1c63x64.cat"

Went back to my server installed the cert int trusted root cas and trusted publishers hey look my nic now works :).

it works

Thanks Microsoft for making a “secure” os that has to have drivers that are signed … but wait…. I just made it my self o well there went that idea….

4 thoughts on “windows 8/server 2012 unsigned driver hell no more.

  1. And so what? You can you your own certificate on you own computer as you want. You can’t install kernel driver with that procedure, they need to be cross signed with certificates from MS. A test certificate like yours can’t be cross signed, so there is no security problem as you think.

  2. First of All thanks for this nice tutorial.
    you solve my headache. We are in process of migration our setup to 2012 where we have many old printers in Our Branches.

    the below command was not working for me

    makecert -r -n -pe “CN=Intelnic” -ss MyCertStore -sr LocalMachine

    after breaking my head over this for half day, i found that

    makecert -r -pe –n “CN=Intelnic” -ss MyCertStore -sr LocalMachine worked for me.

    MY Platform was Server 2012 ,Windows Driver Kit 8.0, Windows SDk 7.1.

    Thanks

  3. Thanks! Awesome. I successfully install initially unsigned Xerox printer driver on W2012R2.
    But, yes, mistake in syntax of command

    Correct:
    makecert -r -n “CN=Intelnic” -pe -ss MyCertStore -sr LocalMachine

Leave a Reply

Your email address will not be published. Required fields are marked *