dpinst / DifX won't install signed driver silently

我们两清 提交于 2019-12-30 03:24:04

问题


When installing a signed driver (i.e. with a properly signed .CAB) on Windows 7 through DpInst, unless it's a WHQL-signed driver, you cannot install it silently. If you run DpInst in the non-silent mode, it'll prompt you to trust the "publisher". If you run DpInst in silent mode, it would fail with a signing-related error code (something like 0x800b0109 -- check your setupapi.app.log).


回答1:


While ilya's answer is good, the solution on Windows 7 is even easier. The command below deploys the certificate to both the current user and the system trusted publisher certificate stores. It requires administrative privileges and is provided by Microsoft.

For Windows 7

certutil.exe -addstore TrustedPublisher cert.cer

I verified that this works on Windows 7 64-bit to deploy signed, but not WHQL-certified, drivers - without prompting the user.

Windows XP

WHQL Certification

It appears that on XP you still need to have the drivers WHQL-certified in order to avoid prompts on install.

Pre-Installing SPC on Windows XP

For Windows XP you'll need to download the Windows Server 2003 Admin Tools Pack from Microsoft and extract certutil.exe and certadm.dll. Then the command above will work on XP as well.

Admin Tools Pack: http://www.microsoft.com/download/en/details.aspx?DisplayLang=en&id=16770

Note that the extracted msi file can be inspected by 7-zip, so you don't need to install it to obtain the exe and dll you need.




回答2:


The straightforward way to do it is to add the signing certificate to the TrustedPublishers. You can do it programatically (the implementation of win32exception is left as an exercise to the reader):

#include <windows.h>
#include <wincrypt.h>
#include "win32exception.h"

void InstallTrustedPublisherCertificate(LPCTSTR CertificateFilePath)
{
    DWORD dwContentType;
    PCCERT_CONTEXT pCertContext = NULL;
    if (!CryptQueryObject(
            CERT_QUERY_OBJECT_FILE,
            CertificateFilePath,
            CERT_QUERY_CONTENT_FLAG_ALL,
            CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            NULL,
            &dwContentType,
            NULL,
            NULL,
            NULL,
            (const void **)&pCertContext))
            throw win32exception("CryptQueryObject");

    if (dwContentType != CERT_QUERY_CONTENT_CERT)
        throw exception("Incorrect content type of crypto object.");

    __try
    {
        HCERTSTORE hCertStore = CertOpenStore(
            CERT_STORE_PROV_SYSTEM,
            0,
            0,
            CERT_STORE_OPEN_EXISTING_FLAG |
            CERT_SYSTEM_STORE_CURRENT_USER,
            _T("TrustedPublisher"));
        if (hCertStore == NULL)
            throw win32exception("CertOpenStore");

        __try
        {
            if (CertAddCertificateContextToStore(hCertStore, pCertContext, CERT_STORE_ADD_NEWER, NULL))
            {
                // Added certificate to TrustedPublisher store.
            }
            else
            {
                DWORD err = GetLastError();
                if (err == CRYPT_E_EXISTS)
                {
                    // Certificate already exists in TrustedPublisher store.
                }
                else
                    throw win32exception("CertAddCertificateContextToStore", err);
            }
        }
        __finally
        {
            CertCloseStore (hCertStore, 0);
        }
    }
    __finally
    {
        CertFreeCertificateContext(pCertContext);
    }
}



回答3:


And the question is? If the driver is not WHQL-certified, it can't be installed silently. This is a security measure of Windows.




回答4:


The Drivers have to go through WHQL Certification to avoid any kind of un-signed pop-ups.

If you are looking for any third-party WHQLTesting Service providers let us know, we would be happy to help you in this regards.



来源:https://stackoverflow.com/questions/4513666/dpinst-difx-wont-install-signed-driver-silently

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!