[PATCH 2/4] wintrust: Assign the file open mode directly instead of treating it as a bitmask.
Zebediah Figura
z.figura12 at gmail.com
Mon Sep 7 23:28:33 CDT 2020
On 9/7/20 11:13 PM, Zebediah Figura wrote:
> This is a set of four patches I wrote in the process of trying to make it
> possible for our tests to install and run PnP drivers. Some context on that
> follows:
>
> Normally 64-bit Windows prevents unsigned drivers from being installed. This
> requirement can be overridden temporarily in boot options, but supposedly not
> for PnP drivers (though I haven't tested this).
>
> It requires a lot of code, but it is actually possible to generate a catalog
> file, sign it with a self-signed certificate, add that certificate to the
> trusted publisher and root stores, and thereby install a test driver without
> prompting any dialog boxes. The basic process is described in more detail by
> Microsoft here:
>
> https://docs.microsoft.com/en-us/windows-hardware/drivers/install/introduction-to-test-signing
>
> It's harder for us, of course, because we don't really have access to those
> tools; instead we have to reverse-engineer them and replicate them in C code.
> Fortunately I already have a working test that is able to at least call
> SetupCopyOEMInf() successfully; hopefully actual driver code won't present any
> additional difficulty...
One of the caveats I forgot to mention is that the target machine still
(apparently?) has to be configured to allow test-signing. Fortunately,
that configuration is relatively easy to do, can be done from the
command line, and persists across reboots. Specifically, one must run
"bcdedit -set testsigning on".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20200907/b23cc08e/attachment.sig>
More information about the wine-devel
mailing list