1

Topic: The same eggs with the driver signature, a side view

I understand with a situation reminding recently considered Author: CaptainFlint Date: 25.01 18:04, but on the contrary: driver installation process transits, as it is necessary - it is offered now or to trust always to a source, setting is completed successfully, but the kernel refuses to load the driver, exposing an error 52. There is it in  from   Win7 SP1 x64 on which automatic updates were not put. In the eights/tens the driver boots. The certificate from DigiCert with SHA-256, but the driver is signed with SHA-1. What the certificate with SHA-256, demands presence of appropriate support in Win7? Demonstrativly that "signtool verify/a/v" always produces in the end: Number of errors: 1 SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. But does not specify in the certificate which is not pleasant to it. In accuracy it produces the same under the eights/tens where the driver boots - means, the glitch with check takes place. "signtool verify/kp" always and everywhere produces "Successfully verified". DigiCert Certificate Utility too shows green ticks. It seems that the problem arises because of difference of algorithms of check of the signature in user-mode and in kernel-mode. In what certificates it is necessary to deliver a question in Computer Account / Local Computer that check in kernel-mode earned. Or, if certificates  in a kernel - what - update to deliver. Included autoupdate - offers updates on ones and a half . The traffic is restricted (mobile connection), and precisely I remember that before filched an old computer, this  (in its fresher state) with such signature loaded drivers, and autoupdates I in it never resolved. That is, put something manually, and I do not remember, that it demanded some noticeable fuss.

2

Re: The same eggs with the driver signature, a side view

However, update KB3033929 (support SHA-2) which delivered a kernel 6.1.7601.18741 helped. Now it is not clear, why in user-mode the system without updates coped with check of a chain of certificates with SHA-2, and in kernel-mode - is not present.