This article describes how to insert test-signed drivers into an offline image of Windows Server 2008 or Windows Vista.
Note The information in this article applies only to the x64-based and x86-based versions of Windows Server 2008 and Windows Vista.
Back to the top
For more information about how to obtain driver test signatures, click the following article number to view the article in the Microsoft Knowledge Base:
330315 (http://support.microsoft.com/kb/330315/)
How to obtain driver test signatures
Back to the top
How to insert test-signed drivers into an offline image
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Step 1: Export the registry entries that correspond to a test certificate
To export the registry entries that correspond to a test certificate, follow these steps:
| a. | Install the test certificate. To do this, double-click the certificate package, and then click Install Certificate when the Certificate Manager tool opens. This step installs the certificate for the currently logged on user. By default, the certificate is installed to the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates |
| b. | Start Registry Editor, and then locate the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates |
| c. | Examine the registry entries that are listed under the SystemCertificates\CA\Certificates subkey to locate the hash value. Locate the hash value that matches the thumbprint string that appears on the Details tab of the Properties dialog box for the test certificate. |
| d. | Click the matching registry entries, and then click Export on the File menu. The exported .reg file contains a binary large object (BLOB). This is the certificate data. |
Step 2: Edit the exported test certificate .reg file
Use a program such as Notepad to edit the exported .reg file so that it can be imported to the offline target system. The certificate must be installed as a localMachine certificate under the Root registry key so that Plug and Play can validate the driver signature.
To do this, follow these steps:
| a. | Open the exported .reg file in Notepad. |
| b. | Locate the following text:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\ |
| c. | Edit the text so that it resembles the following:
HKEY_LOCAL_MACHINE\TEMPHIVE\Microsoft\SystemCertificates\Root\Certificates\ Notes| • | TEMPHIVE is the temporary location to which you will load the offline SOFTWARE hive. | | • | Do not alter the binary large object data. This will invalidate the certificate. |
|
Step 3: Test sign the drivers
Test sign the drivers by using the procedure that is described in the
Kernel-Mode Code Signing Walkthrough white paper.
To see this white paper, visit the following Microsoft Web site:
Step 4: Install Windows, and then insert the test-signed drivers and the test certificate
| a. | Restart the destination computer by using Windows Preinstallation Environment (Windows PE). |
| b. | Copy the test-signed drivers to the $WinPEDriver$ folder in the root of a drive, such as drive C or a USB flash disk drive. |
| c. | Run the Setup program by using the /noreboot option. For example, type Setup /noreboot, and then press ENTER. This command prevents the Setup program from restarting the computer while you finish inserting the drivers and the test certificate. At this point, the Windows image that has been applied by the Setup program is an offline Windows image. |
| d. | After the Setup program is finished, load the software registry hive of the offline Windows image by using Registry Editor.
To do this, follow these steps:
| 1. | Start Registry Editor, click HKEY_LOCAL_MACHINE, and then click Load hive on the File menu. | | 2. | Open the C:\Windows\System32\Config folder, click SOFTWARE, and then click Open. | | 3. | In the Key Name box, type TEMPHIVE, and then click OK. | | 4. | On the File menu, click Import, locate the registry files that you created for the test certificates, and then click Open. This step imports the registry files to the SOFTWARE registry hive of the offline Windows image. | | 5. | Click HKEY_LOCAL_MACHINE\TEMPHIVE. | | 6. | On the File menu, click Unload Hive to commit the changes, and then click Yes. | | 7. | Exit Registry Editor. |
|
| e. | Modify the Boot Configuration Store (bcd) store of the offline image to enable test signing. To do this, type the following command:
Bcdedit /store c:\boot\bcd /set {default} testsigning on |
| f. | Exit Windows PE to restart the computer and to finish the installation. |
Back to the top
Help and Support
