Geek Answers Handbook

Dpinst / DifX will not install the signed driver silently

When installing a signed driver (i.e. with a properly signed .CAB) in Windows 7 via DpInst, if it is not a WHQL-signed driver, you cannot install it silently. If you run DpInst in unbalanced mode, you will be prompted to trust the "publisher". If you run DpInst in silent mode, it will fail with a signature error code (something like 0x800b0109 - check your setupapi.app.log).

+5
source share
4 answers

An easy way to do this is to add a signature certificate to TrustedPublishers. You can do this programmatically (the win32exception implementation is left as an exercise for the reader):

#include <windows.h>
#include <wincrypt.h>
#include "win32exception.h"

void InstallTrustedPublisherCertificate(LPCTSTR CertificateFilePath)
{
    DWORD dwContentType;
    PCCERT_CONTEXT pCertContext = NULL;
    if (!CryptQueryObject(
            CERT_QUERY_OBJECT_FILE,
            CertificateFilePath,
            CERT_QUERY_CONTENT_FLAG_ALL,
            CERT_QUERY_FORMAT_FLAG_ALL,
            0,
            NULL,
            &dwContentType,
            NULL,
            NULL,
            NULL,
            (const void **)&pCertContext))
            throw win32exception("CryptQueryObject");

    if (dwContentType != CERT_QUERY_CONTENT_CERT)
        throw exception("Incorrect content type of crypto object.");

    __try
    {
        HCERTSTORE hCertStore = CertOpenStore(
            CERT_STORE_PROV_SYSTEM,
            0,
            0,
            CERT_STORE_OPEN_EXISTING_FLAG |
            CERT_SYSTEM_STORE_CURRENT_USER,
            _T("TrustedPublisher"));
        if (hCertStore == NULL)
            throw win32exception("CertOpenStore");

        __try
        {
            if (CertAddCertificateContextToStore(hCertStore, pCertContext, CERT_STORE_ADD_NEWER, NULL))
            {
                // Added certificate to TrustedPublisher store.
            }
            else
            {
                DWORD err = GetLastError();
                if (err == CRYPT_E_EXISTS)
                {
                    // Certificate already exists in TrustedPublisher store.
                }
                else
                    throw win32exception("CertAddCertificateContextToStore", err);
            }
        }
        __finally
        {
            CertCloseStore (hCertStore, 0);
        }
    }
    __finally
    {
        CertFreeCertificateContext(pCertContext);
    }
}
+3
source

Although ilya's answer is good, the solution on Windows 7 is even simpler. The following command deploys a certificate for both the current user and the publisher’s system trusted certificate stores. It requires administrative privileges and is provided by Microsoft.

For windows 7

certutil.exe -addstore TrustedPublisher cert.cer

I verified that this works on a 64-bit version of Windows 7 to deploy signed, but not WHQL-certified drivers - without a user request.

Windows XP

WHQL Certification

It looks like on XP you still need to have WHQL drivers to avoid installation hints.

Preinstall SPC on Windows XP

Windows XP Windows Server 2003 Microsoft certutil.exe certadm.dll. XP.

: http://www.microsoft.com/download/en/details.aspx?DisplayLang=en&id=16770

, msi 7-zip, exe dll, .

+5

And the question is? If the driver is not WHQL certified, it cannot be installed silently. This is a Windows security measure.

+1
source

Drivers must be WHQL certified to avoid unsubscribed pop-ups.

If you are looking for third-party WHQLTesting service providers, let us know, we will be happy to help you in this regard.

0
source

More articles:


All Articles