Thread: Patching in your own kernel signing certificate
View Single Post
  #1  
Old 09-25-2024, 17:51
Kerlingen Kerlingen is offline
VIP
  
Join Date: Feb 2011
Posts: 338
Rept. Given: 0
Rept. Rcvd 278 Times in 100 Posts
Thanks Given: 0
Thanks Rcvd at 358 Times in 110 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Quote:
I attached a kernel debugger to my VM and tried to load the driver with devcon
This is already the first mistake made in the article: As soon as a kernel debugger is attached, many of the kernel protection features are automatically disabled, including the kernel signature verification. Drivers do not even need a test signed certificate in this case, they will load even without any signature.

Quote:
manually added my root certificate to the trusted roots store the normal way
This is also total nonsense. The root certificates for kernel signing are hard-coded in the executable files, they are never read from the trusted roots store. The whole article seems to focus on removing certificate warnings in the GUI, a part which has absolutely nothing to do with the decision if a kernel driver is permitted to load or not.
Reply With Quote
The Following 3 Users Say Thank You to Kerlingen For This Useful Post:
SofTw0rm (09-25-2024), tame_mpeg (09-25-2024), tonyweb (09-29-2024)