Signing a Windows Kernel driver without using Microsoft

[DavidXanatos]

Ah yes... driver signing, a terrible mess really...
I was lucky with my projects that I fell with it into the time where leaked certs, aside of anti malware fools getting upset were working just fine. And by the time the restrictions were tied down I became able to get my drivers properly signed.


There are a few noteworthy things that I ran across which haven't yet been mentioned:
https://github.com/Mattiwatti/EfiGuard it is a bootkit that works with modern versions of windows, as long as you don't use the microsoft hypervisor, and allows you to toggle DSE on or off.
In combination with the https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk you can even have "secure boot" and load your own drivers at will. muhahahahah.....

here is a quite verbose write down of windows driver signign policy:
https://www.geoffchappell.com/notes/security/whqlsettings/index.htm?tx=40

As well as a semi supported way of using secure boot to sign your own drivers on your own pc:
https://www.geoffchappell.com/notes/windows/license/customkernelsigners.htm
only catch this is enabled only on Chinese governmental editions of windows 10
but that said there are hacks to get it working on any windows 10:
https://github.com/HyperSine/Windows10-CustomKernelSigners

Now the method of using a custom driver to keep the
HKEY_LOCAL_MACHINE\system\ControlSet001\Control\CI\Protected
"Licensed" value set to 1 is quite hacky and every time it fails you will need to manually hack the value from win PE, a custom loader which can parse and change the value in the SYSTEM hive on disk on each boot would be the best solution, but I haven't seen one yet.

Using a custom kernel signer really gives you the best combination of security and freedom, to bad MSFT want's only the Chinese government to have this.