(if you’re a .NET developer, then you may want to skip this post… )
The last two modules of that course (should be published in a week or two if all goes well) deal with writing a software driver, meaning a driver that exists for the sole purpose of executing code in the all-powerful kernel mode.
One of the requirements of a driver for a 64 bit Windows system is to be signed – otherwise it would fail installation. This means getting a certificate from an official certificate vendor such as VeriSign.
Most of the time, however, you may want to test your driver on a 64 bit system without that official certificate (which also costs money); this is where test signing comes in. You can sign the driver with a self-signed certificate, which means it’s not trusted generally, but you can still use it for testing on a system configured for Test Signing. To enable test signing, open an administrative command prompt and use the following command:
bcdedit /set testsigning on
If the result is an error indicating the “Secure Boot” prevented this from working, which you may get on new systems running Windows 8 or later, you’ll have to disable secure boot in the BIOS, and then enter the command.
After the command is executed successfully, you have to restart the system for this to have an effect. The lower right corner of the desktop will have the string “Test Mode” with the Windows version of the machine.
To actually test-sign the driver, open the driver project properties (assuming you’re using Visual Studio 2012 or 2013 with the Windows Driver Kit 8 or 8.1 installed), open the “Driver Signing” node, select “Test Sign” and just generate a certificate on the fly with the dropdown box:
And that’s it.
By the way, it is possible to enable test signing using “PC Settings” –> “Update and Recovery”, etc. but this only sticks for the one session – it’s not persisted across boots.
I plan on writing some more posts on driver development in the near future (for those interested).