Microsoft KB Archive/941200

= How to insert test-signed drivers into an offline image of x64-based and x86-based versions of Windows Server 2008 or Windows Vista =

Article ID: 941200

Article Last Modified on 11/26/2007

-

APPLIES TO


 * Microsoft Windows Server &quot;Longhorn&quot; Beta 2
 * Windows Vista Home Basic 64-bit Edition
 * Windows Vista Home Premium 64-bit Edition
 * Windows Vista Business 64-bit Edition
 * Windows Vista Enterprise 64-bit Edition
 * Windows Vista Ultimate 64-bit Edition
 * Windows Vista Starter
 * Windows Vista Home Basic
 * Windows Vista Home Premium
 * Windows Vista Business
 * Windows Vista Enterprise
 * Windows Vista Ultimate

-





Beta Information
This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location where you downloaded the release.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista



INTRODUCTION
This article describes how to insert test-signed drivers into an offline image of Windows Server 2008 or Windows Vista.

Note The information in this article applies only to the x64-based and x86-based versions of Windows Server 2008 and Windows Vista.



MORE INFORMATION
For more information about how to obtain driver test signatures, click the following article number to view the article in the Microsoft Knowledge Base:

330315 How to obtain driver test signatures

How to insert test-signed drivers into an offline image
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Step 1: Export the registry entries that correspond to a test certificate
To export the registry entries that correspond to a test certificate, follow these steps:  Install the test certificate. To do this, double-click the certificate package, and then click Install Certificate when the Certificate Manager tool opens. This step installs the certificate for the currently logged on user. By default, the certificate is installed to the following registry subkey:

 Start Registry Editor, and then locate the following registry subkey:

 Examine the registry entries that are listed under the  subkey to locate the hash value. Locate the hash value that matches the thumbprint string that appears on the Details tab of the Properties dialog box for the test certificate. Click the matching registry entries, and then click Export on the File menu. The exported .reg file contains a binary large object (BLOB). This is the certificate data.

Step 2: Edit the exported test certificate .reg file
Use a program such as Notepad to edit the exported .reg file so that it can be imported to the offline target system. The certificate must be installed as a localMachine certificate under the Root registry key so that Plug and Play can validate the driver signature.

To do this, follow these steps:  Open the exported .reg file in Notepad.</li> Locate the following text:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\

</li> Edit the text so that it resembles the following:

HKEY_LOCAL_MACHINE\ \Microsoft\SystemCertificates\Root\Certificates\

Notes <ul>  is the temporary location to which you will load the offline SOFTWARE hive.</li> Do not alter the binary large object data. This will invalidate the certificate.</li></ul> </li></ol>

Step 3: Test sign the drivers
Test sign the drivers by using the procedure that is described in the Kernel-Mode Code Signing Walkthrough white paper. To see this white paper, visit the following Microsoft Web site:

http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx

Step 4: Install Windows, and then insert the test-signed drivers and the test certificate
 Restart the destination computer by using Windows Preinstallation Environment (Windows PE).</li> Copy the test-signed drivers to the $WinPEDriver$ folder in the root of a drive, such as drive C or a USB flash disk drive.</li> Run the Setup program by using the /noreboot option. For example, type Setup /noreboot, and then press ENTER. This command prevents the Setup program from restarting the computer while you finish inserting the drivers and the test certificate. At this point, the Windows image that has been applied by the Setup program is an offline Windows image.</li> After the Setup program is finished, load the software registry hive of the offline Windows image by using Registry Editor. To do this, follow these steps:  Start Registry Editor, click HKEY_LOCAL_MACHINE, and then click Load hive on the File menu.</li> Open the C:\Windows\System32\Config folder, click SOFTWARE, and then click Open.</li> In the Key Name box, type, and then click OK.</li> On the File menu, click Import, locate the registry files that you created for the test certificates, and then click Open. This step imports the registry files to the SOFTWARE registry hive of the offline Windows image.</li> Click HKEY_LOCAL_MACHINE\TEMPHIVE.</li> On the File menu, click Unload Hive to commit the changes, and then click Yes.</li> <li>Exit Registry Editor.</li></ol> </li> <li>Modify the Boot Configuration Store (bcd) store of the offline image to enable test signing. To do this, type the following command:

Bcdedit /store c:\boot\bcd /set {default} testsigning on

</li> <li>Exit Windows PE to restart the computer and to finish the installation.</li></ol>

Keywords: kbhowto kbinfo kbexpertiseinter kbexpertisebeginner KB941200

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.