I am trying to install self signed kernel driver on Windows 10 (10.0.18362) Here the steps I am following and the error I get. How to get around this? Thank you
c:\>makecert -r -pe -ss PrivateCertStore -n CN=Contoso.com(Test) -eku 1.3.6.1.5.5.7.3.3 ContosoTest.cer
c:\>certmgr /add ContosoTest.cer /s /r localMachine root
// now manually verified Cert Store, yes the Contoso test cert is there
c:\>Signtool sign /v /fd sha256 /s PrivateCertStore /n Contoso.com(Test) /t http://timestamp.digicert.com "C:\VC\TPriority\x64\TPriorityDriver.sys"
c:\>sc create "TPriority" binPath="c:/windows/system32/drivers/TPriorityDriver.sys" type=kernel
// now copied file TPriorityDriver.sys to "C\Windows\System32\drivers" path
c:\>sc start "TPriority"
[SC] StartService FAILED 577:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Reading Driver Signing makes me believe that self-signed certificates will not work for drivers, regardless of the certificate being installed in the root store. You may be able to disable certificate checking entirely for testing (I know that used to be possible, not sure if it still is) but I would not recommend that on anything but a throw-away VM or completely air-gapped hardware.