none
Attestation signed driver doesn't load with Secure Boot enabled RRS feed

  • Question

  • I have a non-PnP driver that I'm loading (and using) from a user-space application just fine with Secure Boot disabled.  When I enable Secure Boot my StartService() call returns an error of 577 - ERROR_INVALID_IMAGE_HASH.  I figured that must mean I need to have it signed by Microsoft via the Attestation path.  I did that.  When I replace my .sys with the signed one (signed with my EV cert and Microsoft's) the StartService() call returns with an error of -2146762484 - CERT_E_REVOKED.

    Any idea what I'm doing wrong?
    Tuesday, October 16, 2018 3:53 PM