No, they are not binded by the public key only. The Windows Marker is signed by the private key that matches the public key in SLIC. So, Windows Marker depends of Public Key which needs to match the certificate. They are all interconnected. Therefore, new SLICs means new certificates.
What I wanted to say is that one cert. can match to different SLICs. The SLICs got the same public key data, but got different marker data. Lenovo SLICs are an accordingly example therefore. If you check the Lenovo SLIC and cert. collection you'll notice that all the certificates are the same. Can you explain that fact?
They look like different SLICs (different binary data) but they are actually the same license. Let's see if I can explain myself a little better: What makes a SLIC unique is the private/public key pair that is first generated by the OEM. The OEM sends the public key + its own OEMID to Microsoft, in order to be signed. This becomes the OEM certificate, which is basically a way to recognize that the private/public key pair + OEMID is a valid Microsoft license. The Windows Marker is also a digital certificate that is generated by taking into account the OEMID + OEMTableID. It is signed by the OEM (not Microsoft) by using the private key that matches the public key. In the Lenovo example, they all have the same OEMID and private/public key pair, but have different OEMTableID. This explains why the generated Windows Marker is different. But they are still the same license (SLIC), since they are all using the same private/public key pair + OEMID, that was approved/signed by Microsoft. That's why they have the same certificate. So, as you can see, new SLIC means new private/public key pair, which means new certificate.
Thanks very much, that's interesting! So the OEMtableID and the marker part is up to the OEM itself. They can create different OEMtableIDs what means it results to different maker data (binary), remaining the private/public key pair + OEMID (same public key binary data) The question I'm still interested in: Could it be possible that the OEM sends the public key + its own OEMID to Microsoft, in order to be signed for both win7 and Vista? If yes that would mean new certs, new SLICs, but a possibility to downgrade using same cert. Also it would mean to 'upgrade' using a new modified bios and the same certificate. The fact that you have to use a new SLIC at any case makes me believe that it doesn't matter if the new SLICs will activate win7 only or Vista as well. The effort to 'make win7 activated' would be exactly the same. You'll need a new SLIC and a new cert. The only difference is a bonus to activate Vista as well..... ....we know that if you insert two SLICs into a bios, Vista refuses to activate..... This question is meant in a technical aspect not in a 'political'.
hey guys sorry for having such a late respong, i was away from a computer due to some vacation, but im back. i will say this right now, i still have not updated my Vista to SP2, i was lookin at the new Vistaloader but they are so much different than the one i have. I have Vistaloader 2.1.2 but is looks different, is a batch, so i can right click it run it as administrator and it will run as if i was runnin CMD and it will install until my harddrive and load first before Vista, but with the new versions, it does not allow me to do it such way and it does not work that way for me
Hi, Yen! Yes, it's possible to use new Windows 7 certificate on both Windows Vista and Windows Server 2008. Only one limitation has place to be: the Vista must have at least SP1 installed. The marker itself remains the same for all three versions of operating systems, but "old branded" markers can not be used in Windows 7 / Windows Server 2008 R2, you should get the new one.
Hi, Crypto! The SLIC table itself consists of two parts. The first one is the Public Key (0x9C bytes). The second one is the Marker (0xB6 bytes). Windows 7 and Windows Server 2008 R2 require a different Marker binary format (the OA version 2.1). Windows Vista SP1+ and Windows Server 2008 accept both Marker formats (OA version 2.0 and OA version 2.1). As far as I see the difference is only in version footprint (words at offsets 0x22 and 0x24 in the Marker file). The marker that has been pulished by Yen is OA 2.1 capable. So it could be used in all Windows 7, Windows Vista SP1+ and Windows Server 2008 / 2008R2 operating systems. Only the problem is in the proper certificate file and right serial number for the OS. As for Vista SP1 limitation for the OA 2.1, I did not tested it by myself and I believe to Microsoft opinion in this question.
OEMID is the same. RSA1 public key on your screenshot is the same. Thus i don't see why there should be a new certificate. The only difference is in marker - two bytes in 20 empty bytes after "WINDOWS " are changed to 01h and 02h. Of course signature in this marker is unique. Someone just has to overcome their lazyness, type in this new SLIC in hex editor and test it on some loader or bootmgr or WoW with Vista SP2... Edited: made LENOVOTC-5M SLIC, works like a charm with Lenovo cert on Vista SP2 (tested it within patched bootmgr from win7.build7127 on multiboot config). If the said two bytes in marker section reverse to 00 and 00, doesn't work. My conclusion - signed area in marker includes also 20 bytes after "WINDOWS ".
Yes, you can't change the Windows Marker, otherwise the data won't match the digital signature. This is true for all SLICs, not just that one. I fail to see what is so special about that Windows Marker. It looks like any regular one, and it obviously uses the same public/private key pair as all other Lenovo SLICs. I think there's more to Win 7 OEM activation than just a simple Windows marker update.