Windows 7 - Install Drivers With No Certifcate

Discussion in 'Windows 7' started by Omicron16, Sep 15, 2018.

  1. Omicron16

    Omicron16 MDL Novice

    Jul 1, 2016
    23
    12
    0
    I am attempting to get Windows 10's NVMe and xHCI drivers "working" on Windows 7. Why? Because the KB for Windows 7's NVMe drivers apparently is an incomplete implementation and writes directly to the NAND, and there are limited sets of xHCI drivers available for 7 (so newer Intel chipsets, like Cannonlake, do not have USB drivers working at all.)

    Windows 10 provides a generic set of NVMe and xHCI drivers which provide compatible interfaces for all compliant devices, they are named "stornvme.inf" and "stornvme.sys" for the NVMe drivers, as well as "usbxhci.inf" and "USBXHCI.SYS" for the xHCI drivers (from LTSB 2015.)

    However, these are "in box" drivers, and thus the .inf files do not specify a .cat to go with them. As a result, these are not signed by anyone and will not install regardless of any setting. No modifications to BCDEdit, nor the Group Policy works.

    Without resorting to the fairly complex process of signing these drivers myself, and somehow trying to import the certificate into boot.wim/install.wim, is there any other circumvent this idiotic Code 52 driver "not signed" enforcement?
     
  2. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,575
    15,645
    270
    It wasn't "still" up as @Joe C said before. By the time he posted I checked the site too and was down... end of off-topic.
     
  4. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Omicron16

    Omicron16 MDL Novice

    Jul 1, 2016
    23
    12
    0
    Almost, but not quite - even Fernando will admit this. Look at the last few pages of that thread.

    There is no Intel provided xHCI driver for USB 3.1 on the Cannonlake PCH boards (H370, upcoming Z390.) It does not sound like the code is present in the .sys file at all, so no amount of driver modding will make this work. Intel will have to release an updated driver themselves for this to happen, and they do not appear to be wanting to.

    One way around this is to somehow make the native Windows 8.1 or 10 xHCI USB driver work on Windows 7, this would futureproof it for some time as this native generic xHCI driver will work on *all* compliant xHCI controllers and hubs. Technically, you could "self sign" the Windows 10 xHCI driver, import the certificate, and then enable test signing (with that ugly warning on the screen,) but I am wondering if there is any mechanism to just totally shut off the need for "signed drivers" at all.

    Apparently Windows 7 32 bit allows you to do this for legacy driver reasons, I'm just wondering if 64 bit has a similar mechanism.

    EDIT: Here is a thread on here that actually details part of the issue: https://forums.mydigitallife.net/threads/coffee-lake-with-w7-usb-ahci-mei-drivers-s-tstorm.76914/
     
  6. shhnedo

    shhnedo MDL Expert

    Mar 20, 2011
    1,662
    2,217
    60
    Fernando doesn't mod the driver itself(.sys file) at all. All he does is mod the .inf files, adding the "missing" dev_ids.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Omicron16

    Omicron16 MDL Novice

    Jul 1, 2016
    23
    12
    0
    Yeah... he still refers to these as "mod drivers" on the front page. It's the same procedure you do for adding the HD630 ID in the .inf for Windows 7 to use the Kaby Lake iGPU.

    That's my point, you cannot "mod" a driver to add in support for an unknown device (such as the Cannonlake USB platform,) you'd need to have the compiled code available in the .sys file. Right now, as mentioned, no amount of "modding" will get Cannonlake USB working for Windows 7 as the code isn't available at all in the driver (so you cannot mod and add it in the .inf.)

    That's where getting a generic xHCI driver is important (and as per the original topic of this thread, maybe a way to completely disable signature enforcement so that you don't need a certificate at all.

    Fernando is going to sign a generic Windows 8.1/10 xHCI driver for Windows 7 (and I'll see if it can even work at all.) If not, this thread is moot.
     
  8. Omicron16

    Omicron16 MDL Novice

    Jul 1, 2016
    23
    12
    0
    Thought I would update this for those who encountered the same issue.

    Turns out Windows 7 does let you completely disable the driver signing requirement, not via BCDEDIT flags, but just the standard F8 startup option (lets you install anything regardless of it being signed correctly, signed incorrectly, or not signed at all.) This seems to be required every startup though. This method actually works, opposed to any "in os" configuration I tried.

    However, none of the generic Microsoft xHCI drivers (or USB3 hub drivers) work in Windows 7 due to actual code comparability (varying "driver startup error" issues.) This includes any Windows 10, 8.1, or 8 build of the generic drivers, including the ones from the 6.1.7850.0 Beta. Still was worth a shot I guess.