com0com silent install (test signed com0com.sys shows up as signed in explorer but not in Device Manager)

Question

My goal is to have the com0com serial driver install without popping up the install wizard on both WinXP and Win2000.

I am working on WinXP x86. I have followed the test signing instructions for the com0com driver, replacing amd64 with i386 at line 60.

I have added my test certificate as both a root and trustedprovider using the following commands:

certmgr /add com0com.cer /r localMachine root
certmgr /add com0com.cer /r localMachine trustedprovider

And verified that it is listed under both locations.

I then run the newly built setup.exe. This installs the signed com0com.sys file into C:\WINDOWS\system32\DRIVERS and sets up a pair of virtual serial ports and a bus between them. Using explorer, I go to the DRIVERS directory, right click on the com0com.sys file and verify that it has the "test" digital signature. I then go into Device Manager, open the "com0com serial port emulators" entry, pick an entry and do Properties->Driver and see that it says "Not digitally signed". I click details for the driver and can see that it is referring to the com0com.sys driver file that I just confirmed is signed.

I found what might be a related issue but I'm not sure. Does WinXP demand a WHQL signature? If so, does that explain why the com0com.sys file is signed but the device driver entries say they aren't signed?

Answer 1

Yes, when talking about drivers, Windows 2000 and Windows XP has only one certain signature in mind -- the WHQL signature. Without putting the com0com driver through the WHQL process, it simply won't be considered signed.

The instructions in Building.txt in relation to signing are talking about a different "constraint" placed by 64-bit editions of Windows Vista and higher -- they simply won't load drivers which are not signed at all -- but that's unrelated to your problem.