Signing Vbox extensions
Signing Vbox extensions
We wrote an extension for VBox running on various flavours of Windows that worked fine in 4.3.6. When we updated to 4.3.18 the extension wouldn't load because it was unsigned. So we signed it (with a kernel mode cert), and now in the list of extensions it displays with a green tick. But when it is loaded in Win 7 we get an error message about page hashes (despite having the /ph option set in the compiler). So it seems that the validation of the extension is different at the execute stage. We've been going around in circles trying different versions and settings trying to get something to work but surely someone here knows what the pitfalls are in this process. Can you give me a brief outline of a build environment that will produce the required outputs?
-
mhanor
- Volunteer
- Posts: 321
- Joined: 7. Oct 2009, 12:40
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: various
Re: Signing Vbox extensions
Have you linked the binary with /INTEGRITYCHECK ? Is the certificate part of the Trusted Root Certification Authorities and part of Trusted Publishers certificate stores?
Re: Signing Vbox extensions
Yes, did the integrity check. We have the certificates in the intermediate store. It works in XP but not in 7.
Re: Signing Vbox extensions
Seems the cert is the issue. Win7 doesn't like SHA2 certs for kernel modules at present.