Signing Vbox extensions

Discussions related to using VirtualBox on Windows hosts.
Post Reply
Spikej
Posts: 3
Joined: 11. Dec 2014, 23:04

Signing Vbox extensions

Post by Spikej »

We wrote an extension for VBox running on various flavours of Windows that worked fine in 4.3.6. When we updated to 4.3.18 the extension wouldn't load because it was unsigned. So we signed it (with a kernel mode cert), and now in the list of extensions it displays with a green tick. But when it is loaded in Win 7 we get an error message about page hashes (despite having the /ph option set in the compiler). So it seems that the validation of the extension is different at the execute stage. We've been going around in circles trying different versions and settings trying to get something to work but surely someone here knows what the pitfalls are in this process. Can you give me a brief outline of a build environment that will produce the required outputs?
mhanor
Volunteer
Posts: 321
Joined: 7. Oct 2009, 12:40
Primary OS: MS Windows 10
VBox Version: VirtualBox+Oracle ExtPack
Guest OSses: various

Re: Signing Vbox extensions

Post by mhanor »

Have you linked the binary with /INTEGRITYCHECK ? Is the certificate part of the Trusted Root Certification Authorities and part of Trusted Publishers certificate stores?
Spikej
Posts: 3
Joined: 11. Dec 2014, 23:04

Re: Signing Vbox extensions

Post by Spikej »

Yes, did the integrity check. We have the certificates in the intermediate store. It works in XP but not in 7.
Spikej
Posts: 3
Joined: 11. Dec 2014, 23:04

Re: Signing Vbox extensions

Post by Spikej »

Seems the cert is the issue. Win7 doesn't like SHA2 certs for kernel modules at present.
Post Reply