差異處
這裏顯示兩個版本的差異處。
| 下次修改 | 前次修改 | ||
|
cpp:dll:windows:sha2_issue_on_win7_2008 [2016/03/16 14:56] tony 建立 |
cpp:dll:windows:sha2_issue_on_win7_2008 [2023/06/25 09:48] (目前版本) |
||
|---|---|---|---|
| 行 2: | 行 2: | ||
| ====== Sign Driver後無法正常啟動的問題 - SHA2 ====== | ====== Sign Driver後無法正常啟動的問題 - SHA2 ====== | ||
| ===== Problem ===== | ===== Problem ===== | ||
| - | 在對driver sign新的certification後,在某些OS上會出現Windows cannot verify the digital signature for this file。 | + | 在對driver sign新的certification後,在某些OS上會出現Windows cannot verify the digital signature for this file:\\ |
| + | {{:cpp:dll:windows:certificate_problem.png|}} | ||
| ===== How to? ===== | ===== How to? ===== | ||
| - | 爬文+測試後,是由於系統不支援SHA2,所以只要更新[[https://www.microsoft.com/en-us/download/confirmation.aspx?id=46083|KB3033929]]就搞定了。麻煩的是測試系統的更新~ | + | 爬文+測試後,是由於系統不支援SHA2,所以只要更新[[https://www.microsoft.com/en-us/download/confirmation.aspx?id=46083|KB3033929]]就搞定了。麻煩的是測試系統的更新。\\ |
| + | \\ | ||
| + | 在更新時,某些機器會出現: The update is not applicable to your computer.\\ | ||
| + | \\ | ||
| + | 後來發現是由於Windows版本導致的;有出現這訊息的機器是Win2008 R2(6.1.7100),可以更新的是Win2008 R2 SP1(6.1.7601)。(6.1.7100應該是測試版本) | ||
| + | ===== 後記 ===== | ||
| + | - 這已經是去年的問題了,寫這篇文章的時候,也發現有別人有相同問題: [[http://stackoverflow.com/questions/33778515/dpinst-silent-signed-driver-installation-fails-on-windows-7|link]]。 | ||
| + | - M$出的彙整pack也會有包含3033929所提供的功能,如果單純檢查KB3033929,是無法確認此OS是否能提供SHA2的功能。我個人測過KB3185330與KB3212646。 | ||
| + | {{:cpp:dll:windows:kb3185330_effect.png|}} | ||
| ===== Reference ===== | ===== Reference ===== | ||
| * [[https://technet.microsoft.com/zh-tw/library/security/3033929.aspx|Microsoft 資訊安全摘要報告 3033929]] | * [[https://technet.microsoft.com/zh-tw/library/security/3033929.aspx|Microsoft 資訊安全摘要報告 3033929]] | ||
| - | * [[https://www.microsoft.com/en-us/download/confirmation.aspx?id=46083|Win2008 Pack]] | + | * [[https://support.microsoft.com/zh-tw/kb/3033929|Microsoft 資訊安全諮詢:推出適用於 Windows 7 和 Windows Server 2008 R2 的 SHA-2 程式碼簽署支援:2015 年 3 月 10 日]] |
| + | * [[https://www.microsoft.com/en-us/download/details.aspx?id=46083|Security Pack for Win2008 SP1]] | ||
| * [[https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO26221&actp=RSS&viewlocale=en_US|Error "Windows cannot verify the digital signature for this file." due to SHA-256 signature not supported on Windows 7 Printer Friendly Version Printer Friendly]] | * [[https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO26221&actp=RSS&viewlocale=en_US|Error "Windows cannot verify the digital signature for this file." due to SHA-256 signature not supported on Windows 7 Printer Friendly Version Printer Friendly]] | ||
| + | * [[http://www.jrsoftware.org/ishelp/index.php?topic=winvernotes|windows version num]] (參考用,不一定準確) | ||
| + | * [[https://ask.wireshark.org/questions/52166/usbpcapkb3033929|偵測系統有沒有安裝kb3033929的方法]] 缺點: 速度慢 | ||
| + | * [[https://technet.microsoft.com/en-us/library/security/3033929?f=255&MSPPError=-2147217396#Other Information|3033929與3035131的衝突]] | ||
| + | * [[https://social.technet.microsoft.com/Forums/en-US/56a8279f-87f6-4835-97e3-a6cc79e3fe4a/looking-for-a-way-to-list-all-installed-kb-on-a-windows-machine?forum=winserverpowershell|3033929搜尋問題]] | ||
| ===== ===== | ===== ===== | ||
