Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved CKS Enablement Scheme. #10

Open
DavidXanatos opened this issue Sep 22, 2024 · 4 comments
Open

Improved CKS Enablement Scheme. #10

DavidXanatos opened this issue Sep 22, 2024 · 4 comments

Comments

@DavidXanatos
Copy link

I had a lot of headache with ssde_enable.exe and I came up with a much more convenient solution.
0. Setup everything, Own PK & Co, Policy, etc...

  1. Reboot to UEFI and disable Secure Boot
  2. Install the ssde Driver
  3. Enable test signing and reboot twice
  4. Check Licensed == 1 and ssde driver running
  5. Reboot to UEFI and enable Secure Boot
    Voila nothing but the driver needed and very reliable.
@DavidXanatos DavidXanatos changed the title Improved CKS activation scheme. Improved CKS Enablement Scheme. Sep 22, 2024
@793359277
Copy link

I tested this project and the driver was loaded successfully, but some drivers that were supposed to be loaded could not be loaded (not all), such as the leaked signature, and even many regular drivers. When loading the driver, it prompted "Your organization uses device guard to block this app". I decided not to use this item anymore, and finally deleted the SiPolicy.pb7 file in the EFI partition. These abnormal drivers can be loaded again. Why? Is it my fault?

@793359277
Copy link

Strange things happened again. After I regenerated the binary file of the Enterprise Edition, the driver can be loaded normally. Is it because it was generated in the Professional Edition before? After using ssde_enable.exe once, why can the self-signed driver be loaded normally every time the computer is started? I don't even use ssde.sys. Shouldn't this be restored after restarting?

@DavidXanatos
Copy link
Author

Did you generate your own SiPolicy xml with powershell or did you use a pre made one by some one else?
In my experience the pre made once are missing some root certs so they are not always suitable for every system, and the symptom is as you saw egotistic 3rd party drivers not loading.

If you have sppsvc service stopped I think the license data are not restored anymore.

@793359277
Copy link

Did you generate your own SiPolicy xml with powershell or did you use a pre made one by some one else? In my experience the pre made once are missing some root certs so they are not always suitable for every system, and the symptom is as you saw egotistic 3rd party drivers not loading.

If you have sppsvc service stopped I think the license data are not restored anymore.

I regenerated the xml myself and there was no problem. Thanks for your reply!

@Acotas Acotas mentioned this issue Jan 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavidXanatos @793359277