// Note : this is a scrapped README edit I did for maharmstone/btrfs#503 We then took another approach
To install a built-from-source or a nightly (from github actions) driver, you need to sign it In this section, I will show how to disable driver signature enforcement, or how to sign the driver using test-signing Warning : both of these solutions aren't perfect, if you are looking for a everyday-use it is recommanded to use the release builds, which are signed with a Microsoft-trusted key.
Note : this isn't persistent accross reboots
Relevant link : https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-an-unsigned-driver-during-development-and-test
(This can be done by pressing the 'Shift' key while rebooting the computer, this will take you to a special screen from which you can select "Troubleshoot" -> "Startup settings" -> "Disable driver signature enforcement")
Open the previously downloaded artifact from Github Actions (or mimic the directory structure and fill it with the binaries you just compiled), right-click the btrfs.inf file -> install
A window saying "Microsoft can't verify the publisher of this driver" should pop-up. Click "Install anyway"
If the window didn't show up, the driver probably wasn't installed, make sure you booted your computer with driver signature enforcement disabled.
The computer should next tell you to reboot your computer
Follow the same instructions as step 1
The driver should now be installed ! Note it will only load when the computer is started without driver signature enforcement
Note : This method is harder to put in place, and has the only benefit of persisting after reboots.
Example commands are given for each steps but it is recommand to check the microsoft documentation link about test-signing, so you know what you are doing
Relevant link : https://docs.microsoft.com/en-us/windows-hardware/drivers/install/test-signing
test-signing doesn't seem to work with Windows by default. You will need to put your computer in a special mode to allow test-signing.
bcdedit /set testsigning on
Note : you might need to disable Secure Boot for this to work
This certificate will be used to sign the catalog file of the driver
makecert -r -pe -ss PrivateCertStore -n CN=Contoso.com(Test) ContosoTest.cer
For your certificate to be effective, it needs to be installed in the "Trusted Root Certification Authorities" certificate store of the computer you want to install the driver on. You can add it by launching "CertMgr" as administrator, selecting the "Trusted Root Certification Authorities" certificate store, and importing the .cer file generated earlier (The command given on the documentation doesn't seem to work and just launches the CertMgr GUI)
You will need the "Inf2Cat" tool, installed as part of the WDK. Run the command in the same directory as your btrfs.inf file (or modify the /driver flag)
The command will differ in your case (because of the path) but here is the one I used :
"C:\Program Files (x86)\Windows Kits\10\bin\x86\Inf2Cat.exe" /os:10_NI_X64 /driver:.
Note : this was tested in Windows 11, you might need to change the values of the /os flag according to your Windows version
Simply sign the catalog file of the driver with the certificate you generated
SignTool sign /fd SHA256 /v /s PrivateCertStore /n contoso.com(test) /t http://timestamp.digicert.com btrfs.cat
Only steps 4-5 needs to be done again to sign a new build of the driver