|
So this is implying the certificate manager API is useless in context of AuthentiCode certs? I assumed that as long as the TRCA has it and Trusted Publishers, you would be good, but i think this changed some years back.
So presumably Microsoft maintains TRCA, Trusted Publishers, revocations for Authenticide on kernel drivers in some hard coded way in the loader or near it at least. The question of where exactly is definetly an interesting one, though with memory integrity and signature checks on load, it won't be easy to patch the OS kernel. Doesn't look like an elegant solution exists beyond using test certificates in test signing mode.
|