• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Is there any possibility to remove or block SHA 2 Code Signing during installation with NVCleaninstall?

sweethoneybee

sweethoneybee

Joined
Jun 26, 2021
Messages
7 (0.00/day)
Hi,

i plan to buy a viedeocard from the RTX 30 series and use it on several OS. To install the last Windows 7 driver 472.12 you need to install KB4474419 previously to have SHA 2 Code Signing support. This is breaking some older programs which i must keep for working but i can´t install the driver without the update. It is possible to install it in save mode by pressing F8 during boot but then the Control Panel is missing afterwards and i don´t like this kind of botch anyway. So if there is no other way to avoid SHA 2 Code Signing during installation, i will have to stay with version 441.41 which is not supporting the RTX 30 series but might funktion also. Before i give up, i would like to know, if someone of you here has any idea or knows any trick to skip the SHA 2 Code Signing in Windows 7.

Thanks :)
 
sweethoneybee said:
This is breaking some older programs which i must keep for working
Click to expand...
How? I thought the SHA2 signing support is on top of the already installed root certs?
 
W1zzard said:
How? I thought the SHA2 signing support is on top of the already installed root certs?
Click to expand...
Sorry, but i don´t really understand what you mean by that and can only tell you that after installing KB4474419 some of my already existing programs are not working anymore. They always worked well for years with previous NVIDIA drivers which didn´t require SHA2 signing like 347.52 till 441.41. This means that i can´t and don´t want use KB4474419 and only have 2 possibilities right now like described. I would prefer to find a way to modify driver 472.12 and get rid of SHA2 signing but for that i would need help from a professional because i´m not a programmer. Are you able and willing to help me in this case or if not, do you know someone else who could do it for me?
 
Last edited:
I think that i start to understand now what my problem really is. Driver version 441.41 was the last one for Win7 which has both, the digital signature in SHA1 and in SHA256. After that Microsoft started to sign all future drivers for Win7 in SHA256 only (we can see that easily be rightklicking on the driver file). This is the reason why i can´t install them anymore on Win7 without the KB4474419 update. This means to me that if someone would be able to mod version 441.41 (which has already both codes) up to version 472.12 (which has SHA256 only but supports the RTX 30 series), the job should be done because both versions already have the same Control Panel and PhysX versionnumbers. I´m no programmer of cause (otherwhise i won´t ask for help) but my logic is telling me this.
 
Yeah, at some point around that time, the signing requirements have changed, to transition from SHA1 to the more secure SHA256.

You might be able to a self-signed SHA1 code signing certificate, sign the various files with it and add that cert to the Trusted Root on your system, so it gets recognized as valid. Not trivial and not 100% sure if it'll work (maybe the OS requires a cert by Microsoft only, or even one that has its chain of trust terminate in a certain certificate)
 
Thanks for your reply and idea but i´m shure that i´m not able to do such a thing because i simply don´t understand anything about that kind of job. I would prefer a modded 472.12 driver file with SHA1 added. Nothing more because i don´t need any tweaks. If you know someone who would be able and willing to do that for me, i would be very thankful.

EDIT: The job is done by a really good modder from another forum. No more help needed.
 
Last edited:
sweethoneybee said:
EDIT: The job is done by a really good modder from another forum. No more help needed.
Click to expand...
Could you say what other forum? I'm curious about this now.
 
sweethoneybee said:
Thanks for your reply and idea but i´m shure that i´m not able to do such a thing because i simply don´t understand anything about that kind of job. I would prefer a modded 472.12 driver file with SHA1 added. Nothing more because i don´t need any tweaks. If you know someone who would be able and willing to do that for me, i would be very thankful.

EDIT: The job is done by a really good modder from another forum. No more help needed.
Click to expand...
Why are you running windows 7 without updates? If the reason is what you gave, then the follow up question is: what kind of work requires you to install updates that are not SHA2 signed?

are required to have SHA-2 code signing support installed on their devices to install updates released on or after July 2019. Any devices without SHA-2 support will not be able to install Windows updates on or after July 2019
Click to expand...
 
You must log in or register to reply here.
Back
Top