[wdmaudiodev] Re: How to sign up with MS with the Win10 driver no charge "attestment" option

  • From: "Paul Titchener" <pt@xxxxxxxxxxx>
  • To: <wdmaudiodev@xxxxxxxxxxxxx>
  • Date: Mon, 26 Oct 2015 10:19:26 -0700

Tom and Vincent, thanks for your responses, that's good info.

However I still can't figure out what's going on wrong on some of our driver installations that fail.

We actually had it happen on one of our test machines, it’s a Win7x64 machine.

We use a modified version of the MS devcon64.exe program that they supply source code for to do our driver install.

On this machine at some point installation of the driver failed.

I can see that we were attempting to install the correct driver, the .sys and .cat files in our program that we attempted to install are signed with our SHA1 cert and not the MS cert.

Also when I look at the .sys file that got installed at c:\windows\system32\drivers, doing a properties on it shows that it is signed with our SHA1 cert so that looks fine.

But in the Device Manager the driver has an exclamation mark on it and clicking on it brings up the code 52 error message that the driver is not digitally signed.

If you go into Details and click on the .sys file name shown in that same c:\windows\system32\drivers location it also states there that the driver is not digitally signed.

So for some reason even though when using the File Explore Properties it shows the driver is correctly signed, the Device Manager thinks it isn't signed.

Does anyone know how to correct this discrepancy so the driver becomes functional?

Thanks,

Paul Titchener

-----Original Message----- From: Tom Duffy
Sent: Monday, October 26, 2015 9:30 AM
To: wdmaudiodev@xxxxxxxxxxxxx
Subject: [wdmaudiodev] Re: How to sign up with MS with the Win10 driver no charge "attestment" option

Possibly related:

We find some customers on Windows 7 have either
accidentally or on purpose missed out on installing KB3033929
from March 2015 that gives Windows 7 the ability to parse SHA-2
certificates. Without this, they get "unsigned driver"
errors when attempting to install a driver that was signed with
a newer, SHA-256 certificate.
Windows 8 comes with SHA-2 ability out of the box.

Tom.

On 10/26/2015 2:46 AM, Vincent Burel (VB-Audio) wrote:
It sounds like the same problem I got some days ago

The driver was maybe not well cross signed (because missing Microsoft
CER for example)

BTW: I found one trick to check that a sys file is well cross signed:

findstr /m "MicrosoftCodeVerifRoot" "mydriver.sys" (output nothing if
not found)

(source reference: http://winprogger.com/cross-signing-kernel-mode-drivers/)

Regards

Vincent Burel

www.vb-audio.com

*De :*wdmaudiodev-bounce@xxxxxxxxxxxxx
[mailto:wdmaudiodev-bounce@xxxxxxxxxxxxx] *De la part de* Paul Titchener
*Envoyé :* dimanche 25 octobre 2015 20:38
*À :* wdmaudiodev@xxxxxxxxxxxxx
*Objet :* [wdmaudiodev] Re: How to sign up with MS with the Win10 driver
no charge "attestment" option

We’re now shipping our software that includes a Win 10 signed driver and
for most users it working correctly, both for users that did an upgrade
to Win 10 and those that bought new Win 10 machines.

For now we detect the OS version during installation and Win 10 machines
get drivers signed both by us and MS, other OS’s get the drivers only
signed by us.

But we’re occasionally hitting installation problems on some machines,
commonly (and maybe exclusively) Win7 ones, where they report that they
get a message about attempting to install an unsigned driver.

I’m wondering if these cases are being caused by a faulty OS detection
by the installer.

Tim, you had mentioned that here is an approach to build a single driver
that installs both on Win 10 and Win 7, 8 and 8.1 machines.

I thought the way we were signing our drivers, which is to sign them
first with our cert before submitting to MS, was the method that allowed
this single install.

But Win 7 and Win 8 machines give us a bad cert message when we try to
install these dual signed drivers.

Was there another step (or different method) we need to take to build a
single driver that will install on a Win 7, 8 and 10 machine?

Thanks,

Paul Titcener


******************

WDMAUDIODEV addresses:
Post message: mailto:wdmaudiodev@xxxxxxxxxxxxx
Subscribe: mailto:wdmaudiodev-request@xxxxxxxxxxxxx?subject=subscribe
Unsubscribe: mailto:wdmaudiodev-request@xxxxxxxxxxxxx?subject=unsubscribe
Moderator: mailto:wdmaudiodev-moderators@xxxxxxxxxxxxx

URL to WDMAUDIODEV page:
http://www.wdmaudiodev.com/
******************

WDMAUDIODEV addresses:
Post message: mailto:wdmaudiodev@xxxxxxxxxxxxx
Subscribe: mailto:wdmaudiodev-request@xxxxxxxxxxxxx?subject=subscribe
Unsubscribe: mailto:wdmaudiodev-request@xxxxxxxxxxxxx?subject=unsubscribe
Moderator: mailto:wdmaudiodev-moderators@xxxxxxxxxxxxx

URL to WDMAUDIODEV page:
http://www.wdmaudiodev.com/

Other related posts: