Tim, with your aid (thanks again for that) I was able to get our driver package
submitted.
However I got back a message (copied below) saying that our individual files
passed their tests but overall we had failed but they don’t say why.
Looking at the dashboard report on the submission just repeats the same message
as below.
Any suggestions on how we are supposed to figure out what is wrong?
The .cab file I sent had the files directly in the .cab file with no folder, is
that what they are complaining about?
(response from MS)
We regret to report that this submission has failed review with the following
comments:
There are files at the root of the cabinet: dfx12.inf, dfx12.sys,
dfx12ntamd64.cat, dfx12ntx86.cat, dfx12x64.inf, dfx12x64.sys Universal
validation result : Drivers passed Universal check successfully. INF validation
successful
We have reviewed your submission and have determined that one or more tests
have failed. Please resolve the test failures, then resubmit a new driver
package. You can also preview your package for errors using the tools available
here
Please note that only valid errata numbers provided from Microsoft may be used
to overturn submission results (email threads are not sufficient), and the
relevant number(s) must be included in the submission readme file.
Paul Titchener wrote:
Tim, thanks for your help.
Yes, we have an EV2 cert, we’ve used it up to now for signing our pre Win10
driver files. However our current cert was only issued in Sept. so I don’t we
can use it for Win 10 installations without the additional MS certification.
Right, you need attestation, but attestation REQUIRES the EV certificate.
That's why I asked.
Just to make sure I fully understand your directions below, when we make the
.cab file should we use our signed .cat, .sys and .inf files and then sign the
resulting .cab file?
Or do we use unsigned .cat, .sys and .inf files and only sign the .cab file?
The only requirement is that the CAB be signed. Microsoft will throw out your
CAT file and create a new one, marked for Windows 10 ONLY, signed with their
certificate. They will also add their certificate to any binary files in the
package. Originally, some of us thought this would allow these files to work
on all of the operating systems: we could sign the SYS with our SHA1
certificate, and submit it for SHA2 attestation. However, it turns out that XP
and Vista can't handle files with multiple certificate chains, so that idea
went down the tubes. The signed SYS file you get back will work on Windows 7
and 8, but the CAT file will not.
So, you now need at least two driver packages: one signed with SHA1 for use on
Win 8.1 and earlier, and the attested package for Win 10.
(You can't sign an INF.)
--
Tim Roberts, timr@xxxxxxxxx
Providenza & Boekelheide, Inc.
