[wdmaudiodev] Re: How to sign up with MS with the Win10 driver no charge "attestment" option

  • From: Tom Duffy <tduffy@xxxxxxxxxx>
  • To: wdmaudiodev@xxxxxxxxxxxxx
  • Date: Mon, 26 Oct 2015 09:30:31 -0700

Possibly related:

We find some customers on Windows 7 have either
accidentally or on purpose missed out on installing KB3033929
from March 2015 that gives Windows 7 the ability to parse SHA-2
certificates. Without this, they get "unsigned driver"
errors when attempting to install a driver that was signed with
a newer, SHA-256 certificate.
Windows 8 comes with SHA-2 ability out of the box.


On 10/26/2015 2:46 AM, Vincent Burel (VB-Audio) wrote:
It sounds like the same problem I got some days ago

The driver was maybe not well cross signed (because missing Microsoft
CER for example)

BTW: I found one trick to check that a sys file is well cross signed:

findstr /m "MicrosoftCodeVerifRoot" "mydriver.sys" (output nothing if
not found)

(source reference: http://winprogger.com/cross-signing-kernel-mode-drivers/)


Vincent Burel


*De :*wdmaudiodev-bounce@xxxxxxxxxxxxx
[mailto:wdmaudiodev-bounce@xxxxxxxxxxxxx] *De la part de* Paul Titchener
*Envoyé :* dimanche 25 octobre 2015 20:38
*À :* wdmaudiodev@xxxxxxxxxxxxx
*Objet :* [wdmaudiodev] Re: How to sign up with MS with the Win10 driver
no charge "attestment" option

We’re now shipping our software that includes a Win 10 signed driver and
for most users it working correctly, both for users that did an upgrade
to Win 10 and those that bought new Win 10 machines.

For now we detect the OS version during installation and Win 10 machines
get drivers signed both by us and MS, other OS’s get the drivers only
signed by us.

But we’re occasionally hitting installation problems on some machines,
commonly (and maybe exclusively) Win7 ones, where they report that they
get a message about attempting to install an unsigned driver.

I’m wondering if these cases are being caused by a faulty OS detection
by the installer.

Tim, you had mentioned that here is an approach to build a single driver
that installs both on Win 10 and Win 7, 8 and 8.1 machines.

I thought the way we were signing our drivers, which is to sign them
first with our cert before submitting to MS, was the method that allowed
this single install.

But Win 7 and Win 8 machines give us a bad cert message when we try to
install these dual signed drivers.

Was there another step (or different method) we need to take to build a
single driver that will install on a Win 7, 8 and 10 machine?


Paul Titcener


WDMAUDIODEV addresses:
Post message: mailto:wdmaudiodev@xxxxxxxxxxxxx
Subscribe: mailto:wdmaudiodev-request@xxxxxxxxxxxxx?subject=subscribe
Unsubscribe: mailto:wdmaudiodev-request@xxxxxxxxxxxxx?subject=unsubscribe
Moderator: mailto:wdmaudiodev-moderators@xxxxxxxxxxxxx


Other related posts: