Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

libwdi and Windows 10

Xiaofan_ChenXiaofan_Chen Member - All Emails Posts: 223
I tried to use libwdi based Zadig to install driver package (based on WinUSB,
libusb-win32 kernel driver or libusbK kernel driver) and it seems to work fine.

https://github.com/pbatard/libwdi/wiki/FAQ#What_are_these_USBVID_PID_MI__Autogenerated_certificates_that_libwdi_installs_in_the_Trusted_certificate_stores

libwdi uses the above approach and will it continue to work for Windows
10 in the future?

It may sound similar to test signing but it does not seem to need to
enable test signing on the machine.

We are discussing this in the libusb mailing list and the author of
libwdi thinks that it should still work fine.
Ref: http://libusb.6.n5.nabble.com/libusb-libusb-under-Windows-10-tp5715304p5715316.html

--
Xiaofan

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,654
    Mr Chen...

    I can't make out what they're doing from either of those links. What's signed and by whom? Who's signing the package and who's signing the .sys file?

    Sorry if that's incredibly stupid, but I'm confused.

    Peter
    OSR
    @OSRDrivers

    Peter Viscarola
    OSR
    @OSRDrivers

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,086
    [email protected] wrote:
    > I can't make out what they're doing from either of those links. What's signed and by whom? Who's signing the package and who's signing the .sys file?

    libwdi is an open source installer for USB drivers, designed
    specifically as a companion for the libusb generic USB library, which
    requires a kernel driver (either WinUSB or one of the alternatives that
    were created before WinUSB existed). They generate a new certificate
    for each run, then install that certificate in the "Trusted Certificate
    Store". By generating a new certificate each time, rather than using
    some common certificate, they are trying to maintain a semblance of
    security and accountability.

    The scheme satisfies KMCS prior to Windows 8, and for the time being
    even works on Windows 10. This is yet another data point that
    contradicts the "attestation required" assertion, because these test
    certificates are, of course, being generated after the magic August 1
    date. The evidence strongly suggests that the attestation requirement
    has not yet been enabled, and is waiting for some magic date to crush us
    all.

    --
    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Mark_RoddyMark_Roddy Member - All Emails Posts: 4,445
    On Tue, Nov 24, 2015 at 12:49 PM, Tim Roberts wrote:

    > The evidence strongly suggests that the attestation requirement
    > has not yet been enabled, and is waiting for some magic date to crush us
    > all.
    >

    Meanwhile how many EV certs at ~500 got sold because of this? I'm sure
    symantec, godaddy et all are quite happy with the situation.


    Mark Roddy
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 15 November 2021 Live, Online
Writing WDF Drivers TBD Live, Online
Developing Minifilters 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online