Re[2]: Attested signing live on Windows HW Dev Center portal

I hit this same problem the other day when setting things up for a new
account. I previously, a few days prior, downloaded the signablefile.exe
and used it for upload. This failed several times in a row with the
error you indicated. I then downloaded the file again, signed it,
uploaded it and all was fine. So they are maintaining information about
the file cycle. Not sure if this is the issue you are hitting but I was
getting this exact error message.

Pete


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com http:</http:>
866.263.9295

------ Original Message ------
From: “George M. Garner Jr.”
To: “Windows System Software Devs Interest List”
Sent: 1/23/2017 6:01:03 PM
Subject: Re:[ntdev] Attested signing live on Windows HW Dev Center
portal

>Hmmm! When I upload the signed signable file (“SignableFile.exe”) I
>get the following error message:
>
>“Error: signature is valid but your uploaded file was not expected. Did
>you reload the page? If so, start over and try again.”
>
>The upload file filter is expecting an xml file. But the downloaded
>signable file is an exe. Has anyone gone through this process and got
>it to work?
>
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list online at:
>http:
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:></http:>

My problem is that our code signing certificate is, for security
reasons, maintained on an isolated computer system. So the process that
you describe is difficult to achieve. I tried timestamping the file
after logging in, which can be done without exposing the code signing
certificate to the Internet. But that didn’t work. It would be helpful
if MS didn’t encourage/force developers to use their code signing
certificates in an insecure manner.

Yes you have to do the thing in one browser session, so do it from the
machine you use for signing, you know the one that MSFT says you should
disconnect from the internet. :slight_smile:

Mark Roddy

On Mon, Jan 23, 2017 at 9:10 PM, George M. Garner Jr. <
xxxxx@gmgsystemsinc.com> wrote:

I am at step 4 of https://developer.microsoft.co
m/en-us/dashboard/registration/hardware (“Upload your signed file”). If
you click on the link “browse your files” the dialog has a “*.xml”
extension filter. You can override the filter and upload the exe. But it
most definitely does have a filter.

Hmmm! At step 2 it says “Important: don’t refresh your browser page before
uploading your signed file, or you will need to start this process over.”
So evidently there is something session specific in the downloaded exe
file. This is a problem since I need to transfer the dowloaded file to a
different (offline) computer to sign the file. Does this mean that I can’t
log off in between step 2 and 4?


NTDEV is sponsored by OSR

Visit the list online at: http:> lists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>