I'm maintaining a driver package which contains both an x86 and an amd64 kernel driver. An earlier version of the package has been signed with SHA1 before 2016-01-01, and it still works even on x64 Windows.
Now I'm trying to rebuild the package and sign it with a new SHA256 cert, but when I try to install it e.g. on Win7 x64 using the "devcon" utility the driver fails to load with an error saying the signature can't be verified.
In %windir%\inf\setupapi.dev.log I get this error:
Device has problem: 0x34: CM_PROB_UNSIGNED_DRIVER.
This happens even though "signtool /kp" says that the signature of the driver binaries as well as the signature of the .cat file is OK for this purpose, the .sys file is copied correctly, and if I use explorer to check the propertiess of the installed sys file it says, "Digital signature is valid". Only if I enable the TESTSIGNING boot configuration option the driver is loaded and works correctly.
BTW, this is *not* yet for Windows 10 desktop with EV cert, just for legacy Windows x64.
The driver package is available here:https://www.meinberg.de/download/temp/burnicki/driver.zip
Some associated debug information:https://www.meinberg.de/download/temp/burnicki/driver-log.txt
Anybody who has an idea what may be wrong? The certificates, even though "signtool /kp" says that everything's fine?