Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Driver attestation and Dual Signature on Driver

MF123MF123 Member Posts: 8

Hi,
I have, for the first time, submitted a driver for attestation (suing a digicert EV Certificate).The first time it was unsuccessful (due to putting the binaries in the root directory of the .cab file). The second time it was signed without problems. So far so good.
However, the driver did not load as expected and neither did it pass the signtool.exe verification process. After some playing around, I realized that the .sys file had 2 digital signatures. One the Microsoft Signature just singed from the Partner Center. THe other was the Test Signature I used during developement in order to be able to test it. The problem is that the verification tool was only capturing the Test Signature, and thus not passing the verification process (see both pictures below).

So, my question is:
Is there a way to remove the Test Certificate from that .sys file?

I DID rebuild the driver without test signing it, resign it using the EV Certificate and resubmitted it for attestation. But this is another issue, where the signing process has been hanging on the 'Preparation' step every time for the last day, and I do not know what the promblem is cause it's just freezing and not giving me an option to download the report (picture below).

Thanks in acvance for your help
regards
Mario

Comments

  • el_coronael_corona Member Posts: 2

    Hi there pal,
    Regarding hanging submission - probably you forgot to sign the cabinet file. There is a glitch with the hardware dashboard. If you submit such a package it would briefly show you error message on the page. It disappears after refresh and this is indeed annoying

  • MF123MF123 Member Posts: 8

    @el_corona said:
    Hi there pal,
    Regarding hanging submission - probably you forgot to sign the cabinet file. There is a glitch with the hardware dashboard. If you submit such a package it would briefly show you error message on the page. It disappears after refresh and this is indeed annoying

    OMG, thank you sooo much. I spent 6 hrs on it yest, and forgot this simple step (probably because I had already signed the .cat file previously using the same tool - as the Digicert walkthrough said- without remembering what the MS Attestation walkthrough said).
    I blame the lack of sleep :-).

    Still no idea how to remove a certificate from a file thouhg (apart from re-attesting the driver wo the Test Cert in it)

    Thanks a lot again!
    Mario

  • Pavel_APavel_A Member Posts: 2,687

    Still no idea how to remove a certificate from a file

    Try to google it up. "How to remove certificate from PE file".
    The AI does wonders /and we're still fiddling with 20th century tech here .../

    -- pa

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,413

    Still no idea how to remove a certificate from a file though

    It'll probably take you longer to remove the signature that it would take you to rebuild the driver without and and sign it with the proper signature. So, I'd say... why bother?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • MF123MF123 Member Posts: 8

    @Peter_Viscarola_(OSR) said:

    Still no idea how to remove a certificate from a file though

    It'll probably take you longer to remove the signature that it would take you to rebuild the driver without and and sign it with the proper signature. So, I'd say... why bother?

    Peter

    Exactly, hence that's what I did. Removing one (if only 1 signature is there) or all (all at once) is quite easy with the signtool.exe 'remove' command. But it's trickier when you want to remove just 1 of 2 available.
    Thanks.

  • MF123MF123 Member Posts: 8

    @Pavel_A said:

    Still no idea how to remove a certificate from a file

    Try to google it up. "How to remove certificate from PE file".
    The AI does wonders /and we're still fiddling with 20th century tech here .../

    -- pa

    I always google before I post a question. This is always a last resort for me.
    Removing one (if only 1 signature is there) or all (all at once) is quite easy with the signtool.exe 'remove' command. But it's trickier when you want to remove just 1 of 2 signatures available.
    thanks
    M

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE