Driver Development- Found Legacy Operation "LogConfig" and "FactDef"

Tamilselvan

@Xiaofan_Chen said:

@Tim_Roberts said:
If it is a PnP INF file, then the CAT file has to be signed. The SYS isn't enough.

Yes, the CAT file will be signed by the dpscat utility which is based on libwdi. After that the driver package can be installed using dpinst.

@Xiaofan_Chen can you provide more information on how to use the dpscat utility to sign the CAT and INF file?

Xiaofan_Chen

@Tamilselvan said:
@Xiaofan_Chen can you provide more information on how to use the dpscat utility to sign the CAT and INF file?

It is mentioned in early reply.

1) Use an inf acceptable by Microsoft (without "LogConfig" and "FactDef") and go with the attestation so that you can get a signed driver package (with signed .sys file)

2) Now replace the inf file in the above package with your desired inf file (with "LogConfig" and/or "FactDef"). Removed the signed cat file in the package as well (anyway it is useless now).

3) Run dpscat in the same folder of the driver package. You will get the signed driver package.

Example run-log.

C:\work\libusb\libusbK-3.1.0.0-bin\bin\exe\amd64\cyusb3\Win10\x64> .\dpscat.exe
Copyright(c) 2012 Travis Lee Robinson. (DUAL BSD/GPL)
Portions Copyright(c) Pete Batard. (LGPL)
C:\work\libusb\libusbK-3.1.0.0-bin\bin\exe\amd64\cyusb3\Win10\x64>
Actual section to install: Device.NTamd64
Found Hwid: USB\VID_04B4&PID_00FC
Found Hwid: USB\VID_04B4&PID_00FE
Found Hwid: USB\VID_04B4&PID_00FD
Found Hwid: USB\VID_04B4&PID_00FB
Hash calculated for: .\cyusb3.inf
Using INF guid..
Hash added..
Catalog file 'CYUSB3.cat' created..
Deleted existing certificate: CN="Cypress (cyusb3.inf) [Self]" (Root store)
Deleted existing certificate: CN="Cypress (cyusb3.inf) [Self]" (TrustedPublisher store)
Set Enhanced Key Usage, URL and CPS..
Created new key container..
Generated new keypair.
Created new self-signed certificate: CN="Cypress (cyusb3.inf) [Self]"
Added CN="Cypress (cyusb3.inf) [Self]" certificate to 'Root' and 'TrustedPublisher' stores..
Signed file: C:\work\libusb\libusbK-3.1.0.0-bin\bin\exe\amd64\cyusb3\Win10\x64\CYUSB3.cat
Deleted private key..
Success!

4) Use dpinst to install the signed driver package.

Tim_Roberts

It's not clear to me what this buys you over using INF2CAT and SIGNTOOL.

Tamilselvan

Hi @Xiaofan_Chen

I followed the steps that were mentioned and got the below log: If I try to install the driver using dpinst.exe, I am unable to install the driver, but if I enter test mode, I am able to install the driver.

Can you check the process that I followed? Can you provide your input on why I can't install the driver?

C:\Users\Tamil\Driver_Signing\dsccan>.\dpscat.exe
Copyright(c) 2012 Travis Lee Robinson. (DUAL BSD/GPL)
Portions Copyright(c) Pete Batard. (LGPL)er_Signing\dsccan>

Actual section to install: MSFT.NTamd64
Found Hwid: PCI\VEN_4453&DEV_0A00
Found Hwid: *jnmmcan4lp
Found Hwid: JNMMCAN4LP_2
Found Hwid: JNMMCAN4LP_3
Found Hwid: JNMMCAN4LP_4
Found Hwid: JNMMCAN4LP_5
Found Hwid: JNMMCAN4LP_6
Found Hwid: JNMMCAN4LP_7
Found Hwid: JNMMCAN4LP_10
Found Hwid: JNMMCAN4LP_11
Found Hwid: JNMMCAN4LP_12
Found Hwid: JNMMCAN4LP_14
Found Hwid: JNMMCAN4LP_15
Hash calculated for: .\dsccan.inf
Using INF guid..
Hash added..
Catalog file 'dsccan.cat' created..
Deleted existing certificate: CN="Sample (dsccan.inf) [Self]" (Root store)
Deleted existing certificate: CN="Sample (dsccan.inf) [Self]" (TrustedPublisher store)
Set Enhanced Key Usage, URL and CPS..
Created new key container..
Generated new keypair.
Created new self-signed certificate: CN="Sample (dsccan.inf) [Self]"
Added CN="Sample (dsccan.inf) [Self]" certificate to 'Root' and 'TrustedPublisher' stores..
Signed file: C:\Users\Tamil\Driver_Signing\dsccan\dsccan.cat
Deleted private key..
Success!

C:\Users\Tamil\Driver_Signing\dsccan>

Xiaofan_Chen

@Tamilarasan

I do not see any issues of your usage of dpscat.

However, in order for this method to work, the prerequisite is that the .sys file is signed (using attestation). Have you done that step?

I mentioned this step in previous reply.
1) Use an inf acceptable by Microsoft (without "LogConfig" and "FactDef") and go with the attestation so that you can get a signed driver package (with signed .sys file)

Tamilselvan

@Xiaofan_Chen

Yeah i followed the procedure which you mentioned in the previous conversation. But still i was unable to install the driver without entering into test mode.

Xiaofan_Chen

@Tamilselvan said:
Yeah i followed the procedure which you mentioned in the previous conversation. But still i was unable to install the driver without entering into test mode.

I see. Are you running a retail version of Windows 10/11 or an insider version? Insider version is known to have problems. Can you try another machine?

If you are running a retail version of Windows 10/11 and yet it does not work, to debug the issue, please check whether Zadig works under your machine or not. You can try Zadig with any USB devices not using WinUSB driver, then use Zadig to switch the original driver to WinUSB.

You can download Zadig from github. If Zadig does not work, file a bug report to libwdi.
https://github.com/pbatard/libwdi

If Zadig works but not dpscat, file a bug in libusbK github.
https://github.com/mcuee/libusbk

broomnest

I've been talking to my customer and they are looking at the possibility of changing the hardware to include PnP circuitry. That may be the only way to get a 64 bit driver into their customers hands. We've been using a 32 bit driver, but many customers want a 64 bit driver because their corporate policies are pushing for all computers to be running a 64 bit OS. Corporate policies have also not been happy with a non-signed driver either.

umgfoin

@Zac_Lockard said:
Great point, I'll update the INF documentation shortly to show this syntax as blocking. I also realized that we had labeled some (other) syntax as deprecated which is not yet blocking anything, so these updates will clarify the current status.

Hello Zac, your updates to the INF-docs are missleading as they give the impression, targeting WIN10 is still possible:

Starting in Windows 11 version 22H2, a driver package using this directive is no longer eligible for a signature from Hardware Developer Center.

...

The requirement was enforced in the Win11 22H2 HLK, and if you submit a driver through attestation you have to meet the INF requirements of the latest HLK regardless of targeting

`
The current situation is:
An existing driver package using the mentioned directives doesn't get signed for ANY OS target and thus is unmaintainable.
As others have clearly stated here and elsewhere, these virtually unannounced restrictions are showstoppers for many manufacturers in the industrial/ embedded field.
Can you point me in a direction where we can effectively articulate our concerns, which in most cases are urgent, to the right people at Microsoft?
This ad-hoc change is clearly not acceptable and is breaking basic exspectations in Windows being appropriate as an OS for long-term supported hardware. Atleast an exception for actively supported releases of Windows embedded and IoT ltxx needs to be provided otherwise this concept is pure lip service.

Zac_Lockard

@umgfoin said:
Can you point me in a direction where we can effectively articulate our concerns, which in most cases are urgent, to the right people at Microsoft?

Fortunately, I am that person. We will be resuming signing drivers containing LogConfig and LogConfigOverride in the next few weeks, via the attestation process. I will update the thread when this change is live.

Peter_Viscarola_(OSR)

Woot!

Bravo to Mr. Lockard and MSFT for courageously recognizing a genuine screw-up and fixing it.

I could write a lot more but, in short: Thank you.

Peter