Win10-64: Signed driver is rejected

NTDEV
1

Hello,

My sys file was developed with Windows Driver Kit - 10.0.10586.0

I signed the driver and got the following output:

H:\download\microsoft\sign\FIO_2015\Win10_64>sign

H:\download\microsoft\sign\FIO_2015\Win10_64>…..\signtool sign /v /ac “After_1
0-10-10_MSCV-VSClass3.cer” /f elta.pfx /p 123456 /t http://timestamp.verisign.co
m/scripts/timstamp.dll “pci9x5x.sys”
The following certificate was selected:
Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Cross certificate chain (using machine store):
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 16:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
Issued by: Microsoft Code Verification Root
Expires: Mon Feb 22 22:35:17 2021
SHA1 hash: 57534CCC33914C41F70E2CBB2103A1DB18817D8B

Issued to: Symantec Class 3 SHA256 Code Signing CA
Issued by: VeriSign Class 3 Public Primary Certification Authority -
G5
Expires: Sun Dec 10 02:59:59 2023
SHA1 hash: 007790F6561DAD89B0BCD85585762495E358F8A5

Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Done Adding Additional Store
Successfully signed: Pci9x5x.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

H:\download\microsoft\sign\FIO_2015\Win10_64>…..\signtool sign /v /ac “After_1
0-10-10_MSCV-VSClass3.cer” /f elta.pfx /p 123456 /t http://timestamp.verisign.co
m/scripts/timstamp.dll “kmdfsamples.cat”
The following certificate was selected:
Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Cross certificate chain (using machine store):
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 16:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
Issued by: Microsoft Code Verification Root
Expires: Mon Feb 22 22:35:17 2021
SHA1 hash: 57534CCC33914C41F70E2CBB2103A1DB18817D8B

Issued to: Symantec Class 3 SHA256 Code Signing CA
Issued by: VeriSign Class 3 Public Primary Certification Authority -
G5
Expires: Sun Dec 10 02:59:59 2023
SHA1 hash: 007790F6561DAD89B0BCD85585762495E358F8A5

Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Done Adding Additional Store
Successfully signed: kmdfsamples.cat

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
H:\download\microsoft\sign\FIO_2015\Win10_64>

Can you tell why windows 10(64) rejects my sys file ?

Thank you,
Z.V

2

Which version of Windows 10? Note there are new rules for 1607 (aka RS1, aka
build 14393, aka Anniversary Update):

https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@ntdev…

Hello,

My sys file was developed with Windows Driver Kit - 10.0.10586.0

I signed the driver and got the following output:

H:\download\microsoft\sign\FIO_2015\Win10_64>sign

H:\download\microsoft\sign\FIO_2015\Win10_64>…..\signtool sign /v /ac
“After_1
0-10-10_MSCV-VSClass3.cer” /f elta.pfx /p 123456 /t
http://timestamp.verisign.co
m/scripts/timstamp.dll “pci9x5x.sys”
The following certificate was selected:
Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Cross certificate chain (using machine store):
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 16:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

Issued to: VeriSign Class 3 Public Primary Certification Authority -
G5
Issued by: Microsoft Code Verification Root
Expires: Mon Feb 22 22:35:17 2021
SHA1 hash: 57534CCC33914C41F70E2CBB2103A1DB18817D8B

Issued to: Symantec Class 3 SHA256 Code Signing CA
Issued by: VeriSign Class 3 Public Primary Certification
Authority -
G5
Expires: Sun Dec 10 02:59:59 2023
SHA1 hash: 007790F6561DAD89B0BCD85585762495E358F8A5

Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Done Adding Additional Store
Successfully signed: Pci9x5x.sys

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

H:\download\microsoft\sign\FIO_2015\Win10_64>…..\signtool sign /v /ac
“After_1
0-10-10_MSCV-VSClass3.cer” /f elta.pfx /p 123456 /t
http://timestamp.verisign.co
m/scripts/timstamp.dll “kmdfsamples.cat”
The following certificate was selected:
Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Cross certificate chain (using machine store):
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 16:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

Issued to: VeriSign Class 3 Public Primary Certification Authority -
G5
Issued by: Microsoft Code Verification Root
Expires: Mon Feb 22 22:35:17 2021
SHA1 hash: 57534CCC33914C41F70E2CBB2103A1DB18817D8B

Issued to: Symantec Class 3 SHA256 Code Signing CA
Issued by: VeriSign Class 3 Public Primary Certification
Authority -
G5
Expires: Sun Dec 10 02:59:59 2023
SHA1 hash: 007790F6561DAD89B0BCD85585762495E358F8A5

Issued to: ELTA Systems Ltd.
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Tue Jul 30 02:59:59 2019
SHA1 hash: F88DEEC7756E58A35FB20324E6593F22E1AA697D

Done Adding Additional Store
Successfully signed: kmdfsamples.cat

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
H:\download\microsoft\sign\FIO_2015\Win10_64>

Can you tell why windows 10(64) rejects my sys file ?

Thank you,
Z.V

3

xxxxx@gmail.com wrote:

My sys file was developed with Windows Driver Kit - 10.0.10586.0

I signed the driver and got the following output:

H:\download\microsoft\sign\FIO_2015\Win10_64>sign

H:\download\microsoft\sign\FIO_2015\Win10_64>…..\signtool sign /v /ac “After_1
0-10-10_MSCV-VSClass3.cer” /f elta.pfx /p 123456 /t http://timestamp.verisign.co
m/scripts/timstamp.dll “pci9x5x.sys”

One of the FIRST things you should do with any driver project based on a
sample is to change the driver file name. The odds are good that some
other unaware driver writer also called their driver “pci9x5x.sys”, and
that would be bad.

Can you tell why windows 10(64) rejects my sys file ?

Rejects in what way, exactly? Dialog? Failure to load? Won’t talk to
it at cocktail parties?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

4

Zvi,

(though I am no expert), let me suggest to do the following two things:

  1. try to figure out the reason for the failure in the file C:\Windows\INF\setupapi.dev .
  2. try to sign the catalog file, I had the same problem yesterday, found out that the catalog file was not signed - this was actually written in the above log

Igal