xxxxx@gmail.com wrote:
Thank you for trying to help Martin.
I restored a clean after-install snapshot of Windows 7 SP1 x64, and ran signtool with the above command. Got the same output, including the Cross Certificate Chain. Then I tried to install the driver via the inf file, and got the same “Windows requires a digitally signed driver” error.
Any other clues are welcome.
OK, one more idea.
Our kernel driver file has 2 signatures: SHA1 and SHA256.
A basic install of even Windows Server 2008 R2 SP1 was unable to
detect and verify the signature of the kernel driver file. What I
observed is:
-
In the device manager, if you open the properties page for the device,
click on the “Driver” tab, and then “Driver Details”, then the “Driver
File Details” dialog says, “Not digitally signed”.
-
However, in the file manager, when I right-clicked on the driver file
located in c:\windows\system32\drivers\ and selected “Properties” from
the context menu, then only *one* signature was reported on the “Digital
signatures” tab, but no hint which signature this refers to, i.e. the
SHA1 or the SHA256 signature.
Anyway, after I had applied all online updates that are available today,
the “Digital signatures” tab of the properties of the driver file shows
both signatures, the kernel driver loads fine and the driver works as
expected, even though the “Driver File Details” from the device manager
still says, “Not digitally signed”.
So it turned out that a patch after SP1 was required to fix this. See also:
https://support.microsoft.com/en-us/help/3033929/microsoft-security-advisory-availability-of-sha-2-code-signing-support
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3033929
Don’t know if this also works with EV certs, or if another patch is
required to support that one.
I’ve recently ordered an EV cert but haven’t received it, yet.
Martin
Martin Burnicki
Senior Software Engineer
MEINBERG Funkuhren GmbH & Co. KG
Email: xxxxx@meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/
Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg,
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de https://www.meinbergglobal.com
Training: https://www.meinberg.academy