My xen drivers consist of a bus driver that attaches to a virtual pci
device (xenpci.sys), a network driver that is enumerated by xenpci
(xennet.sys) and a block driver (xenvbd.sys).
I sign all of those drivers using inf2cat and signtool with a self
signed cert.
When I install xenpci under 2003, windows tells me that the driver at
least has a signature, even if it isn’t WHQL’d (I forget the actual text
of the message). When I install xennet or xenvbd, I get told that the
driver is unsigned.
Once installed, device manager confirms that the device driver is not
signed for xenvbd and xennet. Curiously though, it says that the driver
files are xennet and xenpci (for xennet) or xenvbd and xenpci (for
xenpci), while the inf file for each makes no reference to xenpci. Could
that be the cause?
Or is windows simply telling me that because disk and network drivers
need to have a Microsoft signature, that my signature amounts to no
signature at all?
Thanks
James
You cannot selfsign drivers for which there is a WHQL class - i.e. net
and storage. There is no class for your xenpci driver so you can
selfsign that driver.
Mark Roddy
On Thu, May 7, 2009 at 9:16 AM, James Harper
wrote:
> My xen drivers consist of a bus driver that attaches to a virtual pci
> device (xenpci.sys), a network driver that is enumerated by xenpci
> (xennet.sys) and a block driver (xenvbd.sys).
>
> I sign all of those drivers using inf2cat and signtool with a self
> signed cert.
>
> When I install xenpci under 2003, windows tells me that the driver at
> least has a signature, even if it isn’t WHQL’d (I forget the actual text
> of the message). When I install xennet or xenvbd, I get told that the
> driver is unsigned.
>
> Once installed, device manager confirms that the device driver is not
> signed for xenvbd and xennet. Curiously though, it says that the driver
> files are xennet and xenpci (for xennet) or xenvbd and xenpci (for
> xenpci), while the inf file for each makes no reference to xenpci. Could
> that be the cause?
>
> Or is windows simply telling me that because disk and network drivers
> need to have a Microsoft signature, that my signature amounts to no
> signature at all?
>
> Thanks
>
> James
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
> Once installed, device manager confirms that the device
driver is not signed for xenvbd and xennet. Curiously though,
it says that the driver files are xennet and xenpci (for
xennet) or xenvbd and xenpci (for xenpci), while the inf file
for each makes no reference to xenpci. Could that be the cause?
Or is windows simply telling me that because disk and network
drivers need to have a Microsoft signature, that my signature
amounts to no signature at all?
What device class is your bus driver? Windows 2003 behaves differently for
WHQL signable classes from custom classes.
Jan
>
You cannot selfsign drivers for which there is a WHQL class - i.e. net
and storage. There is no class for your xenpci driver so you can
selfsign that driver.
I think the answer then is “even though I have put a signature on my
network and storage driver, Windows still treats it as unsigned because
it isn’t a WHQL signature”. Would that be correct?
Thanks
James
Yes.
Note that you can test selfsign all of your drivers regardless of
class for vista and later OS’s. For w2k3 and earlier you have to use
the WHQL testsigning facility to get a signed driver experience for
net and storage and any other WHQL’s class of device.
Mark Roddy
On Sat, May 9, 2009 at 6:44 AM, James Harper
wrote:
>>
>> You cannot selfsign drivers for which there is a WHQL class - i.e. net
>> and storage. There is no class for your xenpci driver so you can
>> selfsign that driver.
>>
>
> I think the answer then is “even though I have put a signature on my
> network and storage driver, Windows still treats it as unsigned because
> it isn’t a WHQL signature”. Would that be correct?
>
> Thanks
>
> James
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>