Cannot load kmdf driver on my system

NTDEV
1

Hi,

We have our own kmdf smart card device driver. I had to make some updates to driver and want to sign again. i have signed my driver from Microsoft hardware portal as well and signing is successful. Now when i try to install my driver in my windows 11 pc. i get following program compatibility assistant

driver_error
driver_error2329×1382 33.1 KB

warning pop-up message

A driver cannot load on this device
Security settingis preventing this driver from loading.

My windows 11 OS : 23H2 (OS build 22631)

Attached is the pop up dialog for the same.

What change i need to do in my system settings?

Here is my driver inf file
Version]
Signature="$WINDOWS NT$"
Class=SmartCardReader
ClassGuid={50DD5230-BA8A-11D1-BF5D-0000F805F530}
Provider=%Ifx%
CatalogFile=ifxvscr.cat
DriverVer = 03/19/2025,1.6.01.03

[ControlFlags]
; Prevent legacy install for PnP readers
ExcludeFromSelect=IFX-Smart_Card_Reader-V
ExcludeFromSelect=IFX-Smart_Card_CL_Reader-V

[Manufacturer]
%Ifx%=IFX, NTx86, NTamd64

[SourceDisksFiles]
ifxvscr.sys=1,,
wdfcoinstaller01011.dll=1 ; make sure the number matches with SourceDisksNames

; ============ Add reg for all readers ===============

[Reader.Install.AddReg]
HKLM, Software\Microsoft\Cryptography\Calais\Readers,,,
HKR,,Start,0x00010001,2
HKR,,Start,0x00010001,2

; ================= IFXvSCR readers =====================

; DisplayName Section DeviceId
; ----------- ------- --------
;[IFX]
;%IFXVSCR.DeviceDesc% = IFXVSCR.Install, IFX-Smart_Card_Reader-V

[IFX.NTx86]
%IFXVSCR.DeviceDesc%=IFXVSCR.Install.NTx86, IFX-Smart_Card_Reader-V
%IFXVSCR_CL.DeviceDesc%=IFXVSCR.Install.NTx86, IFX-Smart_Card_CL_Reader-V

[IFX.NTamd64]
%IFXVSCR.DeviceDesc%=IFXVSCR.Install.NTamd64, IFX-Smart_Card_Reader-V
%IFXVSCR_CL.DeviceDesc%=IFXVSCR.Install.NTamd64, IFX-Smart_Card_CL_Reader-V

;[IFXVSCR.Install.NT]
;AddReg = IFXVSCR.Install.AddReg, Reader.Install.AddReg
;CopyFiles = IFXVSCR.Install.CopyFiles

[IFXVSCR.Install.NTx86]
AddReg=IFXVSCR.Install.AddReg, Reader.Install.AddReg
CopyFiles=IFXVSCR.Install.CopyFiles

[IFXVSCR.Install.NTamd64]
AddReg=IFXVSCR.Install.AddReg, Reader.Install.AddReg
CopyFiles=IFXVSCR.Install.CopyFiles

[IFXVSCR.Install.AddReg]
HKR,, AdapterType, 0, "0100"

[IFXVSCR.Install.CopyFiles]
ifxvscr.sys,,,1

[IFXVSCR.Install.NTx86.HW]
AddReg=IFXVSCR.Install.NTx86.HW.AddReg

[IFXVSCR.Install.NTamd64.HW]
AddReg=IFXVSCR.Install.NTamd64.HW.AddReg

[IFXVSCR.Install.NTx86.HW.AddReg]
HKR,,Security,,"D:P(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)"

[IFXVSCR.Install.NTamd64.HW.AddReg]
HKR,,Security,,"D:P(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)"

[IFXVSCR.Install.NTx86.Services]
AddService=IFXVSCR, 2, IFXVSCR.Service.NTx86, IFXVSCR.EventLog.NTx86

[IFXVSCR.Install.NTamd64.Services]
AddService=IFXVSCR, 2, IFXVSCR.Service.NTamd64, IFXVSCR.EventLog.NTamd64

[IFXVSCR.Service.NTx86]
DisplayName = %IFXVSCR.SVCDESC%
ServiceType = 1 ;%SERVICE_KERNEL_DRIVER%
StartType = 3 ;%SERVICE_AUTO_START%
ErrorControl = 1 ;%SERVICE_ERROR_NORMAL%
ServiceBinary = %12%\ifxvscr.sys
Dependencies = TCPIP

[IFXVSCR.Service.NTamd64]
DisplayName = %IFXVSCR.SVCDESC%
ServiceType = 1 ;%SERVICE_KERNEL_DRIVER%
StartType = 3 ;%SERVICE_AUTO_START%
ErrorControl = 1 ;%SERVICE_ERROR_NORMAL%
ServiceBinary = %12%\ifxvscr.sys
Dependencies = TCPIP

[IFXVSCR.EventLog.NTx86]
AddReg=IFXVSCR.AddEventLog.reg

[IFXVSCR.EventLog.NTamd64]
AddReg=IFXVSCR.AddEventLog.reg

[IFXVSCR.AddEventLog.reg]
HKR,, EventMessageFile, 0x00020000, "%%SystemRoot%%\System32\drivers\ifxvscr.sys"
HKR,, TypesSupported, 0x00010001, 7

[DestinationDirs]
DefaultDestDir=12
IFXVSCR.Install.CopyFiles=12
IFXVSCR_CoInstaller_CopyFiles=11

[SourceDisksNames]
1=%InstallDisk%,ifxvscr.sys,,

;
;--- IFXVSCR.Install_Device WDF Coinstaller installation ------
;
[IFXVSCR.Install.NTx86.CoInstallers]
AddReg=IFXVSCR_CoInstaller_AddReg
CopyFiles=IFXVSCR_CoInstaller_CopyFiles

[IFXVSCR.Install.NTamd64.CoInstallers]
AddReg=IFXVSCR_CoInstaller_AddReg
CopyFiles=IFXVSCR_CoInstaller_CopyFiles

[IFXVSCR_CoInstaller_AddReg]
HKR,,CoInstallers32,0x00010000, "wdfcoinstaller01011.dll,WdfCoInstaller"

[IFXVSCR_CoInstaller_CopyFiles]
wdfcoinstaller01011.dll

[IFXVSCR.Install.NTx86.Wdf]
KmdfService=IFXVSCR, IFXVSCR_Wdfsection

[IFXVSCR.Install.NTamd64.Wdf]
KmdfService=IFXVSCR, IFXVSCR_Wdfsection

[IFXVSCR_Wdfsection]
KmdfLibraryVersion = 1.11

; ================= Strings =====================
[Strings]
IFXVSCR.DeviceDesc ="IFX virtual Smart Card CB Reader"
IFXVSCR_CL.DeviceDesc ="IFX virtual Smart Card CL Reader"
IFXVSCR.SVCDESC ="IFX virtual Smart Card Reader"
ClassName ="Smart Card Readers"
InstallDisk = "IFX-V CB Installation Disk"

Is my inf file needing any change ? or is it not according to windows 11 new policy?

Regards
Murali.

2

Have you tried to update de DefaultDirs to use 13 instead of 12?
This is about driver package isolation.

Regards,

--
Fernando Roberto da Silva
DriverEntry Kernel Development
https://www.driverentry.com.br

3

Also this line:

[quote="murali, post:1, topic:59541"]
[Reader.Install.AddReg]
HKLM, Software\Microsoft\Cryptography\Calais\Readers,,,
[/quote]

Is a violation of driver isolation. Registry access in inf files all have to be relative (using HKR). In your case that is a problem as there is no section that gets you to the HKLM software key. You need an installer that does this for you.

Also you don't need the KMDF coinstaller section for win10 and later.

4

Hi,
Thanks for the hint. Probabaly i need port my inf file to be in compliance with driver isolation policy.

5

Hi,

Thanks for the explanation. As per the microsoft documentation

Starting with Windows 7, the smartcard subsystem configures the smartcard services. Vendors are no longer required to add the Reader.Install.AddReg registry keys listed above.

Does it mean i do not need AddReg section ?

Also as you mentioned about co-installers, should i remove all the sections which specifies CoInstaller ? Can you please provide me the link from microsoft documentation where it is described about cointsallers are no longer required ? this is just for my reference.

6

I'm happy people are familiar with driver isolation, this is great.

Coinstallers aren't just no longer required, they're no longer allowed if you'd like a Microsoft signature.

You will probably find something helpful in the setupapi logs: C:\windows\inf\setupapi.dev.log