Does anyone know why the following occurs:
ntdev member 11288 wrote:
- Install on XP – Device Mgr - mydevice / Properties / Driver
tab: “Digital Signer: Not digitally signed”
XP totally ignores self-signed drivers for established setup classes. Search the archives for more discussion…
We have defined a custom device class and class GUID for our device.
ntdev member 11288 wrote:
We have defined a custom device class and class GUID for our device.
Ok, then it may not matter there either, I don’t really remember. I know on XP 64-bit you will get a different warning box that says your driver is signed and “hasn’t been altered” but that it still didn’t pass WHQL.
Does anyone have any more definitive information? Is it true that on XP x86, the only driver signature which would be recognized is a WHQL signature?
The fact is: On XP self-signed is treated as unsigned.
On XP only MS WHQL signatures are treated as signed.
Answer is going to be the same every time you ask.
Is this a good thing? Apparently not! MS changed the policy on Vista but will never backfit it to pre-Vista OSes. 
Thomas F. Divine
http://www.pcausa.com
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-324801-
xxxxx@lists.osr.com] On Behalf Of xxxxx@waters.com
Sent: Tuesday, May 20, 2008 2:34 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Device Manager in XP indicates unsigned driverDoes anyone have any more definitive information? Is it true that on
XP x86, the only driver signature which would be recognized is a WHQL
signature?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Thank you, Thomas, for your reply. Now that I have a definitive answer, I will stop asking.
I was hoping that this behavior might change in XP SP3, but found no difference.
Windows XP is just inconsistent about the way it treats Authenticode
signatire.
The Device Manager indeed reports that the driver is not signed.
However, if you check %windir%\setupapi.log on XP x86, you’ll find out
that Windows correctly detects Authenticode signature of your driver.
The driver installation is treated as signed, it also receives a higher
rank than an unsigned driver.
Note that ranking affects the behavior of upgrade.
For instance, if you attempt to upgrade from Authenticode signed driver
to an unsigned driver, the upgrade may fail because of a higher rank of
the signed driver.
Of course, the rank of WHQL signature is the highest.
xxxxx@waters.com wrote:
Thank you, Thomas, for your reply. Now that I have a definitive answer, I will stop asking.
I was hoping that this behavior might change in XP SP3, but found no difference.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Hi
I have a load of self-signed drivers, and indeed, XP shows them as ‘not digitally signed’. If you right click the sys file and get its properties then you will see that the file is indeed digitally signed.
XP treats self signed drivers as unsigned. If these are installed into a custom device class with custom GUID, then installing them will not generate the ‘unsigned driver warning’ (because MS wont have a WHQL route for your custom device class). You will still have to do the ‘no, not this time’ thing when the device is first connected though. For USB devices this appears to be necessary when you connect the device to a USB port that uses a different USB hub (front panel and rear panel ports on a desktop, or internal/docking station ports on a laptop etc).
I use DIFx calls to pre install drivers, and to ensure their clean removal. Generally, this works well.
On XP X64, Vista, Serv2K3 & Serv2K8 MS allows for the installation of self-signed drivers into a custom device class without warning where the cert used to do the self-sign is present on the box onto which the driver is installed.
So… in your setup, you just need to install your certificate & pre install your drivers using DIFx. If you then connect the device, you wont get any prompts or warnings.
I had hoped that MS would back-port this change into XP SP3, but alas, XP-SP3 is the same as XP-SP2 as far as driver installs are concerned.
I asked one of the MS devs at WinHec last year whether there was any way around the prompting on XP for devices that are in a custom device class and have no WHQL process. I was informed that there was not. Apart from to go through the WHQL process for a custom device - which was rather time consuming and expensive, and involved convincing MS that your device was worthy of a WHQL signature!
Incidentally, if you don’t have the time/money for the WHQL on your WHQLable device, but dont want unsigned driver warnings/prompts then AFAIK there is nothing stopping you putting it in a device class ‘bobs hardware devices’ with custom GUID, pre-installing your Signature on the target, installing the driver, connecting the device and having no warnings/prompts pop up on anything bar XP-X86 despite the fact that the device is WHQLable.
Incidentally, Win2K wont myther you when you connect a device whos driver is in a custom device class - the install will be silent. XP-X86 is the odd man out here.
Nigel
Nigel wrote:
I asked one of the MS devs at WinHec last year whether there was
any way around the prompting on XP for devices that are in a
custom device class and have no WHQL process. I was informed
that there was not.
This was discussed awhile back on this list. I believe there actually is a way – you have to install your signature into some sort of “trusted” store, along side the trust for the WHQL signature…and then also put your machine in “Test Mode” or something like that. Bob Kjelgaard explained this is the way he tests many unsigned KMDF device installations witihout clicking next, next, etc.
Incidentally, Win2K wont myther you when you connect a device
whos driver is in a custom device class - the install will be silent.
There’s still a subtle difference – the little dialog box that pops up in the center of the screen will have the words “Installing…” at the bottom of it. No “installing” for a WHQL driver.