Hello,
My question is about verification of driver’s
signature by setupapi on OSs windows 2000, Server
2003, & XP etc.
My driver has its own class, which is created using my
inf file & therefore I felt I would be able to sign my
driver using Microsoft Authenticode Technology as
given in DDK documentation. My driver package has 2
binary files apart from .sys & .inf file
First I created a certificate with Makecert, listed
these 4 files in .cdl, created a catlog file with
Makecat & signed it using signtool. When I loaded
driver, the system complained that the driver is
unsigned since the certificate path terminated at the
test root. I repeated the procedure with Verisign
class code 3 certificate, but still system complains
about driver being unsigned & error log shows that the
certificate is not valid for requested usage.
Here are my questions…
- Is it possible to sign a driver without getting
WHQL signature, using certificate from trusted
publisher. If so, have I missed anything?
- Just signing catlog file with trusted certificate
is enough or each file has to be signed before signing
catalog file?
- Is there any way to check what publishers are
supported for driver signing on a target machine? Can
anybody add to this list?
- I am also having problems in signing catlog file
with verisign certificate & signtool. Such attempt
fails most of the time but is successful sometimes.
- My inf gets loaded in inf directory as oem.inf Will
driver signing help to change this so that my.inf is
seen as my.inf ? Or this happens because my driver has
a newly generated class ?
Thanks
Sharmila Panse
Indra Networks
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Sharmila Panse wrote:
- My inf gets loaded in inf directory as oem.inf Will
driver signing help to change this so that my.inf is
seen as my.inf ? Or this happens because my driver has
a newly generated class ?
All non-Microsoft INFs are copied as oem##.inf. Such filenames are not
“seen” by end users, so there is no reason to worry about it. The
operating system knows which one is yours.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
> All non-Microsoft INFs are copied as oem##.inf
IIRC this is only about unsigned drivers, while signed INFs will retain the
original names. Am I wrong?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Hi Maxim S. Shatskih and Tim Roberts,
Thanks for your reply.
All non-Microsoft INFs are copied as oem##.inf.
Such filenames are not
“seen” by end users, so there is no reason to worry
about it. The
operating system knows which one is yours.
–
The reason to worry about it is it does not allow me
to update a newer version of driver.sys file. When I
uninstall my driver using device manager GUI, this
oem##.inf in hidden inf directory and mydriver.sys
from system32\driver does not get deleted. This is a
problem because whenever system finds this device node
in unconfigured state, it installs the old driver from
system32\driver without any user interaction. So you
uninstall the driver and reboot the machine, or click
“Add new hardware” to try to install updated sys file,
and you find the system has already installed earlier
driver without waiting for you.
Alternatively if I delete this oem##.inf file manually
then the system requires the user interaction for
specifying the driver location. Furthermore you do not
know whats a value of ##??
How do I handle it?
Thanks
Sharmila Panse
Indra Networks
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Yes I believe you are 
lol…
From my experience any 3rd part inf installed correctly will be
installed as OEMxx.inf whether it is signed or not.
Correctly is either via SetupOEMCopyInf() in your installer or by using
the add hardware wizard to pick up a “driver disk” which is the form
required by WHQL when you submit your driver for signing.
For unsigned drivers it is ‘easier’ to copy the file ‘as is’ since using
SetupOEMCopyInf would trigger the device installation dialogs. If its
copied there directly the dialog won’t be shown until the hardware is
attached which is preferable since more dialogs are shown at that point
anyway.
BR,
Rob Linegar
Software Engineer
Data Encryption Systems Limited
www.des.co.uk | www.deslock.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: 15 December 2005 21:28
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Driver’s signature
All non-Microsoft INFs are copied as oem##.inf
IIRC this is only about unsigned drivers, while signed INFs will retain
the
original names. Am I wrong?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@des.co.uk
To unsubscribe send a blank email to xxxxx@lists.osr.com