[DTM Testing] INF Testing Failed

NTDEV
21

You wrote:

Hello Tim Roberts,

But this is marked as PASSED after installing the latest filter from
the winqual just few minutes ago.

So If it is non-pnp, then normal Digital Signature is enough to avoid
the WARNING message during installing the driver in x64 bit OS ?

There are two different situations here. Any time you install a new PnP device that is not WHQL-signed, you get a warning about unsigned drivers. That warning can only be eliminated by submitting for a WHQL signature. That happens on both 32-bit and 64-bit systems.

In addition, the 64-bit systems will not LOAD a driver that is not signed with an approved code-signing certificate. This is called KMCS. WHQL has absolutely nothing to do with this. You have to have your own certificate, and you have to sign every build.

Howver, a KMCS failure results in a Device Manager yellow bang, not a simple warning message.

Which one are you seeing?

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

22

Hi Tim Roberts,

Thank you for your assistance. I will check your comments.
By this time, I give my INF file here:
Sorry I marked company name as ‘xxxx’

;/*++
;
;Copyright (c) 2009 xxxx CORPORATION
;
;Module Name:
;
;??? defrag.inf
;
;Abstract:
;
;??? inf file for installing ddrv.sys???
;
;–*/
[Version]
Signature =“$WINDOWS NT$”
Class??? = DefragDriver
ClassGuid = {8ECC055D-047F-11D1-A537-0000F8753ED2}
Provider? = %SRN%
DriverVer = 04/30/2009,5.00.0001.0
CatalogFile? = sndefrag.cat

[SourceDisksNames]
1 = %INST_DISK_NAME%

[SourceDisksFiles]
ddrv.sys??? = 1
bllComm.dll? = 1
ddrvComm.dll = 1

[Manufacturer]
%SRN% = xxxx

[xxxx]

[DiskInstall.NT]
CopyFiles = DiskCopyfiles

[DefragDLLInstaller]
bllComm.dll
ddrvComm.dll

[DiskCopyfiles]
ddrv.sys

[DestinationDirs]
DefaultDestDir??? = 10,System32\drivers???
DefragDLLInstaller = 11

[DefaultInstall]
AddReg??? = InitialRegEntry
CopyFiles = DefragDLLInstaller

[InitialRegEntry]
; Enum Entry
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV”, “NextInstance”, %REG_DWORD%, “0x00000001”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “Service”, %REG_SZ%, “ddrv”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “Legacy”, %REG_DWORD%, “0x00000001”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “ConfigFlags”, %REG_DWORD%, “0x00000000”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “Class”, %REG_SZ%, “LegacyDriver”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “ClassGUID”, %REG_SZ%, “{8ECC055D-047F-11D1-A537-0000F8753ED2}”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “DeviceDesc”, %REG_SZ%, “ddrv”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “Capabilities”, %REG_DWORD%, “0x00000000”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000”, “Driver”, %REG_SZ%, “{8ECC055D-047F-11D1-A537-0000F8753ED1}\0028”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000\Control”, %REG_SZ%, “ActiveService”, “ddrv”
HKLM, “SYSTEM\CurrentControlSet\Enum\DDRV\LEGACY_DDRV\0000\LogConf”, , ,
; Service Entry
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv”, “DisplayName”, %REG_SZ%, “ddrv”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv”, “ErrorControl”, %REG_DWORD%, “0x00000000”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv”, “ImagePath”, %REG_EXPAND_SZ%, “System32\DRIVERS\ddrv.sys”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv”, “Start”, %REG_DWORD%, “0x00000003”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv”, “Type”, %REG_DWORD%, “0x00000001”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv\Enum”, “0”, %REG_SZ%, “DDRV\LEGACY_DDRV\0000”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv\Enum”, “Count”, %REG_DWORD%, “0x00000002”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv\Enum”, “NextInstance”, %REG_DWORD%, “0x00000002”
HKLM, “SYSTEM\CurrentControlSet\Services\ddrv\Enum”, “INITSTARTFAILED”, %REG_DWORD%, “0x00000001”

[Strings]
INST_DISK_NAME??? = “Defragmenter Driver Installation”
DiskDevDesc??? = “Defrag Driver”
SRN??? = “xxxx? CORPORATION”
SPSVCINST_ASSOCSERVICE = 0x00000002
SERVICE_KERNEL_DRIVER? = 1
SERVICE_DEMAND_START?? = 3
SERVICE_ERROR_NORMAL?? = 1
SERVICE_ERROR_IGNORE?? = 0
REG_EXPAND_SZ??? = 0x00020000
REG_DWORD??? = 0x00010001
REG_SZ??? = 0x00000000

================================================
— On Mon, 8/24/09, Tim Roberts wrote:

From: Tim Roberts
Subject: Re: [ntdev] [DTM Testing] INF Testing Failed
To: “Windows System Software Devs Interest List”
Date: Monday, August 24, 2009, 10:07 AM

You wrote:
>
>Hello Tim Roberts,
>
>But this is marked as PASSED after installing the latest filter from
>the winqual just few minutes ago.
>
>So If it is non-pnp, then normal Digital Signature is enough to avoid
>the WARNING message during installing the driver in x64 bit OS ?

There are two different situations here.? Any time you install a new PnP device that is not WHQL-signed, you get a warning about unsigned drivers.? That warning can only be eliminated by submitting for a WHQL signature.? That happens on both 32-bit and 64-bit systems.

In addition, the 64-bit systems will not LOAD a driver that is not signed with an approved code-signing certificate.? This is called KMCS.? WHQL has absolutely nothing to do with this.? You have to have your own certificate, and you have to sign every build.

Howver, a KMCS failure results in a Device Manager yellow bang, not a simple warning message.

Which one are you seeing?

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

23

James Rassel wrote:

Thank you for your assistance. I will check your comments.
By this time, I give my INF file here:
Sorry I marked company name as ‘xxxx’

That answers the question. This is a legacy device – a
non-plug-and-play device. You cannot get a WHQL signature for this.

And that’s OK, because there is no need for it. Your driver is not
installed by Device Manager, so you will never see the “unsigned driver”
warning. Indeed, you don’t need an INF for this at all; your
application could install this driver on its own just by copying the
file into place and using CreateService to create the registry entries.

Your driver will still need to be signed for the 64-bit systems, because
of KMCS, but that is done by you, with your own code-signing
certificate, not by WHQL.

By the way, most of the registry entries you create are wrong. You
should remove all of the Enum\DDRV\LEGACY_DDRV values, as well as the
Services\ddrv\Enum entries. The operating system will create those as
needed.

In particular, the “Count” and “NextInstance” fields are used by the
system to keep track of how many instances of your device are currently
running. By initializing these fields, you are interfering with the I/O
system’s processing.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

24

Hi Tim,

Thank you for checking the INF file and giving suggestions.

Though I agree with you, and I also found in MSDN site that
WHQL is not required for “unclassified” or non-pnp driver.

We contacted with Winqual, which forced us to do the DTM
testing to get the DRS which similar to WHQL.

[Winqual] Both WHQL and DRS are similar words. DRS is part of WHQL only.

Take a look the Winqual’s answers:
I exactly write here the Winqual answer, where Driver A = PnP & Driver B = non-PnP

[WE]

  1. We know that, WHQL is required only for PnP type driver.
    So in this case we need WHQL only for Driver A.
    Is our understanding correct ?

[Winqual] Yes, you would need WHQL for both PnP and Non-PnP Drivers.

[WE]

  1. For Driver B we need DRS.
        Is our understanding correct ?

[Winqual]
Yes, DRS means “Unclassified” program. You need to test under
unclassified category to get digital signature for your drivers.

Do you have any comments on it ?

James

— On Mon, 8/24/09, Tim Roberts wrote:

From: Tim Roberts
Subject: Re: [ntdev] [DTM Testing] INF Testing Failed
To: “Windows System Software Devs Interest List”
Date: Monday, August 24, 2009, 9:57 PM

James Rassel wrote:
>
> Thank you for your assistance. I will check your comments.
> By this time, I give my INF file here:
> Sorry I marked company name as ‘xxxx’
>

That answers the question. This is a legacy device – a
non-plug-and-play device. You cannot get a WHQL signature for this.

And that’s OK, because there is no need for it. Your driver is not
installed by Device Manager, so you will never see the “unsigned driver”
warning. Indeed, you don’t need an INF for this at all; your
application could install this driver on its own just by copying the
file into place and using CreateService to create the registry entries.

Your driver will still need to be signed for the 64-bit systems, because
of KMCS, but that is done by you, with your own code-signing
certificate, not by WHQL.

By the way, most of the registry entries you create are wrong. You
should remove all of the Enum\DDRV\LEGACY_DDRV values, as well as the
Services\ddrv\Enum entries. The operating system will create those as
needed.

In particular, the “Count” and “NextInstance” fields are used by the
system to keep track of how many instances of your device are currently
running. By initializing these fields, you are interfering with the I/O
system’s processing.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

25

James Rassel wrote:

Thank you for checking the INF file and giving suggestions.

Though I agree with you, and I also found in MSDN site that
WHQL is not required for “unclassified” or non-pnp driver.

CAUTION! There is a HUGE difference between “unclassified” and
“non-PnP”. An unclassified device is a plug-and-play device that
doesn’t happen to fall neatly into one of the defined device classes.
You can have a virtual device (without hardware) that is plug-and-play,
by using the root enumerator. Such a driver goes through Device
Manager, and therefore DOES need to go through the WHQL “unclassified”
program.

However, a non-PnP driver does NOT need WHQL at all. In fact, doing so
(if it were possible) would simply be a waste of your time and money,
because the WHQL signature serves no purpose. A non-PnP driver is never
subject to the WHQL signature check!

We contacted with Winqual, which forced us to do the DTM
testing to get the DRS which similar to WHQL.

[Winqual] Both WHQL and DRS are similar words. DRS is part of WHQL only.

Take a look the Winqual’s answers:
I exactly write here the Winqual answer, where Driver A = PnP & Driver
B = non-PnP

[WE]

  1. We know that, WHQL is required only for PnP type driver.
    So in this case we need WHQL only for Driver A.
    Is our understanding correct ?

[Winqual] Yes, you would need WHQL for both PnP and Non-PnP Drivers.

[WE]
2. For Driver B we need DRS.
Is our understanding correct ?

[Winqual] Yes, DRS means “Unclassified” program. You need to test
under unclassified category to get digital signature for your drivers.

Do you have any comments on it ?

Yes, I do. I have hesitated a long time before posting this, because
the Winqual folks usually know their stuff, but in this case I am
convinced that the answer they gave you is simply wrong.

When they say “you would need WHQL for both PnP and Non-PnP Drivers”,
that’s just not correct. You do not need WHQL for a non-PnP driver. As
I said above, I’m not convinced it is POSSIBLE to submit a non-PnP
driver for WHQL, but if it were possible, it would be an utter waste of
time and money. The driver you got back would not operate any
differently from the driver you have right now. A non-PnP driver is not
subject to the WHQL signature test, so getting a signature is completely
pointless.

If they had said “classified and unclassified drivers”, then I would be
in complete agreement, but both of those are PnP drivers.

Do you see my point? There are three kinds of drivers as far as WHQL is
concerned:

  1. PnP classified drivers – drivers that fall into one of the logo
    categories.
    These need a WHQL signature to stop the “unsigned driver” warning. By
    submitting these, you get the WHQL signature, and you get to use the
    Windows logo in your advertising material.

  2. PnP unclassified drivers – drivers that use PnP but do not fall into
    a logo category.
    These also need a WHQL signature to stop the “unsigned driver” warning.
    By submitting these, you get the WHQL signature, but that’s it. You do
    not get rights to use the Windows logo.

  3. Non-PnP drivers
    These drivers do not fall under WHQL’s shadow at all. They are not
    subject to the “unsigned driver” test, so there is no need for the
    signature, and I do not believe there is any way to submit them to WHQL
    anyway.

If others believe I am mistaken (and Lord knows I have been mistaken
once or twice), please jump in to correct me. This has been going on
long enough, and we need to get a real answer.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

26

Hello Tim,

Just want to share my real testing.

I did some test using VeriSign Digital Signature:

Here is my tested result:

Test1:

  1. “Disable Driver Signature Enforcement” is selected

  2. All the exe, dll and drivers are signed by VeriSign / not signed

Result 1: Application does not crashed while launching.

Test 2:

  1. “Disable Driver Signature Enforcement” is not selected

  2. All the exe, dll and drivers are signed by VeriSign / not signed

Result 2: Application is crashed while launching.

Test 3:

  1. Using Test Signed and set TESTSIGNING ON

Result 3: Application does not crashed while launching.

Test 4:

  1. Using Test Signed and set TESTSIGNING OFF

Result 4: Application is crashed while launching.

So according to the real test, I think WHQL/DRS is

required also for non-pnp drivers.

James

27

James Rassel wrote:

Just want to share my real testing.

I did some test using VeriSign Digital Signature:

Here is my tested result:

*Test1:*

  1. “Disable Driver Signature Enforcement” is selected
  2. All the exe, dll and drivers are signed by VeriSign / not signed

Result 1: Application does not crashed while launching.

*Test 2:*

  1. “Disable Driver Signature Enforcement” is not selected
  2. All the exe, dll and drivers are signed by VeriSign / not signed

Result 2: Application is crashed while launching.

*Test 3:*

  1. Using Test Signed and set TESTSIGNING ON
    Result 3: Application does not crashed while launching.

*Test 4:*

  1. Using Test Signed and set TESTSIGNING OFF
    Result 4: Application is crashed while launching.

So according to the real test, I think WHQL/DRS is
required also for non-pnp drivers.

When you say “crashed”, what do you mean, exactly? Your application
uses the service manager to start the device, yes?

I’m guessing that you are testing this on a 64-bit system. If this is a
64-bit system, then ALL kernel drivers (PnP or not) must have a digital
signature. This is called KMCS (Kernel Mode Code Signing). However,
the KMCS signature is completely unrelated to WHQL. You do the signing
with your VeriSign code signing certificate. No WHQL submission needed
(or desired).

If you were to run that test on a 32-bit system, I’ll bet you all 4
cases would work just fine.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

28

Test 4: The driver was signed with a VeriSign certificate but was it also
cross-signed with the Microsoft certificate?

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Tim Roberts
Sent: Monday, August 31, 2009 1:57 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] [DTM Testing] INF Testing Failed

James Rassel wrote:

Just want to share my real testing.

I did some test using VeriSign Digital Signature:

Here is my tested result:

*Test1:*

  1. “Disable Driver Signature Enforcement” is selected 2. All the exe,
    dll and drivers are signed by VeriSign / not signed

Result 1: Application does not crashed while launching.

*Test 2:*

  1. “Disable Driver Signature Enforcement” is not selected 2. All the
    exe, dll and drivers are signed by VeriSign / not signed

Result 2: Application is crashed while launching.

*Test 3:*

  1. Using Test Signed and set TESTSIGNING ON Result 3: Application does
    not crashed while launching.

*Test 4:*

  1. Using Test Signed and set TESTSIGNING OFF Result 4: Application is
    crashed while launching.

So according to the real test, I think WHQL/DRS is required also for
non-pnp drivers.

When you say “crashed”, what do you mean, exactly? Your application uses
the service manager to start the device, yes?

I’m guessing that you are testing this on a 64-bit system. If this is a
64-bit system, then ALL kernel drivers (PnP or not) must have a digital
signature. This is called KMCS (Kernel Mode Code Signing). However, the
KMCS signature is completely unrelated to WHQL. You do the signing with
your VeriSign code signing certificate. No WHQL submission needed (or
desired).

If you were to run that test on a 32-bit system, I’ll bet you all 4 cases
would work just fine.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

29

Hi Tim & Bill,

Basically Test 1 and Tes2 was done using the VeriSign Digital Signature.
Test 3 and Test 4 was done using the Test-Sign (using MakeCert and SignTool)

I think Bill has some point to be noticed. I did not use any Cross Signature
from Microsoft Certificate and I heard little about it in the document.

Anyway I will check using the Cross-Signature.

Thank you
James

— On Mon, 8/31/09, Bill Wandel wrote:

From: Bill Wandel
Subject: RE: [ntdev] [DTM Testing] INF Testing Failed
To: “Windows System Software Devs Interest List”
Date: Monday, August 31, 2009, 11:32 PM

Test 4: The driver was signed with a VeriSign certificate but was it also
cross-signed with the Microsoft certificate?

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Tim Roberts
Sent: Monday, August 31, 2009 1:57 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] [DTM Testing] INF Testing Failed

James Rassel wrote:
>
> Just want to share my real testing.
>
> I did some test using VeriSign Digital Signature:
>
> Here is my tested result:
>
> Test1:
>
> 1. “Disable Driver Signature Enforcement” is selected 2. All the exe,
> dll and drivers are signed by VeriSign / not signed
>
> Result 1: Application does not crashed while launching.
>
> Test 2:
>
> 1. “Disable Driver Signature Enforcement” is not selected 2. All the
> exe, dll and drivers are signed by VeriSign / not signed
>
> Result 2: Application is crashed while launching.
>
> Test 3:
>
> 1. Using Test Signed and set TESTSIGNING ON Result 3: Application does
> not crashed while launching.
>
>
> Test 4:
>
> 1. Using Test Signed and set TESTSIGNING OFF Result 4: Application is
> crashed while launching.
>
> So according to the real test, I think WHQL/DRS is required also for
> non-pnp drivers.
>

When you say “crashed”, what do you mean, exactly?? Your application uses
the service manager to start the device, yes?

I’m guessing that you are testing this on a 64-bit system.? If this is a
64-bit system, then ALL kernel drivers (PnP or not) must have a digital
signature.? This is called KMCS (Kernel Mode Code Signing).? However, the
KMCS signature is completely unrelated to WHQL.? You do the signing with
your VeriSign code signing certificate.? No WHQL submission needed (or
desired).

If you were to run that test on a 32-bit system, I’ll bet you all 4 cases
would work just fine.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer