Hello,
I have posted regarding this issue on another fairly recent thread:
http://www.osronline.com/showThread.cfm?link=244849
At that point I was trying to install my filter driver, which is a modification of the toaster sample’s generic filter driver and installs as an upper level filter Image class filter driver, like this:
sc create wlfilter type= kernel start= demand binPath= system32\drivers\filter.sys
devcon classfilter image upper =-wlfilter
upon installation I would get an “unsigned driver” type of popup and the filter driver would show up as unsigned in the drivers listing of my camera. See below for the specific dialogs:
http://fotios.org/files/unsigned_popup.png
http://fotios.org/files/drivers.png
An additional problem was that due to the fact that I was not using an inf file for the installation (and therefore embedding the signature in the sys file instead of generating and signing a cat file) I was not getting any log entries in my setupapi log file (under C:'windows\inf) and therefore debugging was difficult (not sure if the installation process gets logged elsewhere when an inf file is not used).
I am installing this on a Win8 x64 box.
So, what I did is I created an inf file for my filter driver and looking into my setupapi log after installation I found out what the problem probably is (see further down for full inf file listing):
! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
This sounds like a good hint yet after looking into it carefully I am fairly certain that my driver is properly signed. Here is the signtool verification output:
C:\dc>signtool verify /kp /v filter.cat
Verifying: filter.cat
Hash of file (sha1): E19281C77C94F8A266D767574652D570874762D4
Signing Certificate Chain:
Issued to: GlobalSign Root CA
Issued by: GlobalSign Root CA
Expires: Tue Jan 28 14:00:00 2014
SHA1 hash: 2F173F7DE99667AFA57AF80AA2D1B12FAC830338
Issued to: GlobalSign CodeSigning CA - G2
Issued by: GlobalSign Root CA
Expires: Sat Apr 13 12:00:00 2019
SHA1 hash: 9000401777DD2B43393D7B594D2FF4CBA4516B38
Issued to: xxxxxx Software Limited
Issued by: GlobalSign CodeSigning CA - G2
Expires: Fri Jun 17 17:39:54 2016
SHA1 hash: 550E6D812F3310EA64F5F4B35EFF747DAC590EC4
The signature is timestamped: Sat Sep 21 08:15:33 2013
Timestamp Verified by:
Issued to: GlobalSign Root CA
Issued by: GlobalSign Root CA
Expires: Tue Jan 28 14:00:00 2014
SHA1 hash: 2F173F7DE99667AFA57AF80AA2D1B12FAC830338
Issued to: GlobalSign Timestamping CA - G2
Issued by: GlobalSign Root CA
Expires: Fri Jan 28 14:00:00 2028
SHA1 hash: C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Issued to: GlobalSign TSA for MS Authenticode - G1
Issued by: GlobalSign Timestamping CA - G2
Expires: Mon Sep 23 02:00:00 2024
SHA1 hash: 8CE69F5012E1D1A8FB395E2E31E2B42BDE3B343B
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 15:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: GlobalSign Root CA
Issued by: Microsoft Code Verification Root
Expires: Thu Apr 15 22:05:08 2021
SHA1 hash: CC1DEEBF6D55C2C9061BA16F10A0BFA6979A4A32
Issued to: GlobalSign CodeSigning CA - G2
Issued by: GlobalSign Root CA
Expires: Sat Apr 13 12:00:00 2019
SHA1 hash: 9000401777DD2B43393D7B594D2FF4CBA4516B38
Issued to: xxxxxx Software Limited
Issued by: GlobalSign CodeSigning CA - G2
Expires: Fri Jun 17 17:39:54 2016
SHA1 hash: 550E6D812F3310EA64F5F4B35EFF747DAC590EC4
Successfully verified: filter.cat
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
This looks like it should work - yet it does not. Besides my Win8 x64 box I also tried it on WinXP x32 and there, after getting the “This driver has not been tested for Windows logo” alert dialog, the filter still shows up as unsigned in the camera’s drivers list.
So, I am pretty much without a hint really as to why this driver won’t install as signed.
Please see below for full inf file and setupapi log listings. I would IMMENSELY appreciate any hints as to what is going on.
Could it somehow be related to a problem with my GlobalSign certificate? My certificate is active and I have confirmed with GlobalSign that it is capable of kernel mode code signing.
Cheers,
A
;/*++
;
;Copyright (c) 2013 xxxxxx Software Limited All rights Reserved
;
;Module Name:
;
; filter.INF
;
;Abstract:
; INF file for installing the Image class upper filter driver
;
;–*/
[Version]
Signature = “$WINDOWS NT$”
Class = Image
ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Provider = %xxxxxx%
DriverVer=09/20/2013,23.35.13.149
CatalogFile = filter.cat
;*****************************************
; xxxxxx Filter Install Section
;*****************************************
[Manufacturer]
%xxxxxx%=Microsoft,NTamd64
[DestinationDirs]
DefaultDestDir = 12
; For XP and later
[Microsoft.NTamd64]
%wcsFilter.DeviceDesc%=xxxxxxFilter, {6bdd1fc6-810f-11d0-bec7-08002be2092f}\wcsFilter
[xxxxxxFilter.NT]
CopyFiles=xxxxxxFilter.NT.Copy
[xxxxxxFilter.NT.Copy]
filter.sys
[xxxxxxFilter.NT.HW]
AddReg = xxxxxxFilter.NT.HW.AddReg
[xxxxxxFilter.NT.HW.AddReg]
HKLM, System\CurrentControlSet\Control\Class{6bdd1fc6-810f-11d0-bec7-08002be2092f}, UpperFilters, 0x00010008, “wcsFilter”
;HKR,“UpperFilters”,0x00010008,“wcsFilter”
;HKR,“UpperFilters”,0x00010000,“wcsFilter”
[xxxxxxFilter.NT.HW.DelReg]
HKLM, System\CurrentControlSet\Control\Class{6bdd1fc6-810f-11d0-bec7-08002be2092f}, UpperFilters, 0x00018002, “wcsFilter”
;*****************************************
; xxxxxx Filter Service Section
;*****************************************
[xxxxxxFilter.NT.Services]
;Do not specify SPSVCINST_ASSOCSERVICE on filter drivers.
AddService = wcsFilter, filter_Service_Inst
[filter_Service_Inst]
DisplayName = %wcsFilter.SvcDesc%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\filter.sys
;*****************************************
; Default Installation/Uninstallation
;*****************************************
[DefaultInstall]
OptionDesc = %DefaultInstallationDesc%
CopyFiles = xxxxxxFilter.NT.Copy
AddReg = xxxxxxFilter.NT.HW.AddReg
[DefaultUninstall]
OptionDesc = %DefaultUninstallationDesc%
DelFiles = xxxxxxFilter.NT.Copy
DelReg = xxxxxxFilter.NT.HW.DelReg
[DefaultInstall.Services]
AddService = wcsFilter, filter_Service_Inst
[DefaultUninstall.Services]
DelService = wcsFilter,0x200 ;0x200 flag ensures service is stopped before deleting
;*************************
; Source file information
;*************************
[SourceDisksNames]
1 = %DiskId1%,“”
[SourceDisksFiles]
filter.sys = 1,
;
;— xxxxxx Filter Coinstaller installation ------
;
[DestinationDirs]
;ImageClassInstallerCopyFiles = 11
xxxxxxFilter_CoInstaller_CopyFiles = 11
[xxxxxxFilter.NT.CoInstallers]
AddReg = xxxxxxFilter_CoInstaller_AddReg
CopyFiles = xxxxxxFilter_CoInstaller_CopyFiles
[xxxxxxFilter_CoInstaller_AddReg]
HKR,CoInstallers32,0x00010000, “WdfCoInstaller01011.dll,WdfCoInstaller”
;HKLM, System\CurrentControlSet\Control\Class{6bdd1fc6-810f-11d0-bec7-08002be2092f}, CoInstallers32, 0x00010000, “WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller”
[xxxxxxFilter_CoInstaller_CopyFiles]
WdfCoInstaller01011.dll
[SourceDisksFiles]
WdfCoInstaller01011.dll=1 ; make sure the number matches with SourceDisksNames
[xxxxxxFilter.NT.Wdf]
KmdfService = wcsFilter, Filter_wdfsect
[Filter_wdfsect]
KmdfLibraryVersion = 1.11
[wdffeatured_wdfsect]
KmdfLibraryVersion = 1.11
[Strings]
SPSVCINST_ASSOCSERVICE = 0x00000002
xxxxxx = “xxxxxx Software Limited”
;Mfr = “xxxxxx”
ClassName = “Image”
DiskId1 = “xxxxxx Upper Level Image Class Filter Installation Disk #1”
wcsFilter.DeviceDesc = “xxxxxx Upper Level Image Class Filter Driver”
wcsFilter.SvcDesc = “xxxxxx Upper Level Image Class Filter Driver Service”
DefaultInstallationDesc = “Install xxxxxx Filter Driver”
DefaultUninstallationDesc = “Uninstall xxxxxx Filter Driver”
>> [Device Install (DiInstallDriver) - D:\DRIVER\signed-no-timestamp\filter.inf]
>> Section start 2013/09/21 01:22:51.209
cmd: “C:\Windows\System32\InfDefaultInstall.exe” “D:\DRIVER\signed-no-timestamp\filter.inf”
inf: {SetupCopyOEMInf: D:\DRIVER\signed-no-timestamp\filter.inf} 01:22:51.303
sto: {Import Driver Package: D:\DRIVER\signed-no-timestamp\filter.inf} 01:22:51.691
sto: Driver Store = C:\Windows\System32\DriverStore [Online] (6.2.9200)
sto: Driver Package = D:\DRIVER\signed-no-timestamp\filter.inf
sto: Architecture = amd64
sto: Flags = 0x00000000
inf: Provider = xxxxxx Software Limited
inf: Class GUID = {6bdd1fc6-810f-11d0-bec7-08002be2092f}
inf: Driver Version = 09/20/2013,23.35.13.149
inf: Catalog File = filter.cat
inf: Version Flags = 0x00000001
flq: Copying ‘D:\DRIVER\signed-no-timestamp\filter.sys’ to ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.sys’.
flq: Copying ‘D:\DRIVER\signed-no-timestamp\WdfCoInstaller01011.dll’ to ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\WdfCoInstaller01011.dll’.
flq: Copying ‘D:\DRIVER\signed-no-timestamp\filter.cat’ to ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.cat’.
flq: Copying ‘D:\DRIVER\signed-no-timestamp\filter.inf’ to ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.inf’.
pol: {Driver package policy check} 01:22:53.294
pol: {Driver package policy check - exit(0x00000000)} 01:22:53.295
sto: {Stage Driver Package: C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.inf} 01:22:53.296
inf: {Query Configurability: C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.inf} 01:22:53.300
inf: Driver package uses WDF.
inf: Driver package ‘filter.inf’ is configurable.
inf: {Query Configurability: exit(0x00000000)} 01:22:53.306
flq: Copying ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.sys’ to ‘C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\filter.sys’.
flq: Copying ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\WdfCoInstaller01011.dll’ to ‘C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\WdfCoInstaller01011.dll’.
flq: Copying ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.cat’ to ‘C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\filter.cat’.
flq: Copying ‘C:\Users\Fotios\AppData\Local\Temp{3ba54231-88f5-5b48-91c0-8233bc0de77c}\filter.inf’ to ‘C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\filter.inf’.
sto: {DRIVERSTORE IMPORT VALIDATE} 01:22:53.323
sig: {_VERIFY_FILE_SIGNATURE} 01:22:53.332
sig: Key = filter.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\filter.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\filter.cat
! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 01:22:53.566
sig: {_VERIFY_FILE_SIGNATURE} 01:22:53.567
sig: Key = filter.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\filter.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}\filter.cat
sig: Success: File is signed in Authenticode™ catalog.
sig: Error 0xe0000241: The INF was signed with an Authenticode™ catalog from a trusted publisher.
sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 01:22:53.587
sto: {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 01:22:53.597
sig: Signer Score = 0x0F000000
sig: Signer Name = xxxxxx Software Limited
sto: {DRIVERSTORE IMPORT BEGIN} 01:22:53.601
sto: {DRIVERSTORE IMPORT BEGIN: exit(0x00000000)} 01:22:53.602
cpy: {Copy Directory: C:\Windows\System32\DriverStore\Temp{40bd780e-8bf5-604c-82e1-5d00daf39971}} 01:22:53.606
cpy: Target Path = C:\Windows\System32\DriverStore\FileRepository\filter.inf_amd64_32925c27c5bfaf39
cpy: {Copy Directory: exit(0x00000000)} 01:22:53.616
idb: {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\filter.inf_amd64_32925c27c5bfaf39\filter.inf} 01:22:53.618
idb: Created driver package object ‘filter.inf_amd64_32925c27c5bfaf39’ in DRIVERS database node.
idb: Created driver INF file object ‘oem71.inf’ in DRIVERS database node.
idb: Registered driver package ‘filter.inf_amd64_32925c27c5bfaf39’ with ‘oem71.inf’.
idb: {Register Driver Package: exit(0x00000000)} 01:22:53.625
idb: {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\filter.inf_amd64_32925c27c5bfaf39\filter.inf} 01:22:53.625
idb: Activating driver package ‘filter.inf_amd64_32925c27c5bfaf39’.
cpy: Published ‘filter.inf_amd64_32925c27c5bfaf39\filter.inf’ to ‘oem71.inf’.
idb: Indexed 2 device IDs for ‘filter.inf_amd64_32925c27c5bfaf39’.
idb: {Publish Driver Package: exit(0x00000000)} 01:22:53.633
sto: {DRIVERSTORE IMPORT END} 01:22:53.635
sig: Installed catalog ‘filter.cat’ as ‘oem71.cat’.
sto: {DRIVERSTORE IMPORT END: exit(0x00000000)} 01:22:54.261
sto: {Stage Driver Package: exit(0x00000000)} 01:22:54.873
sto: Driver Store Filename = C:\Windows\System32\DriverStore\FileRepository\filter.inf_amd64_32925c27c5bfaf39\filter.inf
sto: {Import Driver Package: exit(0x00000000)} 01:22:55.273
inf: Driver Store Path: C:\Windows\System32\DriverStore\FileRepository\filter.inf_amd64_32925c27c5bfaf39\filter.inf
inf: Published Inf Path: C:\Windows\INF\oem71.inf
inf: {SetupCopyOEMInf exit (0x00000000)} 01:22:55.295
<<< Section end 2013/09/21 01:22:56.080
<<< [Exit status: SUCCESS]
