meave79 wrote:
Basically I just need to write end user software to upload firmware to
the device (it’s a Cypress “re-enumeration” device).
I found this was rather simple to do on OS X using basic user mode
calls provided by IO Kit… done!
Yes, it’s simple on Linux, too, but those environments have very
different marketing requirements than Windows.
On Windows Cypress provides a driver you can use to do the same thing
and it works fine. However, it seems using their driver will require
me to go through what appears to be an insanely over complicated WHQL
driver signing process for such a simple task.
A search for “communicating with usb device on windows” turns up
winusb.sys:
http://www.microsoft.com/whdc/connect/usb/winusb_howto.mspx
I thought surely MSs own generic usb driver would be signed already by
them, but about 10 pages into that doc is this little requirement gotcha:
• A signed catalog file for the package.
This file is required to install WinUSB on x64 versions of Windows
Vista. For more information on how to create and test signed
catalog files, see â€Kernel-Mode Code Signing Walkthrough†on the
WHDC Web site.
Do I really have to sign their own driver for them? Do I even need a
driver? Surely some simple user mode stuff already exists for such a
simple task that doesn’t require Windows Logo insanity?
Please step back and take a deep cleansing breath. The situation is
under control. There is no need to panic.
There are two different signature requirements in the modern Windows
world. The first one is called “KMCS” – kernel-mode code signing.
KMCS applies only to the 64-bit systems. If your driver is not
KMCS-signed, then it will not load at all. The KMCS check is done every
time your driver loads – at every boot, and at every replug. The KMCS
signature is entirely under your control. You do need to purchase your
own code-signing certificate, but YOU sign the drivers. You don’t
submit anything to Microsoft.
(WinUSB.sys is already KMCS-signed (by Microsoft), so in your case, you
don’t even have to do that.)
The second signature requirement is the “publisher” check that is done
at install time. This applies to ALL systems on ALL processors, but
only applies when the driver is installed, not each time it is loaded.
This is the one that puts up the dreaded “unsigned driver” warning. If
you sign your driver package (meaning the CAT file) with your code
signing certificate, this warning changes to a much less drastic “do you
trust this publisher?” query. The only way to eliminate this warning
altogether, and thereby achieve a silent installation, is to submit for
the WHQL signature.
SO, if all you want to do is make sure your driver package can be
loaded, you do not need to do anything. Winusb.sys is already signed.
If you want your driver package to install silently, with no warnings
whatsoever, then you need to submit the driver PACKAGE to WHQL.
Someone should write an article about this. Oh wait, someone did…
If all roads do lead there, I guess the next question would be,
generally speaking, how long does the whole WHQL process generally
take from start to finish (considering I’m an experienced C++
programmer, but never done WHQL before)?
The worst part is getting the test environment set up. I put this task
off for YEARS because I feared how complicated it was going to be. In
the end, it took me about 3 days from bare metal to a working Driver
Test Manager setup. Now that it’s set up, it takes about 24 hours to
run the whole test suite for an unclassified USB device. Once you have
the package and submit it, it is a matter of hours until you get the
signed CAT file back from Microsoft.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.