I got to sign already made driver package.
I’ve signed driver package according to MS instructions for signing with
Signtool (64bitDriverSigning.doc) for release. I did an Authenticode
signature with cross certificate and SPC. Driver installation on Vista 64
machine completed, but the device is still marked with question mark in the
lower right corner of an icon. Why? SYS and CAT file are marked as signed if
checked as files but Driver Details option under Device manager says “Not
digitally signed” under “Digital signer” for SYS file. Then I checked the
setupapi.app.log wich gives 2 errors (0x800b0109 and 0xe0000241).
For both Google results a year 2003 document (Troubleshooting Device
Installation with the SetupAPI Log File) from MS with following content:
".Windows Server 2003 and Later.
.The following example illustrates the types of messages that SetupAPI logs
when an Authenticode certificate is installed in the trusted publish
certificates store.
@ 11:19:27.453 #I433 Verifying file “Blender_INF_File_Path\blender.inf” (key
“blender.inf”) against an installed catalog
“Blender_Catalog_File_Path\Blender_Catalog_File_Name.CAT” failed. Error
0x800b0109: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
@ 11:19:27.484 #I442 A valid signature for file
“Blender_INF_File_Path\blender.inf” (key “blender.inf”) was found in an
installed Authenticode™ catalog
“Blender_Catalog_File_Path\Blender_Catalog_File_Name.CAT”. Error 0xe0000241:
The INF was signed with an Authenticode™ catalog from a trusted
publisher.
In the previous example, the #I433 message indicates that the driver does
not have a WHQL catalog or a test catalog. The #I442 message indicates that
the driver has an Authenticode signature, and the corresponding certificate
is installed in the trusted publisher certificates store."
Driver itself seems OK by the log files; could the problem be non WHQL
signed driver?
Regards,
Primoz Alic