I would like to silent install a driver package which uses WinUSB for an unclassified USB device. Currently, I have an INF file that points to WinUSB.sys. I used the Inf2Cat
tool to create a CAT file from this INF file. Then I applied my company’s
digital signature to this catalog file and placed both the INF and the signed
CAT file in an empty directory on Win7 system. Finally, I used DPInst to
install my driver package on that system. During that installation, I receive a
popup asking, “Do you trust company XXX?”, which defeats the purpose of silent install.
Is there a way to silent install my WinUSB based driver without having to get WHQL signature? We don’t need Windows Logo for this device, all we need is silent install.
Any input or comment is appreciated. Thanks very much for your time.
I would like to silent install a driver package which uses WinUSB for an unclassified USB device. Currently, I have an INF file that points to WinUSB.sys. I used the Inf2Cat
tool to create a CAT file from this INF file. Then I applied my company’s
digital signature to this catalog file and placed both the INF and the signed
CAT file in an empty directory on Win7 system. Finally, I used DPInst to
install my driver package on that system. During that installation, I receive a
popup asking, “Do you trust company XXX?”, which defeats the purpose of silent install.
Is there a way to silent install my WinUSB based driver without having to get WHQL signature?
Nope. This is no different from any other driver package, except that
your .sys file happens to be Microsoft-signed. Are you not shipping the
WinUSB co-installer as part of your driver package? Are you assuming
that WinUSB is already installed?
You can get silent install by answering yes to the “do you trust company
XXX?” question. After that, no more questions.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
I do plan to ship the WInUSB coinstallers as part of the driver package, and I don’t assume WinUSB pre-exists on the target system. Do I have to go through DTM testing and get WHQL signature to get rid of the “Do you trust company xxx?” message? We really want to get rid of this message to be complete silent.
> I do plan to ship the WInUSB coinstallers as part of the driver package, and I don’t assume WinUSB pre-exists on the target system. Do I have to go through DTM testing and get WHQL signature to get rid of the “Do you trust company xxx?” message? We really want to get rid of this message to be complete silent. > > Thanks.
Try to install your company’s signature to ‘trusted authority’ in certificate manager first. If you can do this in silence mode, you may get what you want.
To: "Windows System Software Devs Interest List" From: xxxxx@yahoo.com Sent by: xxxxx@lists.osr.com Date: 11/11/2010 06:56AM Subject: RE:[ntdev] WinUSB driver silent install without WHQL?
I do plan to ship the WInUSB coinstallers as part of the driver package, and I don't assume WinUSB pre-exists on the target system. Do I have to go through DTM testing and get WHQL signature to get rid of the "Do you trust company xxx?" message? We really want to get rid of this message to be complete silent.
Is it possible to use Manifest files, or temporarily set gpedit policy of unsigned driver install behavior to “silently succeed” to get around the WHQL signature (to avoid the “do you trust company xxx” to achieve 100% silent install)?
Is it possible to use Manifest files, or temporarily set gpedit policy of unsigned driver install behavior to “silently succeed” to get around the WHQL signature (to avoid the “do you trust company xxx” to achieve 100% silent install)?
There are two ways to get 100% silent install. (1) Get the WHQL
signature. (2) Sign it with your own certificate, and install that
certificate as a “trusted publisher”. Anything else is simply
unethical. Stop wasting your time trying to do things the wrong way,
when the right way is so easy.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
(2) works fine and is suitable for situations where you control the
configuration of the system image, or have collections of platform
specific unusual drivers - for example publishing virtual machine
images with assorted pv drivers. It requires admin privileges to
install the cert. It certainly is less overhead than going though
whql, and the whql process for unusual drivers is a nightmare of
continual uncertainty.
On the other hand for a simple usb driver for a usb device, a
standalone hardware/software package, whql is the right way to go.
Mark Roddy
On Thu, Nov 11, 2010 at 4:35 PM, Tim Roberts wrote: > xxxxx@yahoo.com wrote: >> Is it possible to use Manifest files, or temporarily set gpedit policy of unsigned driver install behavior to “silently succeed” to get around the WHQL signature (to avoid the “do you trust company xxx” to achieve 100% silent install)? > > There are two ways to get 100% silent install. ?(1) Get the WHQL > signature. ?(2) Sign it with your own certificate, and install that > certificate as a “trusted publisher”. ?Anything else is simply > unethical. ?Stop wasting your time trying to do things the wrong way, > when the right way is so easy. > > – > Tim Roberts, xxxxx@probo.com > Providenza & Boekelheide, Inc. > > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer >
In my case, I do have a relatively simple USB device which runs well on top of WinUSB. Is #2 method the right way to go?
When you say sign it with my own certificate, does that mean VeriSign certificate to certify the software publisher? Could you share the details of #2 method?
In my case, I do have a relatively simple USB device which runs well on top of WinUSB.
You have a plug-and-play driver package. If you want it to be trusted,
then you need to do the testing that is required of all USB driver
packages, and submit that testing to WHQL for a signature.
Is #2 method the right way to go?
I’m not sure what you mean. If you intend to distribute this as a
product, then you will never convince your customers to install your
certificate as a “trusted publisher”. WHQL is the only way. For your
internal testing, #2 is practical
When you say sign it with my own certificate, does that mean VeriSign certificate to certify the software publisher? Could you share the details of #2 method?
It means using some kind of code-signing certificate. Verisign sells
them, as do several other certificate authorities. There are lots of
web references on how to sign code. In this case, you would create a
CAT file and sign the CAT file.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
We decided to get WHQL signature in order to achieve 100% silent install of our WinUSB based driver package. Our USB device is an industrial instrument, I checked the DTM test docs, and I couldn’t find such USB devices in DTM test categories, the only closest category is USB host controllers. My questions are:
What DTM test category should I run under? Is there a typical USB device category under DTM? What is it called in DTM?
What tests should I run in that category?
What’s the correct level of WinQual /WHQL that I need?
Any feedback or input is welcome. Very much appreciated your time. Thanks.
From: xxxxx@lists.osr.com [mailto:bounce-431910- xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: 17 November 2010 16:21
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] WinUSB driver silent install without WHQL?
We decided to get WHQL signature in order to achieve 100% silent install of
our WinUSB based driver package. Our USB device is an industrial instrument,
I checked the DTM test docs, and I couldn’t find such USB devices in DTM
test categories, the only closest category is USB host controllers. My
questions are:
What DTM test category should I run under? Is there a typical USB device
category under DTM? What is it called in DTM?
There is “Unclassified” for devices which don’t fall into the existing categories.
What tests should I run in that category?
You have to run all the tests of your chosen category.
Hope that helps,
Tim Green
Development Engineer
DisplayLink (UK) Limited
Registered in England No. 04811048
Before I go with the unclassified route, I want to make sure if there is a DTM category for a typical USB device which supports bulk in/out. It’s surprising to me if there isn’t. What about flash drive or USB stick? What category do they fall into?
Before I go with the unclassified route, I want to make sure if there is a DTM category for a typical USB device which supports bulk in/out.
Yes, there is. Unclassified.
It’s surprising to me if there isn’t.
The device class is used to target a set of task-specific tests. What
tests would DTM possibly choose for an arbitrary USB device with bulk
pipes? The unclassified test will run the USB compliance suite, basic
driver health tests, IRP handling tests, plug-and-play tests, power
management tests, and memory stress tests. Really, there’s nothing more
you could do without knowing what the device does.
What about flash drive or USB stick? What category do they fall into?
Those are mass storage devices.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
We have several models of the same type of USB device. I wonder when I run the DTM Unclassified test, do I need to test and submit just one driver package for any one model, or do I have to submit one package for each and every model?
Is the DTM submission specific for each product type or just the product family? That is, is qualification done for each product type? Or alternatively product family? Or is it just the driver itself?
We have several models of the same type of USB device. I wonder when I run the DTM Unclassified test, do I need to test and submit just one driver package for any one model, or do I have to submit one package for each and every model?
Is the DTM submission specific for each product type or just the product family? That is, is qualification done for each product type? Or alternatively product family? Or is it just the driver itself?
It’s the driver itself. If the driver supports N devices, you still only need to test once.
We have several models of the same type of USB device. I wonder when I run the DTM Unclassified test, do I need to test and submit just one driver package for any one model, or do I have to submit one package for each and every model?
Is the DTM submission specific for each product type or just the product family? That is, is qualification done for each product type? Or alternatively product family? Or is it just the driver itself?
The DTM submission tests your driver package. It doesn’t particularly
care about models or products. For my testing purposes, I would want to
run the DTM tests on each model that my driver supported, just to look
for nasty surprises, but the signature doesn’t require that.
If you were going for the Windows logo, the situation might be
different, because the logo applies to pieces of hardware. I haven’t
been involved in a logo submission for quite a long time, and the rules
do change over time.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.