XP signed driver update

I have come across an issue with driver updates involving signed drivers
that I hope someone can clarify for me.

Assume you have a driver that is signed. If you put the PnP hardware into
the system and are connected to the Internet ANHW will go to MS and get the
signed driver and install it automatically. The issue is that perhaps you
have a newer improved driver set you want to use. The PnP/ANHW process
never gives you a chance to specify your new package.

The only way I have seen to get around this is to unplug from the Internet
when doing the update. This looks pretty unprofessional to customers and we
would really rather not have to resort to this.

The Update Driver button in the device manager Driver properties page does
not work in this case either as the new driver package includes updates to
the INF files and using the driver update seems to ignore the new INF files
and the changes we wanted to occur based off the INF.

Does anyone have any suggestions?

Al

Al,

Can you ellaborate a little more on why the Update Driver in device manager
doesn’t work for you? I didn’t understand your comments about “seems to
ignore the new INF files”.

Are you letting Windows scan for all the INFs on the machine when you do the
update driver? Have you tried specifically pointing to the INF in question?

With more information about the problem, I think I can help.

Thanks,
Erick Smith
Microsoft

–
This posting is provided “AS IS” with no warranties, and confers no rights.

“Allan Smith” wrote in message
news:xxxxx@ntdev…
>
> I have come across an issue with driver updates involving signed drivers
> that I hope someone can clarify for me.
>
> Assume you have a driver that is signed. If you put the PnP hardware into
> the system and are connected to the Internet ANHW will go to MS and get
the
> signed driver and install it automatically. The issue is that perhaps you
> have a newer improved driver set you want to use. The PnP/ANHW process
> never gives you a chance to specify your new package.
>
> The only way I have seen to get around this is to unplug from the Internet
> when doing the update. This looks pretty unprofessional to customers and
we
> would really rather not have to resort to this.
>
> The Update Driver button in the device manager Driver properties page does
> not work in this case either as the new driver package includes updates to
> the INF files and using the driver update seems to ignore the new INF
files
> and the changes we wanted to occur based off the INF.
>
> Does anyone have any suggestions?
>
> Al
>
>
>
>

Hi Erick,

Perhaps saying it ignores the INF files is a not completely accurate, but if
I do an update on a multiport serial driver that has several serial ports as
children and we use a two part INF file where the parent is the multiport
serial class and the children are the serial ports, and you do an update
driver on the parent, it does not cause the children to be re-enumerated so
that the associated INF sections get executed and new Registry values get
updated etc. So you might wind up with a part of a new driver and new INFs
on the system but effectively they have not been processed.

Now on the other hand if you go into the child device and do an update
driver there, the same sort of thing happens. The port driver INF is not
processed from what I can see and you would wind up without updating the
parent drivers and INF.

To make a long story a bit shorter, the update driver does not seem to cause
the new INF files to be processed so changes do not get applied.

In the past when we did not have a signed driver the system would always
prompt for the driver location on a new install. All we had to do is ensure
the INFs for the product were not already present to get the new driver set
to install properly. Now if the target machine is connected to the Internet
it never gives you a chance to specify the local driver source and will
update with the signed one. Getting us into the situation I describe above.

I hope this clarifies my situation a bit. It is kind of hard to explain.

Al
“Erick Smith [MS]” wrote in message
news:xxxxx@ntdev…
>
> Al,
>
> Can you ellaborate a little more on why the Update Driver in device
manager
> doesn’t work for you? I didn’t understand your comments about “seems to
> ignore the new INF files”.
>
> Are you letting Windows scan for all the INFs on the machine when you do
the
> update driver? Have you tried specifically pointing to the INF in
question?
>
> With more information about the problem, I think I can help.
>
> Thanks,
> Erick Smith
> Microsoft
>
> –
> This posting is provided “AS IS” with no warranties, and confers no
rights.
>
>
> “Allan Smith” wrote in message
> news:xxxxx@ntdev…
> >
> > I have come across an issue with driver updates involving signed drivers
> > that I hope someone can clarify for me.
> >
> > Assume you have a driver that is signed. If you put the PnP hardware
into
> > the system and are connected to the Internet ANHW will go to MS and get
> the
> > signed driver and install it automatically. The issue is that perhaps
you
> > have a newer improved driver set you want to use. The PnP/ANHW process
> > never gives you a chance to specify your new package.
> >
> > The only way I have seen to get around this is to unplug from the
Internet
> > when doing the update. This looks pretty unprofessional to customers
and
> we
> > would really rather not have to resort to this.
> >
> > The Update Driver button in the device manager Driver properties page
does
> > not work in this case either as the new driver package includes updates
to
> > the INF files and using the driver update seems to ignore the new INF
> files
> > and the changes we wanted to occur based off the INF.
> >
> > Does anyone have any suggestions?
> >
> > Al
> >
> >
> >
> >
>
>
>
>

Hello.

1. Are you trying to update to non-signed drivers? In this case update will
   ignore the new package.

2. If you want to disable automatic installation of the drivers from Windows
   Update (through the Internet), you should use gpedit.msc (Group Policy
   Manager). Go to “User Configuration”->“Administrative Templates”->“System”
   enter the “Configure driver search location”. Check “Enable” radio button
   and check “Don’t search Windows Update” check button.

Regards,
Yan Vugenfirer

-----Original Message-----
From: Allan Smith [mailto:aes “at” connecttech “dot” com]
Sent: ??? ??? 22 ??? 2003 23:26
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: XP signed driver update

Hi Erick,

Perhaps saying it ignores the INF files is a not completely accurate, but if
I do an update on a multiport serial driver that has several serial ports as
children and we use a two part INF file where the parent is the multiport
serial class and the children are the serial ports, and you do an update
driver on the parent, it does not cause the children to be re-enumerated so
that the associated INF sections get executed and new Registry values get
updated etc. So you might wind up with a part of a new driver and new INFs
on the system but effectively they have not been processed.

Now on the other hand if you go into the child device and do an update
driver there, the same sort of thing happens. The port driver INF is not
processed from what I can see and you would wind up without updating the
parent drivers and INF.

To make a long story a bit shorter, the update driver does not seem to cause
the new INF files to be processed so changes do not get applied.

In the past when we did not have a signed driver the system would always
prompt for the driver location on a new install. All we had to do is ensure
the INFs for the product were not already present to get the new driver set
to install properly. Now if the target machine is connected to the Internet
it never gives you a chance to specify the local driver source and will
update with the signed one. Getting us into the situation I describe above.

I hope this clarifies my situation a bit. It is kind of hard to explain.

Al
“Erick Smith [MS]” wrote in message
news:xxxxx@ntdev…
>
> Al,
>
> Can you ellaborate a little more on why the Update Driver in device
manager
> doesn’t work for you? I didn’t understand your comments about “seems to
> ignore the new INF files”.
>
> Are you letting Windows scan for all the INFs on the machine when you do
the
> update driver? Have you tried specifically pointing to the INF in
question?
>
> With more information about the problem, I think I can help.
>
> Thanks,
> Erick Smith
> Microsoft
>
> –
> This posting is provided “AS IS” with no warranties, and confers no
rights.
>
>
> “Allan Smith” wrote in message
> news:xxxxx@ntdev…
> >
> > I have come across an issue with driver updates involving signed drivers
> > that I hope someone can clarify for me.
> >
> > Assume you have a driver that is signed. If you put the PnP hardware
into
> > the system and are connected to the Internet ANHW will go to MS and get
> the
> > signed driver and install it automatically. The issue is that perhaps
you
> > have a newer improved driver set you want to use. The PnP/ANHW process
> > never gives you a chance to specify your new package.
> >
> > The only way I have seen to get around this is to unplug from the
Internet
> > when doing the update. This looks pretty unprofessional to customers
and
> we
> > would really rather not have to resort to this.
> >
> > The Update Driver button in the device manager Driver properties page
does
> > not work in this case either as the new driver package includes updates
to
> > the INF files and using the driver update seems to ignore the new INF
> files
> > and the changes we wanted to occur based off the INF.
> >
> > Does anyone have any suggestions?
> >
> > Al
> >
> >
> >
> >
>
>
>
>

—
You are currently subscribed to ntdev as: xxxxx@smlink.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

This behaviour is unfortunate for the user experience.

We are big advocates of logoing and signing our new drivers as they come
out, but it is not practical to do this immediately for every change we
make. Because of this there is a bit of a lag with getting a signed package
(not to mention the time it takes WHQL to do the signing).

In the meantime this makes it necessary for the user to use a messy work
around to install the unsigned driver so they can get the product running.

IMO it would make more sense if it gave a strong warning about updating with
an unsigned driver but still allowed you to continue after acknowledging it.

I understand MS’s standpoint. Known signed drivers have an implied quality
and are somewhat trusted. Allowing replacement with unsigned/logoed drivers
could compromise the reliability of the system. But if the system is not
working correctly because the signed driver has an issue that needs fixing
with a new unsigned one, the system is already in a problem state so the
protection works against you.

Al

“yan” wrote in message news:xxxxx@ntdev…
>
> 1. Are you trying to update to non-signed drivers? In this case update
will
> ignore the new package.
>

Allan,

Ah, ok I think I understand the issue. Here is a paraphrase of what I think
you want. When you update the driver for the “bus”, you want the children
to be “updated” as well. Is this correct?

You are correct that the “update driver” button in device manager doesn’t do
this. To update the driver it must first disable the children so that it
can unload the old driver, and reload the new driver for the “bus”. But
when the bus comes back on line and re-enumerates its children PNP notices
that drivers for the children are already installed and doesn’t try to
re-install these.

You can programatically get the behavior you are looking for. You could ask
PNP to update the driver for the bus as well as all of the children. A
slightly easier approach which should also work is that you could enumerate
through each of the children and mark them as “re-install needed”. Then
update the driver for the “bus”. When the bus driver comes back on line and
starts enumerating it’s children again PNP would attempt to “re-install” the
children, and if you copied over new driver packages for the children they
should now be used.

I hope this helps,

Erick Smith
Microsoft

–
This posting is provided “AS IS” with no warranties, and confers no rights.

“Allan Smith” wrote in message
news:xxxxx@ntdev…
>
> Hi Erick,
>
> Perhaps saying it ignores the INF files is a not completely accurate, but
if
> I do an update on a multiport serial driver that has several serial ports
as
> children and we use a two part INF file where the parent is the multiport
> serial class and the children are the serial ports, and you do an update
> driver on the parent, it does not cause the children to be re-enumerated
so
> that the associated INF sections get executed and new Registry values get
> updated etc. So you might wind up with a part of a new driver and new
INFs
> on the system but effectively they have not been processed.
>
> Now on the other hand if you go into the child device and do an update
> driver there, the same sort of thing happens. The port driver INF is not
> processed from what I can see and you would wind up without updating the
> parent drivers and INF.
>
> To make a long story a bit shorter, the update driver does not seem to
cause
> the new INF files to be processed so changes do not get applied.
>
> In the past when we did not have a signed driver the system would always
> prompt for the driver location on a new install. All we had to do is
ensure
> the INFs for the product were not already present to get the new driver
set
> to install properly. Now if the target machine is connected to the
Internet
> it never gives you a chance to specify the local driver source and will
> update with the signed one. Getting us into the situation I describe
above.
>
> I hope this clarifies my situation a bit. It is kind of hard to explain.
>
> Al
> “Erick Smith [MS]” wrote in message
> news:xxxxx@ntdev…
> >
> > Al,
> >
> > Can you ellaborate a little more on why the Update Driver in device
> manager
> > doesn’t work for you? I didn’t understand your comments about “seems to
> > ignore the new INF files”.
> >
> > Are you letting Windows scan for all the INFs on the machine when you do
> the
> > update driver? Have you tried specifically pointing to the INF in
> question?
> >
> > With more information about the problem, I think I can help.
> >
> > Thanks,
> > Erick Smith
> > Microsoft
> >
> > –
> > This posting is provided “AS IS” with no warranties, and confers no
> rights.
> >
> >
> > “Allan Smith” wrote in message
> > news:xxxxx@ntdev…
> > >
> > > I have come across an issue with driver updates involving signed
drivers
> > > that I hope someone can clarify for me.
> > >
> > > Assume you have a driver that is signed. If you put the PnP hardware
> into
> > > the system and are connected to the Internet ANHW will go to MS and
get
> > the
> > > signed driver and install it automatically. The issue is that perhaps
> you
> > > have a newer improved driver set you want to use. The PnP/ANHW
process
> > > never gives you a chance to specify your new package.
> > >
> > > The only way I have seen to get around this is to unplug from the
> Internet
> > > when doing the update. This looks pretty unprofessional to customers
> and
> > we
> > > would really rather not have to resort to this.
> > >
> > > The Update Driver button in the device manager Driver properties page
> does
> > > not work in this case either as the new driver package includes
updates
> to
> > > the INF files and using the driver update seems to ignore the new INF
> > files
> > > and the changes we wanted to occur based off the INF.
> > >
> > > Does anyone have any suggestions?
> > >
> > > Al
> > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
>
>

Erick,

Thanks for the info.

One question though, with these approaches we still will have the issue of a
non-signed driver not updating the signed one already there, correct?

Allan

“Erick Smith [MS]” wrote in message
news:xxxxx@ntdev…
>
> Allan,
>
> Ah, ok I think I understand the issue. Here is a paraphrase of what I
think
> you want. When you update the driver for the “bus”, you want the children
> to be “updated” as well. Is this correct?
>
> You are correct that the “update driver” button in device manager doesn’t
do
> this. To update the driver it must first disable the children so that it
> can unload the old driver, and reload the new driver for the “bus”. But
> when the bus comes back on line and re-enumerates its children PNP notices
> that drivers for the children are already installed and doesn’t try to
> re-install these.
>
> You can programatically get the behavior you are looking for. You could
ask
> PNP to update the driver for the bus as well as all of the children. A
> slightly easier approach which should also work is that you could
enumerate
> through each of the children and mark them as “re-install needed”. Then
> update the driver for the “bus”. When the bus driver comes back on line
and
> starts enumerating it’s children again PNP would attempt to “re-install”
the
> children, and if you copied over new driver packages for the children they
> should now be used.
>