none
Problem with legacy x64 driver signing RRS feed

  • Question

  • Hi all,

    I'm maintaining a driver package which contains both an x86 and an amd64 kernel driver. An earlier version of the package has been signed with SHA1 before 2016-01-01, and it still works even on x64 Windows.

    Now I'm trying to rebuild the package and sign it with a new SHA256 cert, but when I try to install it e.g. on Win7 x64, Win 8.1 x64, or Win10 x64 using the "devcon" utility the driver fails to load with an error saying the signature can't be verified.

    In %windir%\inf\setupapi.dev.log I get this error:

    Device has problem: 0x34: CM_PROB_UNSIGNED_DRIVER.

    This happens even though "signtool /kp" says that the signature of the driver binaries as well as the signature of the .cat file is OK for this purpose, the .sys file is copied correctly, and if I use explorer to check the properties of the installed sys file it says, "Digital signature is valid".

    Only if I enable the TESTSIGNING boot configuration option the driver is loaded and works correctly. BTW, this is *not* yet for Windows 10 desktop with EV cert, just for legacy Windows x64. The driver package is available here:
    https://www.meinberg.de/download/temp/burnicki/driver.zip


    Some associated debug information:
    https://www.meinberg.de/download/temp/burnicki/driver-log.txt

    Anybody who has an idea what may be wrong? The certificates, even though "signtool /kp" says that everything's fine?

    Thanks, Martin

    Thursday, October 12, 2017 3:24 PM