none
Driver package with WINUSB and WDF coinstallers required signing by microsoft dev center? RRS feed

  • Question

  • Hi All,

    We decided to change the driver for our USB device from libusb0 to WINUSB. We already created and signed the driver package containing the WINUSB and WDF coninstallers (x86, x64), Custom INF and DPInst. The certificate used is issued by Digicert just last May 2017. The driver will be released to our customers together with an in-house software communicating with our USB device. My question is, do we still need to send this to the hardware dev center for signing even though the coinstallers came from and already signed by Microsoft? 

    Our current understanding is we need to setup a test infrastructure (HLK/HCK) just to be able to sign the driver package.

    Please point to any documentation or guides on how to send the driver for signing. Thank you very much for your time.

    Regards,

    ozbum

    Wednesday, December 6, 2017 10:25 PM

Answers

  • you should really move away from DIFX. what does pnputil /add-driver report? look in %windir%\inf\setupapi.dev.log to see why the package import is failing. I  would imagine on a clean install that your cert is in yet in the cert store (which would be imported if you answer yes to the "Do you want to trust this publisher?" dialog)

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by ozbum Thursday, December 7, 2017 6:01 AM
    Thursday, December 7, 2017 5:54 AM

All replies

  • The inf itself needs to be signed/certified by a catalog. You can do this yourself if you have a very that chains to the microsoft one and it is added to the cert store of the machine. Note that difx is deprecated and has several potentially showstopper issues in win10

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, December 7, 2017 3:23 AM
  • Dear Doron,

    Thank you very much for your reply. Can you please elaborate on your reply. My understanding on your reply is we don't need to send our driver package to hardware lab and just signed it by ourselves (this is what we did, we have the catalog included in our driver package. Still it failed installation in a clean install Win10 1709, error is DriverPackagePreinstallW (0xE0000242). 

    Currently we have both code signing and EV code signing certificate from Digicert.

    Sorry for this questions I am new to driver deployment.

    Kind Regards,

    Ozbum


    • Edited by ozbum Thursday, December 7, 2017 4:26 AM
    Thursday, December 7, 2017 4:24 AM
  • you should really move away from DIFX. what does pnputil /add-driver report? look in %windir%\inf\setupapi.dev.log to see why the package import is failing. I  would imagine on a clean install that your cert is in yet in the cert store (which would be imported if you answer yes to the "Do you want to trust this publisher?" dialog)

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by ozbum Thursday, December 7, 2017 6:01 AM
    Thursday, December 7, 2017 5:54 AM
  • Dear Doron,

    Thank you very much for your answer. pnputil successfully installed the driver. We are currently considering removing dpinst and use pnputil

    Thank you very much for your time

    kind regards

    Ozbum

    Thursday, December 7, 2017 6:00 AM