What is needed to provide a signed .inf / .cat file for a composite device with no custom drivers under Windows 10? RRS feed

  • Question

  • I apologize if this has been answered already but most of the information I'm finding is several years old and I'm not sure what's applicable to Windows 10.

    I have a device that enumerates as a composite device with a CDC virtual COM port and a mass storage device.  Neither of these require custom drivers to be provided - it just needs an appropriate INF file, but of course Windows wants everything to be signed.

    I'm not clear on what certificate is required to do this now.  I'm not after any certifications or markings, I just need the device to install without forcing the user to reboot and disable signing.

    Can someone give me a quick overview of what's needed, or point me to the current and relevant documentation?



    Thursday, March 16, 2017 6:50 PM

All replies

  • Dear Scott,

    Greetings !!

    I am in the same situation and want to sign my virtual COM driver INF file for WIN 7 / 8/ 10.  It'll be really helpful if you can you please share method you used.

    Thanking you !!


    Rahul Bhatia

    Monday, September 17, 2018 5:00 AM
  • I've basically given up.  I can't seem to get a straight answer from anyone on this.  Windows 10 actually handles the CDC side without extra drivers, and Windows 7 allows you to bypass the check easily, so it's only Windows 8 that's an issue.  I don't have enough users on Windows 8 to make it a major concern.  Nobody likes Windows 8 anyway.

    Tuesday, September 18, 2018 8:17 PM
  • Thanks for reply.

    As i understood it's technically possible to avoid signing problem but how about distribution of INF file to customers \ or outside organization. Is signing not required legally ?


    Rahul Bhatia

    Wednesday, September 19, 2018 11:34 AM
  • I believe to submit any driver package (I.e. your .INF and .CAT files (and, optionally, any .SYS file/s, were you to have any, but in your case you do not)) to the Microsoft Dashboard, you need to have registered with the Dashboard an EV Certificate.  To submit, a driver package, your .HLKX submission package needs to be signed.  I think you also need to sign your .CAT file (I sign mine (were you to have any .SYS files, you'd sign those too)). You can sign with the EV Certificate that you registered with the Dashboard, or another one.  Your EV Certificate will be SHA2(56) (all EV Certificates are SHA2, not all SHA2 Certificates are EV)

    If you are targeting "older" Version of Windows (pre-Windows 7 SP2, iirc), you may need to dual-sign, first with SHA1 (recognized by these "older" versions, then additionally signed SHA2).  I've stopped doing this dual sign as we no longer do new submissions for "older" versions of Windows.

    If/as you are not supplying a custom driver, I would seriously look at removing yourself from the submission business!  Your .INF/.CAT driver package presumably serves the job of "simply" "linking" your VID/PID to a Microsoft "in box" driver, correct?  I would consider using Microsoft OS USB Descriptors to do this, and do away with requiring providing a driver package submission and messing with Certificates and signing, etc.

    • Edited by Mark Enstone Monday, September 24, 2018 9:04 PM Changes .CAB to .CAT.
    Monday, September 24, 2018 6:05 PM
  • Hi Mark,

    It's been a few years since I dug into this in detail, and a year and a half since I looked into it again and started this thread, and I don't think I'd even heard of Microsoft Dashboard before.

    I don't routinely do Windows application development, and I don't do Windows driver development at all.  Last time I worked routinely in Windows development was close to 15 years ago, so please understand that I'm coming into this from a different direction.  I'm an embedded developer and my concern is only getting USB devices properly working with the OS using standard class drivers.

    All I have is an .inf file, built by hand.  My understanding is that a .cat file would be the output of a signing utility, and that goes back to my original question - I don't know what signing certificate is required.  I'd also never heard of WHLK, but apparently it's just what WDK was renamed to (after it was WLK and WHCK).

    You're right, the INF is simply associating the standard driver with the device.  It's baffling to me that this is required at all for standard CDC ACM devices (it's not under Windows 10, Linux, or OS X) but the MS OS USB Descriptors mechanism sounds like what I need.  I've downloaded the docs and I'll see if I can figure out what I need to associate it with usbser.sys.

    Sorry if I sound cranky, I've been dealing with support issues with both NXP and SiLabs (please tell me you're not one of the WGM110 firmware developers) this morning, and trying to get my head around Microsoft's terminology when everything changes constantly is always a challenge.  Your information is the best I've gotten so far.  I'll go read everything after I've had some lunch.



    Monday, September 24, 2018 7:04 PM