KMDF driver signature different than UMDF driver siganture RRS feed

  • Question

  • I was successfully able to build and install a UMDF sample driver: from within VS2012. VS2012 signs everything with the test certificate, and I only need to install the certificate into the store and then install the driver.

    When I try doing the same with a KMDF sample( , VS2012 builds and signs it with the same test certificate as in the case with the UMDF one, so there is no need for installing it into the store, but when i install the KMDF sample it fails. In Device Manager, it tells me:

    Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have

    installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)

    is there a difference between the signing requirements for each of these or what is happening?

    Monday, November 26, 2012 5:13 PM

All replies

  • perhaps you modified (Even just resaved) the inf or sys after signing.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, November 26, 2012 5:45 PM
  • nope. I've deleted the existing test certificate. And then built each of them with VS2012, added the generated certificate to the Trusted root store and the Trusted Publishers store.

    And yet when I install them Vhid works while for Echo it says it isn't signed. I diffed the log entries for the two installations, and besides the differences related to folder/file names, this was the only thing that was different:

         dvi: {Plug and Play Service: Device Install for ROOT\SAMPLE\0000}
         ndv:      Infpath=C:\WINDOWS\INF\oem194.inf
         ndv:      DriverNodeName=echo.inf:741f41b5aeb82dba:ECHO_Device:\echo
         ndv:      DriverStorepath=C:\WINDOWS\System32\DriverStore\FileRepository\echo.inf_amd64_1cc81cd6d4142550\echo.inf
         dvi:      Searching for hardware ID(s):
         dvi:           root\echo
         dvi:      Class GUID of device changed to: {78a1c341-4539-11d3-b88d-00c04fad5171}.
         ndv:      {Core Device Install} 15:31:08.025
         sto:           {Configure Driver Package: C:\WINDOWS\System32\DriverStore\FileRepository\echo.inf_amd64_1cc81cd6d4142550\echo.inf}
         sto:                Driver Store   = C:\WINDOWS\System32\DriverStore [Online] (6.2.9200)
         sto:                Driver Package = echo.inf_amd64_1cc81cd6d4142550
         sto:                Flags          = 0x00020000
         sto:                Source Filter  = root\echo
         inf:                Class GUID     = {78a1c341-4539-11d3-b88d-00c04fad5171}
         inf:                Class Status   = Configurable
         idb:                {Configure Device Setup Class: {78a1c341-4539-11d3-b88d-00c04fad5171}}
         idb:                     Updating existing class.
         idb:                     Class Name = Sample
         idb:                {Configure Device Setup Class: exit(0x00000000)}
         inf:                {Configure Driver: Sample WDF ECHO Driver}
         inf:                     Manufacturer = (Standard system devices)
         inf:                     Section Name = ECHO_Device.NT
         inf:                     {Add Service: ECHO}
         inf:                          Start Type    = 3
         inf:                          Service Type  = 1
         inf:                          Error Control = 1
         inf:                          Image Path    = \SystemRoot\System32\drivers\ECHO.sys
         inf:                          Display Name  = Sample WDF ECHO Service
         inf:                          Group         = Extended Base
         inf:                          Updated service 'ECHO'.
         inf:                     {Add Service: exit(0x00000000)}
         inf:                     Hardware Id  = root\ECHO
         inf:                     {Configure Driver Configuration: ECHO_Device.NT}
         inf:                          Service Name  = ECHO
         inf:                          Config Flags  = 0x00000000
         inf:                     {Configure Driver Configuration: exit(0x00000000)}
         inf:                {Configure Driver: exit(0x00000000)}
         flq:                Copying 'C:\WINDOWS\System32\DriverStore\FileRepository\echo.inf_amd64_1cc81cd6d4142550\ECHO.sys' to 'C:\WINDOWS\System32\drivers\ECHO.sys'.
         cpy:                Existing file 'C:\WINDOWS\System32\drivers\ECHO.sys' remains unchanged.
         flq:                Copying 'C:\WINDOWS\System32\DriverStore\FileRepository\echo.inf_amd64_1cc81cd6d4142550\WdfCoInstaller01011.dll' to 'C:\WINDOWS\System32\WdfCoInstaller01011.dll'.
         cpy:                Existing file 'C:\WINDOWS\System32\WdfCoInstaller01011.dll' remains unchanged.
         sto:           {Configure Driver Package: exit(0x00000000)}
         dvi:           Install Device: Configuring device (oem194.inf:root\echo,ECHO_Device.NT). 15:31:08.157
         dvi:           Install Device: Configuring device completed. 15:31:08.159
         dvi:           Install Device: Restarting device. 15:31:08.160
         dvi:           Install Device: Restarting device completed. 15:31:08.845
    !!!  dvi:           Device not started: Device has problem: 0x34: CM_PROB_UNSIGNED_DRIVER.
    !    ndv:           Queueing up error report since device has a PnP problem...
         ndv:      {Core Device Install - exit(0x00000000)} 15:31:08.948
         ump: {Plug and Play Service: Device Install exit(00000000)}
    <<<  Section end 2012/11/26 15:31:08.953
    <<<  [Exit status: SUCCESS]

    the exact difference being at the bottom where it says:

    !!!  dvi:           Device not started: Device has problem: 0x34: CM_PROB_UNSIGNED_DRIVER.
    !    ndv:           Queueing up error report since device has a PnP problem...

    Not sure why Echo has the problem. 

    Monday, November 26, 2012 9:00 PM
  • Make sure the stamped inf and cat file are in the same directory. Also, right click on the sys in explorer and see if there is a signing tab. If so, make sure if is yur test cert. If not present, try embed signing the sys file during package signing.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, November 27, 2012 3:42 AM
  • So both of the .sys files are signed with the certificate that is added to both Trusted Root Certificate Authorities, and Trusted publishers. The .cat file is signed with the same certificate, and they are all in the same folder together with .inf and the Wdf coinstaller. What exactly do you mean by stamped inf though? It doesn't have a signing tab.
    Thursday, November 29, 2012 11:58 AM
  • Hello Alexandru,

    I have the same issue, and I was wondering if you ever got a response to your question about the stamped inf?

    Tuesday, April 1, 2014 2:17 AM