none
Signing UMDF Driver - Windows Still Not Recognizing It RRS feed

  • Question

  • Hello,

    I'm trying to sign a UMDF device driver. I've compiled the driver with Visual Studios Pro 2013, and the package folder has the following items:

    devicev1.cat
    DeviceV1.dll
    DeviceV1.inf
    WdfCoinstaller01011.dll
    winusbcoinstaller.dll
    winusbcoinstaller2.dll
    WudfUpdate_01011.dll

    I have a signature certificate from DigiCert and checked the Certificate store with, certmgr.exe. I can see my signature certificate just fine.

    I have tried signing the package in the following combinations:

    1) Just the devicev1.cat file alone.

    2) devicev1.cat and DeviceV1.dll files.

    3) All 6 files in the package folder (i.e. including the coinstallers).

    All combinations of signing shows the proper signature within the files themselves. I've used:

    signtool.exe verify /kp /v devicev1.cat

    signtool.exe verify /kp /v DeviceV1.dll

    Both shows that they've been properly signed with no errors.

    I've also used:

    signtool.exe verify /kp /c devicev1.cat devicev1.inf

    And it shows that the files does exist in there.

    However, when installed, Windows says that the driver is not digitally signed.

    Which file(s) am I supposed to sign? Is it just the 2, devicev1.cat and DeviceV1.dll? Or do I only sign the catalog file?

    The instructions from the hardware development site indicates that I need to use inf2cat. Do I still need to use it when Visual Studios has auto-generated the catalog file already? Regardless, I did follow the instructions to modify the *.inf file be removing the coinstallers part, used inf2cat to generate a new catalog. Signed it. And still the same message comes up. The driver is not digitally signed.

    Please help! I have no idea what else I'm missing.

    Thanks.

    Wednesday, October 15, 2014 11:01 PM

All replies

  • look in %windir%\inf\setupapi.dev.log for the specific info on what failed. the driver package project will sign the contents for you. are you configuring the driver package project to use your digicert cert or the test cert the WDK created on your behalf (which is the default)?

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, October 16, 2014 12:00 AM
  • Hi Doron,

    We've been using the signtool.exe from the elevated command prompt. So it was all done manually. However, configuring Visual Studios to sign during compile was our next plan. We are setting up to do that today. I will let you know how it turns out.

    Thanks.

    Thursday, October 16, 2014 1:07 PM