none
VerifyTrustFailed for C:\Windows\system32\WdfCoInstaller01011.dll RRS feed

  • Question

  • apparently the problem is NOT with my signing, the problem is with WinUsbCoInstaller2.dll and WdfCoInstaller01011.dll

    from setupapi.dev.log

    !    sig:                     VerifyTrustFailed for C:\Windows\system32\WinUsbCoInstaller2.dll.
    !    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
    !    sig:                     VerifyTrustFailed for C:\Windows\system32\WdfCoInstaller01011.dll.
    !    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    do I need to sign these as well as the CAT file?

    • Edited by megaabite Tuesday, July 17, 2018 8:10 PM
    Tuesday, July 17, 2018 7:07 PM

Answers

  • The redist dll contains an embedded signature from Microsoft. But that signature is not used during PnP installation.

    Assume yours is a PnP driver package, which contains an INF file, a CAT file, some SYS file, and in your case, WDF redist dll. The signature in CAT file is the one used by PnP. You need to run "signtool verify" against the CAT file on the target machine.

    And for every file above, the CAT file should have one catalog entry for it. Double click the CAT file, and you should be able to check how many entries are there.

    How did you create and sign the driver package?

    Thursday, July 19, 2018 12:51 AM

All replies

  • This error is usually happens when you try to install a signed driver on a system and the certificate was not installed first (you have to tell the system to trust the certificate). Install the certificate on your system and if you do it properly, your driver will install, as described here

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, July 17, 2018 10:58 PM
    Moderator
  • Sorry, but your response makes no sense.

    WinUsbCoInstaller2.dll and WdfCoInstaller01011.dll are both part of the Windows Driver Kit 10 redistributables - C:\Program Files (x86)\Windows Kits\10\Redist\wdf\x64

    I didn't sign them, Microsoft did.  I cannot install the certificate because I don't own it.

    and, from a common sense perspective, why should anyone have to install certificates for redistributable assemblies?



    Wednesday, July 18, 2018 2:46 PM
  • Windows setup is not known for the helpfulness of its error messages. Since those lines don't start with three exclamations, they are probably not the source of the error. Have you verified that your certificate is trusted on the machine you're installing the driver on?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, July 18, 2018 6:36 PM
    Moderator
  • is there someone out there who understands WinUSB?  or driver installation?  or signing problems?

    FYI - "signtool verify /pa WinUsbCoInstaller2.dll" returns "successfully Verified"

    P.S. notice that both assemblies are in C:\Windows\system32...I did not install those...


    • Edited by megaabite Wednesday, July 18, 2018 8:47 PM
    Wednesday, July 18, 2018 8:44 PM
  • The redist dll contains an embedded signature from Microsoft. But that signature is not used during PnP installation.

    Assume yours is a PnP driver package, which contains an INF file, a CAT file, some SYS file, and in your case, WDF redist dll. The signature in CAT file is the one used by PnP. You need to run "signtool verify" against the CAT file on the target machine.

    And for every file above, the CAT file should have one catalog entry for it. Double click the CAT file, and you should be able to check how many entries are there.

    How did you create and sign the driver package?

    Thursday, July 19, 2018 12:51 AM
  • Why are you blaming me?

    I followed your instructions - https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/winusb-installation#howto

    It says nothing about having to sign Winusbcoinstaller.dll or WdfcoinstallerXXX.dll.

    Obviously the instructions and example do not work as published.  Is there anyone out there who understands fuly how this is supposed to work? Is there anyone out there who has implemented WinUSB for their device?



    • Edited by megaabite Thursday, July 19, 2018 1:27 PM
    Thursday, July 19, 2018 1:19 PM