Digital Signature in Driver File Details RRS feed

  • Question

  • I've looked at every post I can find and haven't found a solution/next step.

    I'm receiving Code 52, Windows cannot verify the digital signature for the drivers......

    I built WDK project in VS2013 with driver filter and package, simple mouse filter, works in test signing.  BOth projects I added the signing "Production Sign" and my appropriate certificate (DigiCert EV Code Sign).  I've verified my CAT file and SYS files are both signed using Signtool Verify with and without /c for cat and all shows signed.  When I install with DPINST I get the nice popup saying it's signed  trust publisher xyz "Install or Dont Install" which I don't get unless signed.  But it always shows my driver Not digitally signed" and doesn't show publisher, 

    I've tried to add the Cross-Cert with signtool and recieved good output (no errors and it completed).

    I've checked the setupapi.dev.log and found:

         sig:           Catalog  =

         sig:           Catalog  = C:\Windows\System32\DriverStore\FileRepository\mmmoufiltr.inf_amd64_neutral_f5bf7acbe4650e24\motixmoufiltr.cat
    !    sig:           Verifying file against specific (valid) catalog failed! (0x800b0109)
    !    sig:           Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    I receive this for every file in the catalog (i.e. coinstaller, sys, etc).  

    I've also found in events security

    Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
    File Name:	\Device\HarddiskVolume1\Windows\System32\drivers\mmmoufiltr.sys

    I made sure my cert was in "Trusted Root Certification Authorities". 

    I'm not sure what else to check.  I've read through the guides at length, but obviously am missing something.  Any advice appreciated.


    • Edited by TallmanBaS Tuesday, February 3, 2015 6:08 PM
    Tuesday, February 3, 2015 3:42 AM


  • For someone elses benefit, it turns out my code signing certificate was a SHA2 cert which is the future.  I was installing in a Windows 7, and it didn't support the SHA2, so I got a SHA1 certificateion, did all the same steps and works now.

    • Marked as answer by TallmanBaS Tuesday, February 3, 2015 6:09 PM
    Tuesday, February 3, 2015 6:09 PM