locked
Error during a driver submission to the Hardware Dev Center , in the step "Catalog Creation" RRS feed

  • Question

  • Hi WHQL/HLK/HCK Experts:

    I got the following error during a driver submission to the Hardware Dev Center , in the step "Catalog Creation" 

    Certification requested for Windows 10 RS4 Update, Windows 8.1, Windows 7

    "We found that your submission contained binaries embedded with a SHA-256 signature. However, you requested that your submission be signed such that it is compatible with Operating Systems which require a SHA-1 catalog. Please remove the SHA-2 signatures from your binaries, or remove the SHA-1 target operating systems (Windows 7 and below) and resubmit."

    Any link about documentation on this topic? Is the issue about signature of .sys files? Or also about the .cat files? I've used SHA-256 for both .cat and .sys files. Should I remove the SHA-256 from the .sys files? Is this accepted by the HLK and I can create a new package smoothly? In case I succeed, shall I start a new submission from scratch or the open submission can be resumed?



    • Edited by Massimobe Thursday, September 20, 2018 1:56 PM
    Thursday, September 20, 2018 1:47 PM

All replies

  • I think the issue is that you are submitting for Windows 7 … and there is a Version of Windows 7 (I think pre-SP2?), that does not support SHA256.  Therefore, your items signed with only SHA256 will not work because Windows 7 doesn't understand SHA256.

    To initially get around this problem when I first encountered it, I dual-signed the driver package items (.CAT file, .SYS files), first with SHA1, then appended a SHA2(56) signature.

    More recently, I am single-signed with just SHA2, but not claiming support for Windows Versions that don't support SHA256.

    fwiw, I think you can muddle the signatures on the .CAT and .SYS files without affecting the integrity of the .CAT file's hashes, and so don't have to re-do all of the HCK/HLK testing, just have to massage the driver package prior to creating the submission package.

    Hope that helps,

    • Marked as answer by Massimobe Tuesday, September 25, 2018 6:39 AM
    • Unmarked as answer by Massimobe Tuesday, September 25, 2018 6:39 AM
    Monday, September 24, 2018 6:12 PM
  • Thank you for the answer.

    I think you are right, the problem is Windows 7.

    I was able to solve the issue by test signing with a SHA-1 only signature. Microsoft accepted it for both Windows 7 and Window 10.

    The only side effect is that the .sys after certification have two signatures:

    - Microsoft Windows Hardware Compatibility Publisher (SHA-256)

    - Test signature (SHA-1)

    The .cat(s) instead are only signed with "Microsoft Windows Hardware Compatibility Publisher (SHA-256)"

    But this seems not affecting the functionality on all the OSs.

    Regarding: " you can muddle the signatures on the .CAT and .SYS files without affecting the integrity of the .CAT file's hashes, and so don't have to re-do all of the HCK/HLK testing": yes, I confirm it worked

    Tuesday, September 25, 2018 6:44 AM