none
Windows cannot verify digital signature for driver file on Windows 8.1 and Windows 10 RRS feed

  • Question

  • Recently, some our customers reported some issues about system driver which is developed by me.

    After I inspected, I found that the driver cannot be started on the system, and get 577 error (Windows cannot verify the digital signature for this file ...). The .sys file is signed recently by signtool.exe with SHA-1 code signing certificate only and timestamp. The issue Windows version includes Windows 8.1 x86 (8.3.9600) and Windows 10 x86 (10.0.10586). After that, we updated all our working and testing machines to latest (Windows 7, Windows 8.1, Windows 10 etc.), but no machine can reproduce the scenario happened on customer's machine. Just few customer met this issue.

    I heard that Microsoft would deprecate SHA-1 signature, but seems that almost nothing happens on driver verification until now.

    I don't know why and how to reproduce. Maybe one hot-fix effect this? Help me. Thanks!

    Friday, August 26, 2016 8:56 AM

All replies

  • Recently, some our customers reported some issues about system driver which is developed by me.

    After I inspected, I found that the driver cannot be started on the system, and get 577 error (Windows cannot verify the digital signature for this file ...). The .sys file is signed recently by signtool.exe with SHA-1 code signing certificate only and timestamp. The issue Windows version includes Windows 8.1 x86 (8.3.9600) and Windows 10 x86 (10.0.10586). After that, we updated all our working and testing machines to latest (Windows 7, Windows 8.1, Windows 10 etc.), but no machine can reproduce the scenario happened on customer's machine. Just few customer met this issue.

    I heard that Microsoft would deprecate SHA-1 signature, but seems that almost nothing happens on driver verification until now.

    I don't know why and how to reproduce. Maybe one hot-fix effect this? Help me. Thanks!

    The file signature and timestamp signature are OK. Certificate chains are also OK.
    Friday, August 26, 2016 9:03 AM
  • You might want to check out https://channel9.msdn.com/Events/Windows/Filter-Plugfest28/Driver-Certification-on-Windows-Client-and-Server  this is the latest advice from Microsoft.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, August 26, 2016 12:28 PM
  • Install a new, clean Win10 machine - not any update from anything.

    Regards,

    -- pa

    Sunday, August 28, 2016 2:45 PM
  • Install a new, clean Win10 machine - not any update from anything.

    Regards,

    -- pa

    Yes, I had tried getting the latest fresh Windows 10 installed, but still cannot reproduce.
    Tuesday, August 30, 2016 3:23 AM
  • You might want to check out https://channel9.msdn.com/Events/Windows/Filter-Plugfest28/Driver-Certification-on-Windows-Client-and-Server  this is the latest advice from Microsoft.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    However, I cannot reproduce on either latest clean Windows 10 or upgraded Windows 10. I have tried on more than 20 machines. Does some hotfixes has been recalled by Microsoft effect this?
    Tuesday, August 30, 2016 3:27 AM
  • Do the bad machines  have secure boot enabled, or some other "advanced" security?

    Thursday, September 1, 2016 11:51 PM