Authenticode on Win2003

TheMSsForum.com: The Microsoft Software Forum

Hi,

I am trying to sign a driver for Win2003 with authenticode using a valid
certificate which I successfully used for signing user mode software. After
lots of digging through a number "step by step" guides by Microsoft I
managed to create a cat file and sign it. When I install the driver, I can't
see it differs in any way from the unsigned version. I see the same
"unsigned driver" prompt, and the driver is shown unsigned in Device
Manager. I would expect at least an "invalid signature" warning or so -
after all, the INF file refers to CAT.

I've come across http://www.osronline.com/showThread.cfm?link=105933 where
people say a driver is displayed as unsigned in Device Manager unless it has
a WHQL signature. Now let's say my driver is signed with Authenticode. How
can a user check the validity of my driver's authenticode signature AFTER
the driver is installed?

Thanks
Top

Re: Authenticode on Win2003 by chris

chris
Wed Mar 14 16:20:50 CDT 2007

On Mar 14, 3:37 pm, "muriwai" <muri...@nospam.nospam> wrote:

> I've come acrosshttp://www.osronline.com/showThread.cfm?link=105933where
> people say a driver is displayed as unsigned in Device Manager unless it has
> a WHQL signature.

I would add "unless your device belongs to a custom setup class".

We have a custom USB driver with its own setup class, and when I self-
sign it in order to load it on Vista x64 for DTM testing, the "Driver
Signer" line in Device Manager shows the name of our company.

On XP x64 I also see a totally different warning box at device
installation time that says something like "this driver is signed, it
has not been altered, however it hasn't passed WHQL, yes/no".

But our modem and networking drivers just show "Driver not signed"
after self-signing (as you say), even though they are signed. The
same logo warning (vs. unsigned) comes up also.

Top

Re: Authenticode on Win2003 by muriwai

muriwai
Wed Mar 14 16:57:41 CDT 2007

Thanks!



<chris.aseltine@gmail.com> wrote in message
news:1173907250.346348.108580@l75g2000hse.googlegroups.com...
> On Mar 14, 3:37 pm, "muriwai" <muri...@nospam.nospam> wrote:
>
>> I've come acrosshttp://www.osronline.com/showThread.cfm?link=105933where
>> people say a driver is displayed as unsigned in Device Manager unless it
>> has
>> a WHQL signature.
>
> I would add "unless your device belongs to a custom setup class".
>
> We have a custom USB driver with its own setup class, and when I self-
> sign it in order to load it on Vista x64 for DTM testing, the "Driver
> Signer" line in Device Manager shows the name of our company.
>
> On XP x64 I also see a totally different warning box at device
> installation time that says something like "this driver is signed, it
> has not been altered, however it hasn't passed WHQL, yes/no".
>
> But our modem and networking drivers just show "Driver not signed"
> after self-signing (as you say), even though they are signed. The
> same logo warning (vs. unsigned) comes up also.
>


Top

Re: Authenticode on Win2003 by muriwai

muriwai
Wed Mar 14 17:10:54 CDT 2007

Authenticode seems to be completely useless unless maybe when I have a
driver not eligible for Windows Logo. So I cannot sign my kernel mode
software without Microsoft and Verisign getting a hefty share of my income.
Great! That's what I call marketing!


<chris.aseltine@gmail.com> wrote in message
news:1173907250.346348.108580@l75g2000hse.googlegroups.com...
> On Mar 14, 3:37 pm, "muriwai" <muri...@nospam.nospam> wrote:
>
>> I've come acrosshttp://www.osronline.com/showThread.cfm?link=105933where
>> people say a driver is displayed as unsigned in Device Manager unless it
>> has
>> a WHQL signature.
>
> I would add "unless your device belongs to a custom setup class".
>
> We have a custom USB driver with its own setup class, and when I self-
> sign it in order to load it on Vista x64 for DTM testing, the "Driver
> Signer" line in Device Manager shows the name of our company.
>
> On XP x64 I also see a totally different warning box at device
> installation time that says something like "this driver is signed, it
> has not been altered, however it hasn't passed WHQL, yes/no".
>
> But our modem and networking drivers just show "Driver not signed"
> after self-signing (as you say), even though they are signed. The
> same logo warning (vs. unsigned) comes up also.
>


Top

RE: Authenticode on Win2003 by JenniferSteplerMSFT

JenniferSteplerMSFT
Fri Apr 06 12:50:02 CDT 2007

Hello,
A user can always double click on a catalog file (.cat). It will bring up
the security catalog viewer. If the catalog file is signed, the viewer will
have a button to "View Signature". So, a user can easily inspect a catalog
file before or after installation.

BTW, the way Windows handles driver signatures is very different between
Vista and prior versions of Windows. Documenation on the web that is written
to describe driver signing for Vista does not necessarily work for prior
versions of Windows.

Hope this helps,
Jennifer

"muriwai" wrote:

> Hi,
>
> I am trying to sign a driver for Win2003 with authenticode using a valid
> certificate which I successfully used for signing user mode software. After
> lots of digging through a number "step by step" guides by Microsoft I
> managed to create a cat file and sign it. When I install the driver, I can't
> see it differs in any way from the unsigned version. I see the same
> "unsigned driver" prompt, and the driver is shown unsigned in Device
> Manager. I would expect at least an "invalid signature" warning or so -
> after all, the INF file refers to CAT.
>
> I've come across http://www.osronline.com/showThread.cfm?link=105933 where
> people say a driver is displayed as unsigned in Device Manager unless it has
> a WHQL signature. Now let's say my driver is signed with Authenticode. How
> can a user check the validity of my driver's authenticode signature AFTER
> the driver is installed?
>
> Thanks
>
>
>
Top