Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What do I have to do and how much does it cost to get a device driver for Windows Vista / 7 (32 and 64 bit) signed?

Tags:

windows-7

64-bit

windows-vista

driver-signing

I've got some drivers which are basically LibUSB-Win32 with a new .inf file to describe product/vendor IDs and strings which describe my hardware. This works fine for 32 bit windows, but 64 bit versions have problems; namely that Microsoft in their wisdom require all drivers to be digitally signed.

So my questions are thus:

  1. Is there a version of the LibUSB-Win32 drivers which are already signed I could use?
  2. If there aren't already some signed ones I can canibalise, what exactly do I have to do to get my drivers signed.
  3. Do I need to get 64 and 32 bit versions signed separately and will this cost more?
  4. Is this a free alternative to getting them signed?
  5. Are there any other options I should consider besides requiring that my customers boot into test mode each time they start their machines (not an option I'd consider).
  6. Are there any other options for code signing apart from Verisign? Obviously a free/open source initiative like OpenID would be awesome ;-)
like image 654
Jon Cage Avatar asked Apr 29 '10 18:04

Jon Cage

People also ask

How do I get a driver signed window?

In order to sign a driver, a certificate is required. You can create your own certificate to sign your driver with during development and testing. However, for a public release you must sign your driver with a certificate issued by a trusted root authority.

What does it mean for a driver to be signed?

Driver signing associates a digital signature with a driver package. Windows device installation uses digital signatures to verify the integrity of driver packages and to verify the identity of the vendor (software publisher) who provides the driver packages.

Should you use a driver that is not signed?

It is safe to use. If the driver has been tampered with or changed in any way, then the signature becomes invalid and the driver is then unsigned. Unsigned drivers are considered potentially malicious. For the security and safety of your entire system, Microsoft recommends only using signed drivers.

2 Answers

There are two separate issues at hand:

  1. Signing the image file (i.e. the driver.sys file) to satisfy Kernel Mode Code Signing (KMCS)
  2. Signing the driver package to satisfy driver installation (i.e. the driver.cat file).

If you take an existing driver signed by another entity (be it Microsoft's WinUSB or libusb-win32), that'll satisfy KMCS.

As to driver installation, you'd need your own Code Signing Certificate to sign a .cat file, which verifies that your .inf and the files it refers to (e.g. your .sys files) were not modified and truly come from you. It's somewhat less of a problem, since unlike KMCS (which stops your driver from loading), it won't prevent your driver from being installed but just present a warning to the user.

A Code Signing Certificate (make sure it supports KMCS!) will cost you hundreds of USD, depends on the CA you choose. Some might have plans which allow you to pay per signing event rather then globally per year. If you don't need to release many versions, this might be cheaper for you.

like image 155
Ilya Avatar answered Sep 28 '22 04:09

Ilya

You might be able to get away with trying the libusb-winusb version of libusb which tries to implement most of the existing functionality around the winusb driver (which is a signed MS binary so you don't need to do it yourself). However YMMV as winusb doesn't 100% map to all the functionality required in libusb.

like image 26
tyranid Avatar answered Sep 28 '22 06:09

tyranid
Sign in to Comment

Related questions

Checking digital signature programmatically
How to force user to user Administrator account in WinForms
RS232 serial port communication c# win7 .net framework 3.5 sp1
convert python programme to windows executable
Ensure WPF Taskbar Window Preview is actualized
No module named psycopg2
Windows 7 bat file not starting as a service
Windows 7 Taskbar Widget or Toolbar
COM Elevation Moniker fails to elevate the server under Vista/Windows 7
Java 7 on 32-bit Windows 7 - Java Webstart - Unable to load resource
Reading Device Manager's Property Fields in Windows 7/8
Can I modify the Windows 7 preview pane so HTML files display just the text in the preview instead of rendering the html?
Need to resolve HMONITOR --> deviceName (or deviceName --> HMONITOR) in windows
Get output from BAT file using Java
Can't install libv8 3.11.8.17 in Rails on Windows
matplotlib 1.3.0 ImportError: DLL load failed: %1 is not a valid Win32 application
How to read HDD S.M.A.R.T. attributes?
Getting Valgrind on Windows 7
Is it possible to create mini dump file programmatically without a crash?
Trying to create a Math Input Panel in C#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!