How to sign Windows 10 Device Drivers?
I've written a custom device driver for Windows 10, and have correctly signed the driver with an EV certificate issued to my company, following the build + signing directions issued by Microsoft.
I recently upgraded to the latest Windows 10 build, and in the process, Driver Signature Enforcement has been re-enabled.
However, even with the EV-cert signed drivers still being installed, I get the following error in Device Manager:
What is strange is I can install the driver just fine. Windows 10 doesn't prompt me with any warning that the driver is dangerous, has a bad signature, or is unsigned. However, the Device Manager still disables the device with the Error Code 52, noted in the picture.
Am I not doing something correctly? Does Windows 10/Microsoft require something beyond signing with a valid EV certificate? Do I need to actually send the drivers to Microsoft to get them approved or something? And if so, how do I do this?
The only way I can get these drivers to work in the device manager is to disable driver signature enforcement, but that's not a tenable solution for when I attempt to distribute the driver to customers.
As you noticed, the signature requirements that Windows checks when you install a driver package are different than the requirement it checks for loading a .sys file (kernel module) into the kernel. If your driver includes a .sys files, you will generally have to submit it to Microsoft's Windows Hardware Developer Center Dashboard portal to get it signed. Here's the announcement from Microsoft about that:
If you can just use drivers that come with Windows (e.g. WinUSB), that would be preferred, because those use kernel modules that are already signed by Windows, so all you have to do is meet the requirements for getting the driver package installed.
I wrote a lot more about driver signing here:
- Determine the OS version, Linux and Windows from Powershell
- Privilege elevation in Windows with ansible
- How to check if a process is running or not in Batch Script
- Windows Semicolons in Path
- What is the default location for certificates created using "dotnet dev-certs https"
- create .bat file to clear apache logs
- How do I install pip on Windows?
- Gradle: Couldn't connect to Kotlin daemon on Windows
- Having trouble installing GDAL for Python on Windows
- How to find and delete a file with CMD command?
- Start menu folder created by Inno Setup is not showing
- Cursor disappearing inside text field
- How to use PGPASS file in Powershell to avoid password prompt?
- Why Bazel does not find Visual C++ Build Tools?
- How to change font (size/family) in PyScripter?
- Running the Microsoft Winsock Client and Server Code Sample
- django OSError: no library called "cairo" was found on windows
- while trying to create django-admin startproject :No module name django-admin
- Microsoft Detours - DetourUpdateThread?
- Difference between char * and LPSTR in windows
- How to detect if CMD is running as Administrator/has elevated privileges?
- Why does my batch script fail to execute Java program in a loop?
- Which API returns the message for NTSTATUS?
- How do I pass an absolute path to the adb command via git bash for windows?
- How to dynamically print exclamation mark from a variable while using Delayed Expansion and Loops in CMD?
- Can't call a Powershell script through the registry properly. A positional parameter cannot be found that accepts argument '$null'
- Enabling auto-completion in git bash on windows?
- How can I make a file trully immutable (non-deletable and read-only)?
- Console application closes immediately after opening in visual studio
- JAVA 1.6 in Eclipse IDE