Question

ChrisBlood on Mon, 21 Oct 2019 12:57:34


Hi,

I have created a unidrv-based bitmap rendering plug-in from the Windows driver samples / print, built in in VS2017 and test signed the driver package but when I try to add the printer it says the driver is not digitally signed. If I navigate to the release package there is a test certificate and the CAT file references the test certificate. I have repeated it for 32 bit , 64 bit, debug & release with no success. 

Does anybody have any suggestions how to fix this?

Replies

MaybeCompletelyW on Mon, 21 Oct 2019 17:43:45


Is this
https://github.com/microsoft/Windows-driver-samples/tree/master/print/OEM%20Printer%20Customization%20Plug-in%20Samples/C%2B%2B/bitmap
Have you added a 'Driver Install Package', say

With kind regards

ChrisBlood on Tue, 22 Oct 2019 10:17:41


Hi, I have done that and I have packaged the files.

Looking at the output in VS2017 there is a warning 1296: Specified service not associated with hardware. According to the documentation on inf verification this is now an error in Win10, 1809 so this may be the cause. Unfortunately it isn't clear how to resolve this error in the INF file.

Infgate.exe doesn't report any errors with the inf file

I have added a services section based on this

[XXXXXXXX.Install.NTx86.Services]
Include=filename.inf
Needs=inf-section-name.Services

but don't know where to reference the Services section


MaybeCompletelyW on Thu, 24 Oct 2019 06:53:44


Not that sure '1296 Warning' of inverif is the culprit.

Not that I do not feel uneasy about it - my knowlegde of printers is limited -  after all I am just doing 'internals' and no hardware involved.
https://social.msdn.microsoft.com/Forums/windowshardware/en-US/6b7899fa-19d0-465a-ba6f-28fad09ad5e4/infgate-versus-infverif-for-printerdrivers?forum=wdk
'Bitmap driver', with a bogus hardware ID, producing 1296 warning, installs on Windows Server 2019 (Version 1809 OS Build 177763.379), provisioned for test-signing.
 "Add Printer" dialogue:
'This driver has an Authenticode signature'
Here some output of C:\Windows\INF\setupapi.dev.log :

sto:      {DRIVERSTORE IMPORT VALIDATE} 09:20:03.620
     inf:           Opened INF: 'C:\Windows\System32\DriverStore\Temp\...}\bitmap.inf' ([strings])
     sig:           {_VERIFY_FILE_SIGNATURE} 09:20:03.772
     sig:                Key      = bitmap.inf
     sig:                FilePath = C:\Windows\System32\DriverStore\Temp\{..}\bitmap.inf
     sig:                Catalog  = C:\Windows\System32\DriverStore\Temp\{...}\bitmap.cat
!    sig:                Verifying file against specific (valid) catalog failed.
!    sig:                Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
     sig:           {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 09:20:03.782
     sig:           {_VERIFY_FILE_SIGNATURE} 09:20:03.784
     sig:                Key      = bitmap.inf
     sig:                FilePath = C:\Windows\System32\DriverStore\Temp\{...}\bitmap.inf
     sig:                Catalog  = C:\Windows\System32\DriverStore\Temp\{...}\bitmap.cat
     sig:                Success: File is signed in Authenticode(tm) catalog.
     sig:                Error 0xe0000241: The INF was signed with an Authenticode(tm) catalog from a trusted publisher.
     sig:           {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 09:20:03.796
     sig:           Driver package is digitally signed by 'WDKTestCert ...
     sig:           Code Integrity State: Test Signing
     inf:           Opened INF: 'C:\Windows\System32\DriverStore\Temp\{...}\bitmap.inf' ([strings])
     sig:           Validating driver package files against catalog 'bitmap.cat'.
     sig:           Verified file 'BITMAP.GPD'.
     sig:           Verified file 'BITMAP.DLL'.
     sig:           Verified file 'BITMAP.INI'.
     sig:           Driver package is valid.
     sto:      {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 09:20:04.113

Not clear about your 
Include=filename.inf
Needs=inf-section-name.Services

No warranty
With kind regards


ChrisBlood on Thu, 24 Oct 2019 08:39:27


Thanks, as you say it wasn't the 1296. 

Thanks for the link to the log file - from that I found out it was a problem with the certificate. I have now deployed it successfully to my test PC

Zac Lockard on Thu, 24 Oct 2019 17:06:45


For the 1296 error, this is informing you that you've made a device driver that doesn't actually specify the driver for the device.  If the device shouldn't have a driver, you can specify this:

[XXXXXXXX.Install.NTx86.Services]
AddService=,2