0

We have an hardware device that is used by many customers. We support windows 7 - 10 OS's. With this device, a driver and software is included. The device is is built in China, they eventually use a Cypress USB driver. The .inf file can be found below. The Chinese company then adds some references for their own device inside the .inf file, which magically makes it work, in combination with their software.

My background is not C++ or any hardware related development. Now we have customers receiving code 52 error when the driver is installed and plugged in.

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

So after a lot of googling it seems like the Chinese company didn't keep up with the latest standards for drivers. Newer devices have secure boot enabled which blocks drivers that are not signed correctly.

Now I am wondering a few things:

  • Would getting my driver though the various HCK/HLK/WLK test be required? My driver is simply a .inf file, .sys file and a generated .cat file.
  • Would generating a .cab file with makecab be sufficient?
  • Is my driver actually a kernel mode driver or user mode driver?
  • This will of course be tested: but would signing the cat file with an EV certificate solve this problem already?

Getting though the HCK and HLK test seems a lot of work for a simple .inf file. While the guidelines are pretty clear, I am not entirely sure if there are specific things I don't need to do in my scenario.

.inf file code:

; Installation INF for the Cypress Generic USB Driver for Windows 2000
; Processor support for x86 based platforms.
;
; (c) Copyright 2011 Cypress Semiconductor Corporation
;

[Version]
Signature="$WINDOWS NT$"
Class=USB
ClassGUID={36FC9E60-C465-11CF-8056-444553540000}
provider=%CYUSB_Provider%
CatalogFile=CYUSB.cat
DriverVer=10/17/2011,3.4.7.000

[SourceDisksNames]
1=%CYUSB_Install%,,,

[SourceDisksFiles]
CYUSB.sys = 1

[DestinationDirs]
CYUSB.Files.Ext = 10,System32\Drivers

[ControlFlags]
ExcludeFromSelect = *

[Manufacturer]
%CYUSB_Provider%=Device,NT,NTx86,NTamd64

;for all platforms
[Device]
;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb, USB\VID_XXXX&PID_XXXX


;for windows 2000 non intel platforms
[Device.NT]
;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb, USB\VID_XXXX&PID_XXXX


;for x86 platforms
[Device.NTx86]
;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb, USB\VID_XXXX&PID_XXXX


;for x64 platforms
[Device.NTamd64]
;%VID_XXXX&PID_XXXX.DeviceDesc%=CyUsb, USB\VID_XXXX&PID_XXXX


[CYUSB]
CopyFiles=CYUSB.Files.Ext
AddReg=CyUsb.AddReg

[CYUSB.HW]
AddReg=CYUSB.AddReg.Guid

[CYUSB.Services]
Addservice = CYUSB,2,CYUSB.AddService

[CYUSB.NT]
CopyFiles=CYUSB.Files.Ext
AddReg=CyUsb.AddReg

[CYUSB.NT.HW]
AddReg=CYUSB.AddReg.Guid

[CYUSB.NT.Services]
Addservice = CYUSB,2,CYUSB.AddService


[CYUSB.NTx86]
CopyFiles=CYUSB.Files.Ext
AddReg=CyUsb.AddReg

[CYUSB.NTx86.HW]
AddReg=CYUSB.AddReg.Guid

[CYUSB.NTx86.Services]
Addservice = CYUSB,2,CYUSB.AddService

[CYUSB.NTamd64]
CopyFiles=CYUSB.Files.Ext
AddReg=CyUsb.AddReg

[CYUSB.NTamd64.HW]
AddReg=CYUSB.AddReg.Guid

[CYUSB.NTamd64.Services]
Addservice = CYUSB,2,CYUSB.AddService


[CYUSB.AddReg]
; Deprecating - do not use in new apps to identify a CYUSB driver
HKR,,DevLoader,,*ntkern
HKR,,NTMPDriver,,CYUSB.sys
; You may optionally include a check for DriverBase in your application to check for a CYUSB driver
HKR,,DriverBase,,CYUSB.sys
HKR,"Parameters","MaximumTransferSize",0x10001,4096
HKR,"Parameters","DebugLevel",0x10001,2
HKR,,FriendlyName,,%CYUSB_Description%

[CYUSB.AddService]
DisplayName    = %CYUSB_Description%
ServiceType    = 1                  ; SERVICE_KERNEL_DRIVER
StartType      = 3                  ; SERVICE_DEMAND_START
ErrorControl   = 1                  ; SERVICE_ERROR_NORMAL
ServiceBinary  = %10%\System32\Drivers\CYUSB.sys
AddReg         = CYUSB.AddReg
LoadOrderGroup = Base

[CYUSB.Files.Ext]
CYUSB.sys

[CYUSB.AddReg.Guid]
HKR,,DriverGUID,,%CYUSB.GUID%

[Strings]
CYUSB_Provider    = "Cypress"
CYUSB_Company     = "Cypress Semiconductor Corporation"
CYUSB_Description = "Cypress Generic USB Driver"
CYUSB_DisplayName = "Cypress USB Generic"
CYUSB_Install     = "Cypress CYUSB Driver Installation Disk"
VID_XXXX&PID_XXXX.DeviceDesc="Cypress USB Generic Driver (3.4.7.000)"
CYUSB.GUID="{AE18AA60-7F6A-11d4-97DD-00010229B959}"
CYUSB_Unused      = "."
CularBytes
  • 9,924
  • 8
  • 76
  • 101

1 Answers1

0

Microsoft keeps adding hurdles, you might have to sign it in their dev portal now and you need a EV cert. to sign up. There is also a difference between a clean install and a upgrade when it comes to the enforcement of secure boot!

I would recommend that you read/join the OSR mailing list, it has multiple threads dealing with the struggles of Windows 10 & SHA2 signing.

Their blog might also be useful.

Anders
  • 97,548
  • 12
  • 110
  • 164
  • Hi, thanks for your reply. I have already signed up with an EV certificate and I would be able to do the HCK tests, so the threads and article is not really relevant. I am just wondering if the HCK/HLK/WLK tests can be done with a .inf file. Please see the other questions I mentioned as well. – CularBytes Apr 03 '17 at 13:56