Installation of the Driver Signed with the Self-signed Certificate When you check the certificate store with the Sigcheck utility, this certificate will be displayed as untrusted, because it is not on the listed in the list of Microsoft root certificates (this list needs to be updated periodically). In a domain, you can distribute this certificate to client computer using Group Policy. Or do it with the graphical certificate import wizard (you need to place the certificate in the Trusted Publishers and Trusted Root Certification Authorities stores of the local machine). You can do it using the following commands:Ĭertmgr.exe -add C:\DriverCert\myDrivers.cer -s -r localMachine ROOTĬertmgr.exe -add C:\DriverCert\myDrivers.cer -s -r localMachine TRUSTEDPUBLISHER Add your certificate to the local computer certificate store. Since the certificate we created is self-signed, by default the system doesn’t trust it. If any of these files has been changed, the checksum of the files will not match the data in the CAT file, and, as a result, the installation of such a driver will fail. The CAT file contains digital signatures (thumbprints) of all the files that are in the driver directory (files listed in the INF file in the CopyFiles section). Or in the file properties on the Digital Signatures tab: SignTool verify /v /pa c:\DriverCert\xg\xg20gr.cat You can check the digital signature of the driver in the cat file using the following command: The digital signature of the driver is contained in the.
Successfully signed: C:\DriverCert\xg\xg20gr.cat If the file is successfully signed, the following message should appear: Signtool sign /f C:\DriverCert\myDrivers.pfx /p /t /v C:\DriverCert\xg20\xg20gr.cat
The following command will sign the CAT file with a digital signature using with a certificate stored in a PFX file, protected by a password: Sign the set of the driver files with the certificate you have created earlier using Globalsign as a timestamp service. Signing the Driver Using Self-signed CertificateĬd C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1\Bin To fix the error, find the line with DriverVer = in the section and replace it with:Īfter the command is executed, the xg20gr.cat file should be updated in the drivers’ directory. In my case the command Inf2Cat.exe returned an error:Ģ2.9.7: DriverVer set to incorrect date (must be postdated to for newest OS) in \hdx861a.inf To make sure that the procedure was correct, check if the log file contains the messages: Inf2cat.exe /driver:"C:\DriverCert\xg20" /os:7_X64 /verbose
#LATEST UDMX DRIVER WINDOWS#
On the base of an inf file using the inf2cat.exe tool (included in the Windows Driver Kit – WDK) generate a cat file for your platform (it contains information about all files in the driver package): Generate a CAT file (contains information about all the files in the driver package) on the base of the INF file. inf among these files (in our case, they are xg20grp.sys and xg20gr.inf). Make sure that there are files with the extensions.
#LATEST UDMX DRIVER ARCHIVE#
Creating a Catalog File (CAT) for Driver PackageĬreate the directory C:\DriverCert\xg20 and copy all files from the folder into which the driver from the archive has been originally extracted (c:\tools\drv1\). The validity of the driver already signed by this certificate is unlimited (or old signatures are valid during the specified timestamp). Although the certificate has a limited validity period, the expiration of the CodeSigning certificate means that you can’t create new signatures.