PORTS Forum

Ports and Interfaces => USB => Topic started by: Rick N on April 27, 2015, 03:08:21 pm

Title: How to Digitally Sign USB CDC inf
Post by: Rick N on April 27, 2015, 03:08:21 pm: We have a USB CDC device that uses the built in Windows driver where we provide an unsigned inf file so the device can be install the first time. In some installations, the PC is prevented from installing un-known drivers, which has caused problems. What are the steps involved in getting our hardware (USB device) and .inf file digitally signed so that Windows recognizes it "silently" like a HID device does? Would I need to take the device to a USB plug-fest to certify the HW, enumeration, class command response, etc? What steps are needed to get the .inf file certified?

Thanks,

Rick N.
Title: Re: How to Digitally Sign USB CDC inf
Post by: Jan Axelson on April 28, 2015, 09:26:25 am: This is a good place to start:

http://www.davidegrayson.com/signing/
Title: Re: How to Digitally Sign USB CDC inf
Post by: grantb5 on April 30, 2015, 01:51:35 pm: Yes, as Jan said that the site to look at. I followed his advice a few years back and it's still OK. I see he's thinking for changing his recommendations, but it's working fine for me at this time. Once you get the certificate installed it's pretty easy. I found that to be the hard part.

For the actual signing, I have a set of batch files that I use and I just drag the file in question on them one at a time. Application signing is only the last two steps (sign and verify). An INF takes a few more. Here is what I did for that exact purpose (signing a CDC inf)

Batch file #1: CHKINF. This one has the filenames in it, so don't drag anything on it.
Code: [Select]
rem rem Double click. Edit content as necessary for the right file names. rem Chkinf /L E:\Folder\Driver_Signing\Product\CDC_Inf\_infresults.txt E:\Folder\Driver_Signing\Product\CDC_Inf\CPSxxCDC.inf pause
Batch File #2: INF2CAT

Code: [Select]
REM REM Drag the inf onto this batch file REM "C:\Program Files\WinDDK\8.0\bin\x86\inf2cat.exe" /v /driver:%~dp0 /os:XP_X86,Vista_X86,Vista_X64,7_X86,7_X64,8_X86,8_X64 pause
Batch File #3: Sign it (or anything)

Code: [Select]
rem rem Drag the CAT file onto this batch file rem "C:\WinDDK\7600.16385.1\bin\x86\signtool.exe" sign /v /n "MyCompany" /t http://tsa.starfieldtech.com %1 pause

Batch File #4: Verify

Code: [Select]
rem rem Drag the signed file onto this batch file rem "C:\WinDDK\7600.16385.1\bin\x86\signtool.exe" verify /v /pa %1 pause
Title: Re: How to Digitally Sign USB CDC inf
Post by: grantb5 on April 30, 2015, 01:53:56 pm: Then I used DPINST via InnoSetup to deploy it. If memory serves I had to sign DPInst too.
Title: Re: How to Digitally Sign USB CDC inf
Post by: rallysjd on May 15, 2015, 02:45:18 pm: I worked thru David Grayson's useful pages, then detailed my own experience with Win7/8 on my website, and passed the link back.

http://pixcl.com/Signing-Windows-8-Drivers.htm

SD