Author Topic: How to Digitally Sign USB CDC inf  (Read 10510 times)

Rick N

  • Member
  • ***
  • Posts: 1
How to Digitally Sign USB CDC inf
« on: April 27, 2015, 03:08:21 pm »
We have a USB CDC device that uses the built in Windows driver where we provide an unsigned inf file so the device can be install the first time. In some installations, the PC is prevented from installing un-known drivers, which has caused problems. What are the steps involved in getting our hardware (USB device) and .inf file digitally signed so that Windows recognizes it "silently" like a HID device does? Would I need to take the device to a USB plug-fest to certify the HW, enumeration, class command response, etc? What steps are needed to get the .inf file certified?

Thanks,

Rick N.

Jan Axelson

  • Administrator
  • Frequent Contributor
  • *****
  • Posts: 3033
    • Lakeview Research
Re: How to Digitally Sign USB CDC inf
« Reply #1 on: April 28, 2015, 09:26:25 am »

This is a good place to start:

http://www.davidegrayson.com/signing/

grantb5

  • Member
  • ***
  • Posts: 34
Re: How to Digitally Sign USB CDC inf
« Reply #2 on: April 30, 2015, 01:51:35 pm »
Yes, as Jan said that the site to look at. I followed his advice a few years back and it's still OK. I see he's thinking for changing his recommendations, but it's working fine for me at this time. Once you get the certificate installed it's pretty easy. I found that to be the hard part.

For the actual signing, I have a set of batch files that I use and I just drag the file in question on them one at a time. Application signing is only the last two steps (sign and verify). An INF takes a few more. Here is what I did for that exact purpose (signing a CDC inf)

Batch file #1: CHKINF. This one has the filenames in it, so don't drag anything on it.
Code: [Select]
rem
rem Double click. Edit content as necessary for the right file names.
rem
Chkinf /L E:\Folder\Driver_Signing\Product\CDC_Inf\_infresults.txt E:\Folder\Driver_Signing\Product\CDC_Inf\CPSxxCDC.inf
pause

Batch File #2: INF2CAT

Code: [Select]
REM
REM Drag the inf onto this batch file
REM
"C:\Program Files\WinDDK\8.0\bin\x86\inf2cat.exe" /v /driver:%~dp0 /os:XP_X86,Vista_X86,Vista_X64,7_X86,7_X64,8_X86,8_X64
pause

Batch File #3: Sign it (or anything)

Code: [Select]
rem
rem Drag the CAT file onto this batch file
rem
"C:\WinDDK\7600.16385.1\bin\x86\signtool.exe" sign /v /n "MyCompany" /t http://tsa.starfieldtech.com %1
pause


Batch File #4: Verify

Code: [Select]
rem
rem Drag the signed file onto this batch file
rem
"C:\WinDDK\7600.16385.1\bin\x86\signtool.exe" verify /v /pa %1
pause

grantb5

  • Member
  • ***
  • Posts: 34
Re: How to Digitally Sign USB CDC inf
« Reply #3 on: April 30, 2015, 01:53:56 pm »
Then I used DPINST via InnoSetup to deploy it. If memory serves I had to sign DPInst too.

rallysjd

  • Member
  • ***
  • Posts: 21
    • PiXCL Automation Technologies Inc
Re: How to Digitally Sign USB CDC inf
« Reply #4 on: May 15, 2015, 02:45:18 pm »
I worked thru David Grayson's useful pages, then detailed my own experience with Win7/8 on my website, and passed the link back.

http://pixcl.com/Signing-Windows-8-Drivers.htm

SD