从已签名的驱动程序接收错误(代码52) [英] Receiving error (Code 52) from a signed driver
问题描述
很抱歉,长度,但是我想获得尽可能多的细节。
Sorry about the length but I wanted to get as much detail as I could in.
TL; DR:一个驱动程序文件,我使用 signtool 和&安装后,Verisign仍然出现Code 52错误。
TL;DR: A driver file I signed using signtool & Verisign is still giving a Code 52 error when I install it.
我已经为使用usbser.sys驱动程序文件的设备创建了INF文件。已签名,在将其安装到目标计算机上时遇到了麻烦,特别是遇到以下错误...
I've created an INF file for a device which uses usbser.sys driver file, however even though I've signed it, I'm having trouble installing it on the target machine, in particular, I'm getting the following error...
< Windows无法验证此设备所需驱动程序的数字签名。最近的硬件或软件更改可能安装了未正确签名或损坏的文件,或者可能是来自未知来源的恶意软件。 (代码52)
Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)
我使用在此处找到的示例文件创建了INF文件...
https://gist.github.com/tracernz/26a5c4343cec83462fed
I've created the INF file using a sample file I found here... https://gist.github.com/tracernz/26a5c4343cec83462fed
我做了一点修改,但是我不想粘贴到我的整个文件中。这里是一些要点...
I changed it a little but I don't want to paste in my entire file. Here are some of the main points...
[Version]
Signature="$Windows NT$"
DriverPackageType = PlugAndPlay
DriverPackageDisplayName = %Device%
Class=Ports
ClassGUID={4d36e978-e325-11ce-bfc1-08002be10318}
Provider=%Provider%
CatalogFile=myfile.cat
DriverVer=07/16/2016,10.0.14393.0
[Manufacturer]
%Provider% = UsbDevice, NTamd64
[UsbDevice.NTamd64]
%Device% = Usb_Install, USB\VID_2102&PID_0003\5&2E3CC8B3&0&8
[Strings]
Provider = "MyCompany Ltd."
Device = "My Own Device"
(我还删除了 GenericDriverInstalled ,,,, 1 ,因为INFVERIF会因此而引发错误,而我在网上找不到任何可以解释该怎么做或如何解决该错误的信息)
(I also removed the line GenericDriverInstalled,,,,1 because INFVERIF was throwing an error because of it and I couldn't find anything online that explained what it was supposed to do or how to fix the error)
目标计算机是64位Windows 10 IoT Enterprise。
Target machine is 64bit Windows 10 IoT Enterprise.
所以我用inf2cat( / os:10_X64 )-没有错误报告(目录生成完成)
So I create my cat file with inf2cat (/os:10_X64) - no errors reported ("Catalog generation complete")
然后我使用以下命令对cat文件签名:
Then I sign the cat file with this command:
"C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bin\signtool" sign /f ..\MyCertificate.pfx /p MyPassword /t http://timestamp.verisign.com/scripts/timstamp.dll /v myfile.cat
据报道这是成功的。
然后,将包含myfile.inf,myfile.cat和usbser.sys的目录复制到目标计算机。
Then I copy the directory containing myfile.inf, myfile.cat and usbser.sys to my target machine.
在这台计算机上,如果我查看设备管理器,我会看到我的设备,但名称不是%UNWANTED_CDC_NAME%(COM4)-我不确定这是从哪里来的。上面的INF文件中的 USB\VID_2102& PID_0003\5& 2E3CC8B3& 0& 8 与此设备的设备实例路径相同。
On this machine, if I look at the Device Manager, I see my device, but not with the right name %UNWANTED_CDC_NAME% (COM4) - I'm not sure where this is coming from. The USB\VID_2102&PID_0003\5&2E3CC8B3&0&8 in the INF file above is the same as the Device Instance Path for this device.
我运行 pnputil \add-driver myfile.inf ,对话框询问我是否信任发布者,我同意,并报道了成功。
I run pnputil \add-driver myfile.inf and I'm asked by a Dialogue Box whether I trust the publisher, which I agree to, and success is reported.
但是在设备管理器中,我的设备没有像我期望的那样更名为我自己的设备!
But in the Device Manager, my device hasn't changed its name to "My Own Device" as I expected!
所以我右键单击我的设备,更新驱动程序软件,浏览计算机以获取驱动程序软件,让我从以下设备驱动程序列表中选择我的计算机,从磁盘安装...,然后选择myfile.inf
So I go right click on my device, "Update Driver Software", "Browse my computer for driver software", "Let me pick from a list of device drivers on my computer", "Have disk..." and select myfile.inf
它在模型下显示我自己的设备,并显示此驱动程序具有Authenticode (tm)签名。
It shows "My Own Device" under the model, and says "This driver has an Authenticode(tm) signature."
但是当我单击下一步时,我收到一条错误消息,提示不建议安装此设备驱动程序,因为Windows无法验证它是否兼容与您的硬件。我单击是继续安装,然后单击 Windows已成功更新您的驱动程序软件,但需要重新启动。
But when I click "Next" I get an error saying that "Installing this device driver is not recommended because Windows cannot verify that it is compatible with your hardware." I click "Yes" to continue installing and then "Windows has successfully updated your driver software", but a restart is required.
所以我同意重新启动并查看我的设备现在具有正确的名称,但是带有黄色的感叹号。我查看了属性,并在此问题的顶部看到了Code 52错误。
So I agree to the restart and see my device has the correct name now, but with a yellow exclamation mark. I view the properties and I'm seeing that Code 52 error at the top of this question.
另一个细节-我回过头来使用 signtool 来验证签名。
One other detail - I went back then to use signtool to verify the signature.
"C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bin\signtool" verify /v myfile.cat
我从 Verisign开始获得签名证书链中的证书列表以及时间戳记中以Thawte Timestamping CA开头的列表,但随后出现错误消息:
I get a list of certificates in "Signing Certificate Chain" starting with Verisign and a list in the Timestamp starting with Thawte Timestamping CA, but then an error saying:
SignTool错误:证书链已处理,但已终止
SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
这是代码52错误的原因吗?我为什么得到这个,不是Verisign值得信赖的?
Is this the cause of the Code 52 error? Why am I getting this, isn't Verisign trusted?
编辑-尽管如果我这样做
"C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bin\signtool" verify /v /pa myfile.cat
...我得到成功验证
...I get "Successfully verified"
推荐答案
自Windows 10(版本1607)以来,内核模式驱动程序必须由Microsoft签名。
另请参见:
Since Windows 10(version 1607), kernel mode drivers must be signed by Microsoft.
See also:
- Driver Signing changes in Windows 10, version 1607
- USB serial driver (Usbser.sys)
在Windows 10中,驱动程序已被重写b y使用内核模式驱动程序框架来提高驱动程序的整体稳定性。
In Windows 10, the driver has been rewritten by using the Kernel-Mode Driver Framework that improves the overall stability of the driver.
我认为您的驱动程序需要由Microsoft签名
安装没有Microsoft签名的驱动程序时,我也遇到了相同的错误(代码52)。
I think your driver need to be signed by Microsoft.
I have got same error(Code 52) when I installed driver without Microsoft signature.
这篇关于从已签名的驱动程序接收错误(代码52)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
