windows - SignTool 报告的 Windows 10 驱动程序没有签名,但已签名
问题描述
我已经检查了这个 USB 设备仿真 (UDE) 项目:https ://github.com/microsoft/UDE/tree/master/UDEMbimClientSample
该项目在 Visual Studio 19 社区下的发布配置中正确构建了 x64 目标的驱动程序:
1>------ Début de la régénération globale : Projet : hostude, Configuration : Release x64 ------
2>------ Début de la régénération globale : Projet : hostudetest, Configuration : Release x64 ------
1>Building 'hostude' with toolset 'WindowsKernelModeDriver10.0' and the 'Desktop' target platform.
1>Stamping x64\Release\hostude.inf
1>Stamping [Version] section with DriverVer=06/28/2020,10.49.21.636
1>C:\Users\SCO\source\repos\USB_UDE_Sample\UDEFX_host\driver\hostude.inx(19-19): warning 1324: [Version] section should specify PnpLockdown=1.
1>bulkrwr.c
2>Building 'hostudetest' with toolset 'WindowsApplicationForDrivers10.0' and the 'Universal' target platform.
2>dump.c
1>device.c
2>testapp.c
1>driver.c
2>Génération de code en cours...
1>Interrupt.c
1>ioctl.c
1>Génération de code en cours...
2>hostudetest.vcxproj -> C:\Users\SCO\source\repos\USB_UDE_Sample\UDEFX_host\exe\x64\Release\hostudetest.exe
1>hostude.vcxproj -> C:\Users\SCO\source\repos\USB_UDE_Sample\UDEFX_host\driver\x64\Release\hostude.sys
1>Done Adding Additional Store
1>Successfully signed: C:\Users\SCO\source\repos\USB_UDE_Sample\UDEFX_host\driver\x64\Release\hostude.sys
1>
1>catalog file for x64 release
2>Driver is 'Universal'.
1>.............................................................
1>Signability test complete.
1>
1>Errors:
1>None
1>
1>Warnings:
1>None
1>
1>Catalog generation complete.
1>C:\Users\SCO\source\repos\USB_UDE_Sample\UDEFX_host\driver\x64\Release\kmdfsamples.cat
1>Génération du projet "hostude.vcxproj" terminée.
========== Régénération globale : 2 a réussi, 0 a échoué, 0 a été ignoré ==========
生成一个.cat、.inf和.sys文件,以及一个.cer文件。我使用 certmgr.msc将后者添加到“根”和“受信任的发布者”中的本地机器证书存储中。
尝试使用devcon安装驱动程序时,我在以下日志 devcon lo 中收到“未在主题中找到签名”的指示,然后它没有经过数字签名:
>>> [Device Install (UpdateDriverForPlugAndPlayDevices) - USB\VID_1209&PID_0887]
>>> Section start 2020/06/28 09:34:27.873
cmd: devcon.exe install hostude.inf "USB\VID_1209&PID_0887"
ndv: INF path: C:\Users\SCO\source\repos\USB_UDE_Sample\generes\hostude.inf
ndv: Install flags: 0x00000001
ndv: {Update Device Driver - ROOT\SAMPLE\0000}
ndv: Search options: 0x00000080
ndv: Searching single INF 'C:\Users\SCO\source\repos\USB_UDE_Sample\generes\hostude.inf'
dvi: {Build Driver List} 09:34:27.906
dvi: Searching for hardware ID(s):
dvi: usb\vid_1209&pid_0887
sig: {_VERIFY_FILE_SIGNATURE} 09:34:27.938
sig: Key = hostude.inf
sig: FilePath = c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf
sig: Catalog = c:\users\SCO\source\repos\usb_ude_sample\generes\KmdfSamples.cat
! sig: Verifying file against specific (valid) catalog failed.
! sig: Error 0x800b0100: No signature was present in the subject.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0100)} 09:34:27.968
sig: {_VERIFY_FILE_SIGNATURE} 09:34:27.969
sig: Key = hostude.inf
sig: FilePath = c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf
sig: Catalog = c:\users\SCO\source\repos\usb_ude_sample\generes\KmdfSamples.cat
! sig: Verifying file against specific Authenticode(tm) catalog failed.
! sig: Error 0x800b0100: No signature was present in the subject.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0100)} 09:34:27.972
dvi: Created Driver Node:
dvi: HardwareID - USB\VID_1209&PID_0887
dvi: InfName - c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf
dvi: DevDesc - Virtual USB Device for UDE sample
dvi: Section - lxhostude.Dev.NT
dvi: Rank - 0x80ff0000
dvi: Signer Score - Not digitally signed
dvi: DrvDate - 06/28/2020
dvi: Version - 9.0.23.397
dvi: {Build Driver List - exit(0x00000000)} 09:34:27.976
dvi: {DIF_SELECTBESTCOMPATDRV} 09:34:27.977
dvi: Default installer: Enter 09:34:27.977
dvi: {Select Best Driver}
dvi: Class GUID of device changed to: {78a1c341-4539-11d3-b88d-00c04fad5171}.
dvi: Selected Driver:
dvi: Description - Virtual USB Device for UDE sample
dvi: InfFile - c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf
dvi: Section - lxhostude.Dev
dvi: {Select Best Driver - exit(0x00000000)}
dvi: Default installer: Exit
dvi: {DIF_SELECTBESTCOMPATDRV - exit(0x00000000)} 09:34:27.981
ndv: Force Installing Driver:
ndv: Inf Name - hostude.inf
ndv: Driver Date - 06/28/2020
ndv: Driver Version - 9.0.23.397
sto: {Setup Import Driver Package: c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf} 09:34:27.984
inf: Provider: TODO-Set-Provider
inf: Class GUID: {78A1C341-4539-11d3-B88D-00C04FAD5171}
inf: Driver Version: 06/28/2020,9.0.23.397
inf: Catalog File: KmdfSamples.cat
sto: {Copy Driver Package: c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf} 09:34:27.990
sto: Driver Package = c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf
sto: Flags = 0x00000007
sto: Destination = C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}
sto: Copying driver package files to 'C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}'.
flq: Copying 'c:\users\SCO\source\repos\usb_ude_sample\generes\KmdfSamples.cat' to 'C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\KmdfSamples.cat'.
flq: Copying 'c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.inf' to 'C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\hostude.inf'.
flq: Copying 'c:\users\SCO\source\repos\usb_ude_sample\generes\hostude.sys' to 'C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\hostude.sys'.
sto: {Copy Driver Package: exit(0x00000000)} 09:34:28.010
pol: {Driver package policy check} 09:34:28.069
pol: {Driver package policy check - exit(0x00000000)} 09:34:28.070
sto: {Stage Driver Package: C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\hostude.inf} 09:34:28.070
inf: {Query Configurability: C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\hostude.inf} 09:34:28.076
inf: Driver package uses WDF.
inf: Driver package 'hostude.inf' is configurable.
inf: {Query Configurability: exit(0x00000000)} 09:34:28.078
flq: Copying 'C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\KmdfSamples.cat' to 'C:\WINDOWS\System32\DriverStore\Temp\{7caccbd7-e000-8346-9111-8852dc2b1d25}\KmdfSamples.cat'.
flq: Copying 'C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\hostude.inf' to 'C:\WINDOWS\System32\DriverStore\Temp\{7caccbd7-e000-8346-9111-8852dc2b1d25}\hostude.inf'.
flq: Copying 'C:\Users\ADM160~1\AppData\Local\Temp\{c575c0d5-20a9-eb43-ba83-57838dc44c4f}\hostude.sys' to 'C:\WINDOWS\System32\DriverStore\Temp\{7caccbd7-e000-8346-9111-8852dc2b1d25}\hostude.sys'.
sto: {DRIVERSTORE IMPORT VALIDATE} 09:34:28.096
sig: {_VERIFY_FILE_SIGNATURE} 09:34:28.125
sig: Key = hostude.inf
sig: FilePath = C:\WINDOWS\System32\DriverStore\Temp\{7caccbd7-e000-8346-9111-8852dc2b1d25}\hostude.inf
sig: Catalog = C:\WINDOWS\System32\DriverStore\Temp\{7caccbd7-e000-8346-9111-8852dc2b1d25}\KmdfSamples.cat
! sig: Verifying file against specific (valid) catalog failed.
! sig: Error 0x800b0100: No signature was present in the subject.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0100)} 09:34:28.129
sig: {_VERIFY_FILE_SIGNATURE} 09:34:28.130
sig: Key = hostude.inf
sig: FilePath = C:\WINDOWS\System32\DriverStore\Temp\{7caccbd7-e000-8346-9111-8852dc2b1d25}\hostude.inf
sig: Catalog = C:\WINDOWS\System32\DriverStore\Temp\{7caccbd7-e000-8346-9111-8852dc2b1d25}\KmdfSamples.cat
! sig: Verifying file against specific Authenticode(tm) catalog failed.
! sig: Error 0x800b0100: No signature was present in the subject.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0100)} 09:34:28.133
!!! sig: Driver package catalog file does not contain a signature, and Code Integrity is enforced.
!!! sig: Driver package failed signature validation. Error = 0xE0000247
sto: {DRIVERSTORE IMPORT VALIDATE: exit(0xe0000247)} 09:34:28.135
!!! sig: Driver package failed signature verification. Error = 0xE0000247
!!! sto: Failed to import driver package into Driver Store. Error = 0xE0000247
sto: {Stage Driver Package: exit(0xe0000247)} 09:34:28.137
sto: {Setup Import Driver Package - exit (0xe0000247)} 09:34:28.143
!!! ndv: Driver package import failed for device.
!!! ndv: Error 0xe0000247: A problem was encountered while attempting to add the driver to the store.
ndv: Installing NULL driver.
dvi: {Plug and Play Service: Device Install for ROOT\SAMPLE\0000}
! dvi: Installing NULL driver!
dvi: {DIF_ALLOW_INSTALL} 09:34:28.291
dvi: Default installer: Enter 09:34:28.292
dvi: Default installer: Exit
dvi: {DIF_ALLOW_INSTALL - exit(0xe000020e)} 09:34:28.293
dvi: {DIF_REGISTER_COINSTALLERS} 09:34:28.293
dvi: Default installer: Enter 09:34:28.294
dvi: Default installer: Exit
dvi: {DIF_REGISTER_COINSTALLERS - exit(0x00000000)} 09:34:28.294
dvi: {DIF_INSTALLDEVICE} 09:34:28.295
dvi: Default installer: Enter 09:34:28.295
! dvi: Installing NULL driver!
dvi: Install Null Driver: Removing device sub-tree. 09:34:28.297
dvi: Install Null Driver: Removing device sub-tree completed. 09:34:28.300
dvi: Install Null Driver: Restarting device. 09:34:28.304
dvi: Install Null Driver: Restarting device completed. 09:34:28.306
dvi: Device Status: 0x01802401, Problem: 0x1c (0x00000000)
dvi: Install Device: Starting device 'ROOT\SAMPLE\0000'. 09:34:28.307
dvi: Install Device: Starting device completed. 09:34:28.310
dvi: Default installer: Exit
dvi: {DIF_INSTALLDEVICE - exit(0x00000000)} 09:34:28.311
ump: {Plug and Play Service: Device Install exit(00000000)}
ndv: {Update Device Driver - exit(e0000247)}
!!! ndv: Failed to install device instance 'ROOT\SAMPLE\0000'. Error = 0xe0000247
<<< Section end 2020/06/28 09:34:28.316
<<< [Exit status: FAILURE(0xe0000247)]
实际上,使用以下 signtool 命令行,表明该文件未签名:
C:\Users\SCO\source\repos\USB_UDE_Sample\generes>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.Exe" verify /v /kp /c kmdfsamples.cat hostude.inf
Verifying: hostude.inf
File is signed in catalog: C:\Users\SCO\source\repos\USB_UDE_Sample\generes\kmdfsamples.cat
Hash of file (sha1): 91E53BD8390C9843F9B856C2138CBF1A6BAFB3EA
SignTool Error: No signature found.
SignTool Error: File not valid: hostude.inf
Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1
不幸的是,当我右键单击驱动程序文件 (hostude.sys) 时,我可以看到显示证书的窗格。
这里有什么问题?什么可以解释这种差异?我对 WDK 的东西还很陌生,无法向我解释。
解决方案
这是一个测试签名,您必须在您的机器上启用“测试签名”,使用 BCDEdit 运行您的驱动程序。
测试签名对于内核模式代码签名无效,即使您将其添加到受信任的根目录也是如此。
推荐阅读
- mongodb - 如何在字符串字段中使用日期条件删除 mongodb 中的文档?
- javascript - 如何一次调用ajax请求在多个组件实例中加载数据
- report - 如何创建表格的自定义“摘要/总计”
- google-chrome - 无法在 Mozilla 中使用 JMETER 记录网络流量在将端口更改为 8080 时出错
- google-chrome - Chrome SVG 渲染工件
- c++ - 泛化我的可变参数模板函数时出错
- python - 由 PyQt4 创建并在 python 中执行的 GUI 没有打开
- azure - 了解 Azure CDN
- macos - CAN 所需的原始套接字在 MacOS 下不起作用 - 套接字:协议不支持地址系列
- symfony - 奏鸣曲默认过滤器值