Windows 8 x64 driver installation error - signature test fails
When you install the driver for Hitron BRG 35302 cable modem on Windows 8 x64, you get an error message "The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering". Then the installation process stops.
To solve it, turn the Windows 8 checking of the driver's signature off.
On the blue screen select Troubleshoot, Advanced options, Startup Settings. Click Restart button.
2. When computer is rebooting the blue screen with Startup settings appears. Choose the 7th bullet "Disable driver signature enforcement".
3. After computer is started just repeat the driver installation process. But this time the Windows Security dialog pops up with a "Windows can't verify publisher of this driver software" warning.
Choose Install the driver software anyway.
4. The driver is installed.
Windows requires a digitally signed driver. A driver that lacks a valid digital signature, or has a signature that was changed after it was signed, can't be installed on 64-bit versions of Windows. You'll only see this notification if you have a 64-bit version of Windows and try to install such a driver on it.
I wonder why 64 and 32 bit OSs handle a driver's signature differently...
To disable/enable driver signing as well as turning test signing on (seems to be an alternative approach) type:
The initial problem persists even if the driver is signed and the certificate is installed in the certificate store. The recipe is outlined below:
To create a certificate use SelfCert.exe utility which ships with Office 12. It is in the "c:\Program Files\Microsoft Office\Office12\SELFCERT.EXE".
To sign the .sys files of the driver use SignTool.exe which ships with Windows SDK.
To install the certificate: right click on the signed .sys file - Properties - Digital Signatures. Choose the certificate name - Details - View Certificate - Install Certificate - Local Machine - Next - "Automatically select the certificate store based on the type of certificate" - Next - Finish.
To create the driver's .cat file use Inf2Cat utility which ships with Windows Driver Kit (WDK).
To see "Local Security Policy" configuration select Control Panel - Administrative Tools - Local Security Policy. Then select Security Settings - Public Key Policies and in the right frame choose "Certificate Vath Validation Settings". The check box "Allow user trust root (CA) to be used to validate certificates" (CA=certification authority) seems to be useful if you install certificate on user level instead of a local machine level.
To solve it, turn the Windows 8 checking of the driver's signature off.
Solution:
1. Press Alt-I to open a Settings panel. Chose PC Settings (in the bottom) - Advanced startup - Restart now.
On the blue screen select Troubleshoot, Advanced options, Startup Settings. Click Restart button.
2. When computer is rebooting the blue screen with Startup settings appears. Choose the 7th bullet "Disable driver signature enforcement".
3. After computer is started just repeat the driver installation process. But this time the Windows Security dialog pops up with a "Windows can't verify publisher of this driver software" warning.
4. The driver is installed.
The approaches I tried which do NOT help.
The Windows documentation which describes the original error states:Windows requires a digitally signed driver. A driver that lacks a valid digital signature, or has a signature that was changed after it was signed, can't be installed on 64-bit versions of Windows. You'll only see this notification if you have a 64-bit version of Windows and try to install such a driver on it.
I wonder why 64 and 32 bit OSs handle a driver's signature differently...
To disable/enable driver signing as well as turning test signing on (seems to be an alternative approach) type:
bcdedit.exe /set loadoptions DISABLE_INTEGRITY_CHECKS bcdedit.exe /deletevalue loadoptions -- to undo the previous command bcdedit.exe /set testsigning ON bcdedit.exe /set testsigning OFF -- to undo the previous commandComputer reboot is required.
The initial problem persists even if the driver is signed and the certificate is installed in the certificate store. The recipe is outlined below:
To create a certificate use SelfCert.exe utility which ships with Office 12. It is in the "c:\Program Files\Microsoft Office\Office12\SELFCERT.EXE".
To sign the .sys files of the driver use SignTool.exe which ships with Windows SDK.
signtool.exe sign /i RedGreenBlue c:\Hitron35302_x64\usb8023w.sysThe "RedGreenBlue" is the name of the certificate.
To install the certificate: right click on the signed .sys file - Properties - Digital Signatures. Choose the certificate name - Details - View Certificate - Install Certificate - Local Machine - Next - "Automatically select the certificate store based on the type of certificate" - Next - Finish.
To create the driver's .cat file use Inf2Cat utility which ships with Windows Driver Kit (WDK).
Inf2Cat.exe /driver:C:\Hitron35302_x64 /os:7_X86,7_X64,8_X86,8_X64The driver parameter points to the folder with inf/sys/cat driver files.
To see "Local Security Policy" configuration select Control Panel - Administrative Tools - Local Security Policy. Then select Security Settings - Public Key Policies and in the right frame choose "Certificate Vath Validation Settings". The check box "Allow user trust root (CA) to be used to validate certificates" (CA=certification authority) seems to be useful if you install certificate on user level instead of a local machine level.
No comments:
Post a Comment