Hi all

I have struggled a lot with driver installation lately.
Is there anyone out there who can explain the following dilemma to me:

I have received an unsigned driver package from a small vendor.
I have signed these drivers by my selves using Authenticode.

Using DPInst to install these drivers silent on Windows XP SP1 now works ok, but when I try to install them through a msi file, using Wise and DIFxApp.msm, I receive the following error:

Signature verification failed while checking integrity of driver package 'ftdiport.inf
InstallDriverPackages failed with error 0xE0000244


Is it not possible to install an Authenticode signed driver package through Windows Installer?

Many thanks in advance!
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Did a quick google search on this one and it sounds like this is a similiar issue and a possible fix. DIFxApp 2.0 won't install my driver - it doesn't think it's signed
Answered 02/15/2006 by: Foleymon
Orange Senior Belt

Please log in to comment
0
Ok if I lookup 0xE0000244 from here:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deployment/winupdte.mspx

I get a meaningful message of ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH. So you reference the DIFx documentation at:
http://download.microsoft.com/download/5/D/6/5D6EAF2B-7DDF-476B-93DC-7CF0072878E6/DIFxAPI.doc

And find a bit more info being the certificate is not valid for the current version of Windows or it has expired. So I would check the certificate on the package to see what Windows says. I am not sure how to do this but I think if you find the cat file, right click and select properties you should find a tab with more info.
Answered 02/15/2006 by: kkaminsk
Ninth Degree Black Belt

Please log in to comment
0
I may well be wrong, but my understanding was that authenticode driver signing is only supported in Windows 2003 and above, not XP. This would explain the OS Mismatch error message.
Answered 02/15/2006 by: meastaugh1
Senior Purple Belt

Please log in to comment
0
You can just not silenly in 2.0. Here is the snipet from the manual.
(http://download.microsoft.com/download/5/D/6/5D6EAF2B-7DDF-476B-93DC-7CF0072878E6/DIFxtools_reqs.doc)

Quiet Installation of Unsigned WHQL-Class Driver Packages on Windows XP and Windows 2000
The DIFx tools do not support a quiet installation of unsigned WHQL-class driver packages.

Installation of Non-WHQL-Class Driver Packages on Windows XP and Windows 2000
The following considerations apply to performing a wizard-mode installation of non-WHQL-class driver packages on Windows XP and Windows 2000.
Wizard Installation of Authenticode-Signed Non-WHQL-Class Driver Packages on Windows XP and Windows 2000
By default, the DIFx tools perform a wizard installation of non-WHQL-class driver packages that have an Authenticode signature. Setup handles driver packages with an Authenticode signature in the same way that Setup handles unsigned driver packages.
Answered 02/15/2006 by: kkaminsk
Ninth Degree Black Belt

Please log in to comment
0
Thanks for all your answers!
The information you have posted explaines a lot, particulary ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH and This would explain the OS Mismatch error message.

The thing that still bothers me is that my Authenticode-Signed Non-WHQL-Class Driver Package can be installed silent by DPInst but not through Windows Installer with DIFxApp!

I guess I'll have to wait for DIFxApp 3.0.
By the way, does anyone know when that version will be released?

THANKS !
Answered 02/15/2006 by: jsvenso1
Senior Yellow Belt

Please log in to comment
0
I complained about how you could not silently install authenticode signed drivers with DIFx app to the team and was invited onto the beta. I got caught up with work and never signed up so I am a bit in the dark.

I should note another limitation I noticed about DIFx app was the fact that you had to order your driver installations if you are installing dependant drivers. So what I had to do with an older Sierra Wireless Aircard driver is put the two driver packages in different directories and configure the order via the DIFx specific tables to install the different drivers. For some reason DPInst knows how to do this.
Answered 02/16/2006 by: kkaminsk
Ninth Degree Black Belt

Please log in to comment
0
Good news, problem solved!

I have managed to install my Authenticode-Signed Non-WHQL-Class Driver Package through DIFxApp and Windows Installer.

The thing that solved my problem was setting the flag to 10 in my MsiDriverPackages table. This gave me a comination of the legacy mode switch and the switch that suppress the dialog that prompts the user to connect the device to the computer.

This togheter with the OS setting Install the software anyway and don't ask for my approval made it possible to intall my driver package silent.
Answered 02/16/2006 by: jsvenso1
Senior Yellow Belt

Please log in to comment
0
Sorry, could you just clarify for me:
I understand that you can install with the legacy mode enabled in DifXApp and setting Windows to install drivers, regardless of whether or not they're signed.

Understandably I don't want to set the OS to allow unsigned driver installation for everyone. So is the reason I cannot use authenticode to sign my unsigned drivers, DifXApp or the version of Windows I'm running?
Answered 02/20/2006 by: meastaugh1
Senior Purple Belt

Please log in to comment
0
Hmm dunno how I missed this but DIFx 2.01 is out. http://www.microsoft.com/whdc/driver/install/DIFxtls.mspx

Driver Install Frameworks (DIFx) provides infrastructure and tools to simplify device and driver installation for both developers and users. DIFx tools includes the Driver Package Installer (DPInst), Driver Installation Frameworks for Applications (DIFxApp) and Driver Installation Frameworks Library (DIFxAPI).

Updates were made to DIFx 2.01 to address customer requests.

Features in Version 2.01:

• Driver Installation Frameworks Library (DIFxAPI).

• Support for install, uninstall, repair, and rollback of drivers.

• Ability to track and maintain application-driver-service associations and provide reference counting on drivers and services.

• DIFxAPI that exports the following functions:

• DriverPackagePreinstall()

• DriverPackageInstall()

• DriverPackageUninstall()

• DriverPackageGetPath()



• Ability to create driver installation packages for 32-bit, x64-based platforms and Itanium-based systems.

• Support for Windows Vista

• Driver Package Installer (DPInst).

• Ability to group packages belonging to multifunction devices.

• New XML elements and command-line switches for:

• Accepting unsigned drivers by using the legacy mode flag. The underlying operating system still performs signing checks, but the DIFx tools don't add any additional signing requirements.

• Scanning hardware before performing any preinstall or install to ensure that only packages for which hardware is present are loaded on the machine. This allows the use of DPInst for batch updates, during which the system is scanned for a large number of drivers and only those that are actually required are selected.

• Using uninstall to delete files that have been copied to the system during install.



• Driver Install Frameworks for Applications (DIFxApp).

• Ability to work with a scenario in which non-administrators can install administrator-authorized driver packages.

• New flags for:

• Using the legacy-mode flag to accept unsigned drivers. The underlying operating system still performs signing checks, but the DIFx tools don't add additional signing requirements.

• Deleting files on uninstall. Uninstall can delete files that have been copied to the system during install.
Answered 02/23/2006 by: kkaminsk
Ninth Degree Black Belt

Please log in to comment
0
meastaugh1, I'm waiting for the hardware to arrive so that I can test my driver package completely. I will post a message in this thread when I have the results from this test.
Answered 02/23/2006 by: jsvenso1
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity