Reputation: 33
How can I pre-install self-signed USB drivers on Windows XP?
I'm trying to get some USB drivers for medical devices pre-installed on our corporate workstations. Unfortunately, these drivers are not signed. Based on some research done here and elsewhere, I self-signed these drivers using a certificate that I created:
makecert -r -pe -n "CN=Self Root CA" -b 01/01/2006 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.6 -sv selfcert.pvk selfcert.cer
I added the certificate to the "Trusted Root CA" and "Trusted Publishers CA" and and signed the drivers:
signtool sign /f selfcert.pfx /p password /uw /t http://timestamp.verisign.com/scripts/timstamp.dll /v C:\gendex\fusiondexis.cat
I added the '/uw' parameter because the "Windows System Component Verification" (1.3.6.1.4.1.311.10.3.6) and "Code Signing" (1.3.6.1.5.5.7.3.3) are present in the certificate, thus it seemed appropriate.
I then verified the signatures with signtool:
signtool.exe verify /pa /v /c C:\gendex\fusiondexis.cat C:\gendex\fusiondexis.inf
The driver files were copied to 'C:\gendex' and I updated the registry key 'DevicePath' to include this path when searching for driver files. However, when I plug-in the device, Windows displays the Add New Hardware Wizard which requires an admin to enter their credentials. If I don't do that, the device remains in an unrecognized state, and if I do--it works fine.
I've been banging my head trying to figure this out all day. Any help would be appreciated! Thanks.
Upvotes: 1
Views: 882
Answers (1)
Reputation: 222017
Be sure that you added selfcert.cer (Self Root CA) to local machine store and not to the user specific store. You can use
CertMgr.exe -add -c selfcert.cer -s -r localMachine AuthRoot
I deviloped the solution for one my customer about 8 years ago and it still work. I used at the time old version of SignTool which doesn't had /uw switch. I used just
SignTool.exe signwizard /v LXT52Xxp.cat
For the troubleshooting I would recommend you to set detailed SetupAPI log (see here and here). It will shows whether which drives from which directory will be get and whether the ranking of the driver will be interpreted the same as "Microsoft signed".
Upvotes: 1
Related Questions
- Need to write driver for USB peripheral device?
- Can I self-sign user-mode USB drivers, or do I need to go through Microsoft's Hardware Program?
- Automating driver installation on Windows XP
- Windows driver signed using Vista and later methods installs just fine in XP, but it shouldn't?
- Preload USB.inf and with VID/PID for hardware product (USB-HID) - Windows XP
- manually Install windows XP driver
- How can I speed up the first-time loading of a Windows device driver for an USB device?
- Do the equivalent of installing a driver from a folder, programatically, in Windows XP or higher
- How do I program a driver for a USB device for windows platform?
- Preinstalling WinXP USB drivers to be able to connect device without interaction