Windows 10: How to integrate Windows kernel driver signing with automatical build system?

Microsoft requires to use windows hardware dev center to do the kernel driver signing, this raises a new challenge for our automatical build system. Previously, our build system works will corss-sign the kernel drivers using a EV certificate locally. But now, we need to submit drivers to hardware dev center, wait for Microsoft to sign it and download the signed drivers. This stops the build system from doing the build automatically. How to eliminate human intervention and make it work automatically like before?

:)

 

Kernel driver service not start after upgrade on Windows 10

Hello,

I have a driver package include drivers for USB device and some kernel driver services. The driver works normally on Windows 10, when I upgraded the system to latest version (say from build 1803 to 1809), I found the kernel driver services
not start after upgrade if USB device not attached, both the driver files on Windows\System32\drivers and the registry for the kernel driver service are missing.
When I attached the USB device, the kernel driver service can be restored by executing the INF file since the DriveStore copied into the upgraded system.

I expect the kernel driver service start normally after the upgrade whether USB device attached or not. I have some queries for my cases,

1. I met this issue lately, seems Windows 10 update some policy about this, why the registry and driver files not copied into the upgraded system? Seems the kernel driver service is regarded as a USB driver which should be restored
   from DriverStore, then not copied, right?
   
2. If not split the kernel driver service from the driver package, could you provide some suggestion on how to start the kernel driver service after the upgrade (without USB device attached)?
   

Thanks,

Mark

 

Code Integrity and Cryptographic problems

Hello,

Thank you for posting the query on Microsoft Community. I am glad to assist you on this.

The Code Integrity component of Windows enforces the requirement that kernel-mode drivers be signed in order to load. Windows always generate Code Integrity operational events and optionally will generate additional system audit events and verbose diagnostic
events that provide information about the status of driver signing.

The Code Integrity operational log includes warning events that indicate that a kernel-mode driver failed to load because the driver signature could not be verified. Signature verification can fail for the following reasons:

• An administrator preinstalled an unsigned driver, but Code Integrity subsequently blocked loading the unsigned driver.
• The driver is signed, but the signature is invalid because the driver file has been altered.
  
• The system disk device might have device errors when reading the file for the driver from bad disk sectors.
  

For more information, I suggest you to refer the below Microsoft article and check if it helps.

Code Integrity Diagnostic System Log Events - Windows drivers

You can try the below steps and check if it helps.

• 
  Open the Task manager. Here’s a tip: Press
  CTRL+Shift+ESC.
  
• 
  Click File > Run New Task.
  
• 
  Make sure you have a check mark beside “Create this task with administrative privileges”.
  
• 
  Type CMD.
  
• 
  Type the following 4 commands at the CMD prompt:
  
  dism /online /cleanup-image /restorehealth
  
  sfc /scannow
  
  powershell
  
  Get-AppXPackage -AllUsers |Where-Object {$_.InstallLocation -like "*SystemApps*"} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
  
  
  
• 
  Close the CMD window.
  

Kindly let us know if you need any further assistance with Windows. We are glad to assist you.

Thank you.

 

Disable Driver Signing Vista 64 Sp2

I heard if you attach a kernel debugger driver signing is automatically disabled, but if I turn on /debug switch I'm unable to load daemon tools.