CY7C68013A + 64bit Windows Vista

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable
        Hello,   
   
I read all of the related topics in this forum, but i cannot the error in my *.inf file. The INF file should download the .spt file, but Vistax64 moans that the platform is not supported... What did i wrong? I added the NTAMD64 sections with .HW and .Service but it still not work.   
thanks for any help.   
   
---- my inf file ---------   
   
   
[Version]   
Signature="$WINDOWS NT$"   
Class=USB   
ClassGUID={36FC9E60-C465-11CF-8056-444553540000}   
provider=%Thorlabs%   
DriverVer=11/10/2008,1.0   
;CatalogFile=CCS100Loader.cat   
   
;===========================================================================   
; Default Installer   
;===========================================================================   
   
[DefaultInstall]   
CopyINF=CCS100Loader_vista.inf   
   
[DestinationDirs]   
CCS100Loader.Files = 10,System32\Drivers   
CCS100LoaderFW.Files = 10,System32\Drivers   
   
[SourceDisksNames]   
1=%CCS100Loader.INSTALL%,,,   
   
[SourceDisksFiles]   
CCS100Loader.sys = 1   
%CCS100Loader.SCRIPTFILE% = 1   
   
   
[Manufacturer]   
%MfgName%=Thorlabs,NTAMD64   
   
[Thorlabs]   
%DeviceDesc%=CCS100Loader, USB\VID_1313&PID_8080   
   
[Thorlabs.NTAMD64]   
%DeviceDesc%=CCS100Loader, USB\VID_1313&PID_8080   
   
[CCS100Loader]   
CopyFiles=CCS100LoaderFW.Files   
   
[CCS100Loader.HW]   
AddReg=CCS100Loader.AddReg.Guid   
   
[CCS100Loader.NT]   
CopyFiles=CCS100Loader.Files   
CopyFiles=CCS100LoaderFW.Files   
AddReg=CCS100Loader.AddReg   
   
[CCS100Loader.NT.HW]   
AddReg=CCS100Loader.AddReg.Guid   
   
[CCS100Loader.NT.Services]   
Addservice = CCS100Loader, 0x00000002, CCS100Loader.AddService   
   
[CCS100Loader.NTAMD64]   
CopyFiles=CCS100Loader.Files   
CopyFiles=CCS100LoaderFW.Files   
AddReg=CCS100Loader.AddReg   
   
[CCS100Loader.NTAMD64.HW]   
AddReg=CCS100Loader.AddReg.Guid   
   
[CCS100Loader.NTAMD64.Services]   
Addservice = CCS100Loader, 0x00000002, CCS100Loader.AddService   
   
[CCS100Loader.AddService]   
DisplayName = %CCS100Loader.SvcDesc%   
ServiceType = 1 ; SERVICE_KERNEL_DRIVER   
StartType = 3 ; SERVICE_DEMAND_START   
ErrorControl = 1 ; SERVICE_ERROR_NORMAL   
ServiceBinary = %10%\System32\Drivers\CCS100Loader.sys   
LoadOrderGroup = Base   
   
[CCS100Loader.AddReg]   
HKR,,DevLoader,,*ntkern   
HKR,,NTMPDriver,,CCS100Loader.sys   
   
[CCS100Loader.Files]   
CCS100Loader.sys   
   
[CCS100LoaderFW.Files]   
%CCS100Loader.SCRIPTFILE%   
   
[CCS100Loader.AddReg.Guid]   
HKR,,DriverGUID,,%CCS100Loader.GUID%   
HKR,,DriverEXECSCRIPT,,%CCS100Loader.SCRIPTDIR%%CCS100Loader.SCRIPTFILE%   
   
;------------------------------------------------------------;   
   
[Strings]   
Thorlabs = "Thorlabs"   
MfgName = "Thorlabs"   
   
CCS100Loader.GUID = "{b5a2b650-af35-11dd-ad8b-0800200c9a66}"   
   
CCS100Loader.SCRIPTDIR = "\systemroot\system32\Drivers\"   
CCS100Loader.SCRIPTFILE = "CCS100.spt"   
   
CCS100Loader.INSTALL = "Thorlabs CCS100 Compact Spectrometer"   
DeviceDesc = "Thorlabs CCS100 Compact Spectrometer Firmware Loader"   
CCS100Loader.SvcDesc = "Thorlabs CCS100 Compact Spectrometer Firmware Loader Driver"   
0 Likes
1 Solution
Anonymous
Not applicable

Hi Andrew,
I've a few doubts on your reply
1. If the signature doesn't say "this is safe" then why run DTM tests??
2. You say that even if one file changes then the entire thing has to be re-signed. The customer will have his own VID/PID in the inf file. So even if cypress signs it, the customer cannot directly use it right? i mean cypress will have to predict what all VID/PID will be used by the end customers and sign the driver using a big inf file for the customers to be able to use it directly    
3. The embedded signature that you are talking about doesn't involve DTM right? i mean it is creation of a cat file by ourselves and either self-sign the driver and sign it using a 3rd party security based companies signing tool right?

View solution in original post

0 Likes
9 Replies
Anonymous
Not applicable
        Dude can you post the exact error that was seen in vista... the inf file looks fine... little confused why it isn't working... windows gives error codes which sometimes points in the right direction...   
0 Likes
Anonymous
Not applicable
        The error message says that:   
   
"Windows found driver software for your device but encountered an error while attempting to install it. The system cannot find the file specified.".   
By the way, i need a ezusb.sys file. Where can i download the most recent one which supports x64 for my issue?   
   
Thanks alot   
0 Likes
Anonymous
Not applicable

Hello again,

The good news, the inf file works for vista64     Is there a way to sign the driver, because pressing F8 at startup is not really comfortable?
Now the bad news, this inf file does not work for vista32 now! Is there a way to have one inf file for both, 32bit and 64 bit? Vista says "Driver is not intended for this platform.".

Kind regards

0 Likes
Anonymous
Not applicable

Not sure what the problem with this thread is... part of the message on the right is not visible... a single inf file can be made to work both in 64 bit and 32 bit environment... the problem is it will be a little messy file to write... i've done it in the past for normal binding with cyusb.sys... i'll see if i'm able to generate one example file for script method and post it....

Regarding driver signing there is a an app note on it... http://www.cypress.com/?rID=36676    

0 Likes
Anonymous
Not applicable
        Been a long time since I was on this board. The app note that Aasi linked is involved with Windows Hardware Quality Labs signing, which isn't exactly what Windows Vista is complaining about. Rather, Vista is complaining because the driver does not have a Digital Signature. The digital signature does not say "this is safe", it says "this person created this software". That way, if someone starts doing something naughty with their software, Microsoft has a paper trail they can use to track down the offender. They can also revoke the signature.   
   
You can pay MS for a digital signature. Typically, you will want to sign the inf file, the sys file, and anything else. The signatures are stored in a Security Catalog, a .cat file. If you change any of the files, you need to re-sign everything. This sucks, and is why Cypress doesn't bother to sign their driver - end users would still need to sign the security catalog.   
   
But there's more! Catalog files are slow, so if your driver is a boot-time driver, the sys file also has to have an embedded signature, as well. This way, Vista doesn't slow to a crawl. Well, if the sys file has an embedded signature, Vista will merely complain about the catalog being unsigned during installation, *but* it will let the driver install and execute without having to do any magic tricks during boot.   
   
Once upon a time, I told Cypress that if they embedded signed their driver, it would install on Vista 64-bit, but I don't think they cared very much.   
0 Likes
Anonymous
Not applicable

Hi Andrew,
I've a few doubts on your reply
1. If the signature doesn't say "this is safe" then why run DTM tests??
2. You say that even if one file changes then the entire thing has to be re-signed. The customer will have his own VID/PID in the inf file. So even if cypress signs it, the customer cannot directly use it right? i mean cypress will have to predict what all VID/PID will be used by the end customers and sign the driver using a big inf file for the customers to be able to use it directly    
3. The embedded signature that you are talking about doesn't involve DTM right? i mean it is creation of a cat file by ourselves and either self-sign the driver and sign it using a 3rd party security based companies signing tool right?

0 Likes
Anonymous
Not applicable

Hi Aasi,

1) There are two types of signatures. One is WHQL signed. This means "Microsoft says I won't hurt your computer" though one can not be certain. MS once WHQL-certified someone that used the FX2 default VID/PID, and for a moment Windows Update would choose the WHQL-signed driver over Cypress' unsigned driver. It only affected development machines since only devs were supposed to use the defaults.

The other signature involves a Software Publisher Certificate that you buy from a Certification Authority. It means "Microsoft says they know who I am". It says nothing about safety, but should someone start being naughty their SPC can be revoked by the CA and then all of their code will be treated as unsigned.

I'm talking about signing the driver with an SPC from a CA. This is much different than "self signing" a driver for use in development, because a self-signed SPC doesn't come from a CA and so it can't be used to sign code released for by the public, and requires booting into a Vista "test mode" to allow installing self-signed code.

2) You are correct. The inf file, sys file, and any other files installed during the driver installation process MUST have a signature in the Security Catalog (.cat file), or Windows Vista will prompt you with an "unsigned driver" warning during installation. The inf file will have to be changed by the developer to match their employer's VID/PID, which means Cypress can't sign _the security catalog_...

3) Yes, the embedded SPC signature does not involve DTM. You *could* use the SPC to sign a security catalog, but every time you change the any files in the catalog, you need to re-sign the whole thing. In contrast, the embedded signature affects ONLY the driver's binary, and so it only needs updated when the driver's binary is changed.

The embedded signature DOES NOT get rid of the "unsigned driver" warning during installation; only the security catalog satisfies the driver installation process. However, despite this, the embedded signature DOES satisfy the driver runtime process (even on 64-bit Vista, with its own special Kernel Mode Code Signing Policy), without booting Windows into any test mode.

You don't need third-party security tools. Microsoft has a program called signtool that you use to sign security catalogs or embedded-sign drivers. You do, however, need to shell out a few hundred $$$ to get an SPC from a CA, but my company already had one. I have personally tested the embedded signature on Vista x64 so I know this works.

EDIT: See this MS link. http://msdn.microsoft.com/en-us/library/aa906341.aspx

0 Likes
Anonymous
Not applicable

I tried to sign the cyusb.sys file with a self-signed root certificate and an intermediate certificate. The file shows that it is signed, and the chain is valid, but the driver installation process finally failed. Any ideas what has be going wrong?

   

Thanx Ekkehard

0 Likes
Anonymous
Not applicable

Ekkehard,

   

Please post the error message that you're seeing so that we can understand the issue.

   

Regards,

   

Anand

0 Likes