x64 Driver Signing Revisited

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

 I know that the subject of using the CyUsb driver has been broached many times because I've been through all the posts.

   

Despite all the information I thought I understood, it's still clear as mud to me. So much so that I'm beginning to wonder if any one has a working X64 driver for their Cypress USB device. I've tried driver signing using Verisign but have not been able to get Windows 7-64 to accept my driver. 

   

A formal written step-by-step guide to creating a working x64 driver would be awesome. Is there such a thing? 

   

I've seen numerous posts on Cypress and Microsoft web sites about needing or not needing WHQL certification. One post even mentioned using DPInst.exe as an alternative to PnP installation which supposedly avoided any WHQL requirement . So, is it really needed?

   

The definition of insanity is "doing the same thing over and over and expecting different results" and I'm borderline at this point.

   

Your help is GREATLY APPRECIATED!

   

 

   

Gary

0 Likes
9 Replies
Anonymous
Not applicable

 Hi Gary,

   

 

   

/i believe you are aware of the disable "Driver signature enforcement" option in 64 bit systems, that will allow you to continue working with unsigned drivers, in case you are okay with the same. If so, you can find the details at http://www.cypress.com/?id=4&rID=56113.

   

 

   

If you are specifically looking for signed drivers: we are providing signed drivers for a set of Cypress VID/PIDs. If you are not aware of this, you may find the signed drivers for the respective product DVK. Which Cypress device are you using? Please share as to understand what all VID/PIDs are signed for that device.

   

 

   

If you are looking for signing of driver with your own custom VID/PID, then the following links may be useful: http://www.cypress.com/?app=forum&id=167&rID=56763http://www.cypress.com/?id=4&rID=65775.

   

Pease clarify us regaring these.

   

 

   

Regards,

   

Gayathri

0 Likes
Anonymous
Not applicable

Thanks for replying Gayathri,

   

My device is EZ-USB CY7C68013.  The device goes through several stages during booting so there are multiple VID/PID associations. The following combinations have been assigned.

   

   

VID_04B4&PID_8613 // board with blank eeprom

   

VID_2628&PID_E360 // board with our VID/PID but no firmware

   

VID_2628&PID_0360 // our board with firmware loaded

   
    These assignments are flexible and there is no requirement that we use our own VID/PID.     
   
        
   
    The customers that will use our device will not allow bypassing of Windows Security.   
   
        
   
    I would be interested if there is a way to acheive this without signing our own driver. If there is no other way, does the process require that we set up a special server and test computers to perform WHQL tests for submission to Microsoft?   
   
        
   
    As an alternative, do you know of a company or organization that can do this for us?   
   
        
   
    Gary   
0 Likes
Anonymous
Not applicable

Gary,

   

 

   

These assignments are flexible and there is no requirement that we use our own VID/PID

   

>If the VID/PID of the customers change then the .INF file is changed.which means they need to go through the driver testing again and re-submit to microsoft.

   

>Yes the process requires atleast 2 machines machine1 will host Windows server OS along with WHCK software Machine2 will contain Windows platforms -XP , Vista and 7 both in 32 and 64-bit configurations.The second machine could host all these 6 OS like a multistage boot system or they can be split across multiple machines.In such cases using L2 ethernet switch and connecting them is the common scenario.

   

After testing the .sys and .INF combination successfully on each OS a .cpk file will be generated which is a log of test results.

   

Windows vista and 7 64-bit platforms typically take a full day to complete the tests.on the whole to complete all 6 platforms will take 4-5 days on a single machine .If there are multiple test OS machines then the duration can be 2-3 days.

   

Since unsigned drivers cannot be loaded into Windows vista,7 64-bit OS typically we force the OS in test mode under admin rights .It would be better if all the OS are in test mode before test procedure starts otherwise the loading these drivers require manual intervention every time during testing .

   

The procedure on how to test the driver is documented in Microsoft MSDN http://msdn.microsoft.com/en-us/library/windows/hardware/gg487530.aspx

   

After testing package .cpk , .sys and .INF for each OS platform and submit to verisign.Verisign will provide .cat file which contains special keys to recognise the signed package.

   

After certification any change to .INF will nullify the Microsoft signature.The entire process has to be repeated every time there is a slight change in the .INF by the end customer.

   

 

   

 

   

Thanks

   

Narayana Murthy M

0 Likes
Anonymous
Not applicable

 Thank you for clarifying what is required. I have one last question to ask. Is there a way to use existing Cypress VID/PID combinations that would allow me to do what I need without having to go through all that?

   

Gary

0 Likes
Anonymous
Not applicable

Gary,

   

Using Cypress VD/PID is not recommended as these were already recorded as used combinations.We use these VID/PID for demonstration purpose only in our kits.I suggest you use your own VID/PID for final demonstration.There should be companies who can test on your behalf but i am not aware of them though.Please contact Verisign if they could help with any contact.

   

 

   

Thanks

   

Narayana Murthy M

0 Likes
Anonymous
Not applicable

Thanks for the help Narayana!

   

I will discuss that option with Verisign.

   

 

   

Gary

0 Likes
Anonymous
Not applicable

This is the same question I have. Have you found any answers?

0 Likes
Anonymous
Not applicable

 Susanne

   

Do you mean you need a third party contact who can get your driver signed for a particular VID/PID?

0 Likes
Anonymous
Not applicable

@Gary: It is technically possible to use the driver as-is from the development kit.

   

If the VID/PID is set to 0x04B4/0x00F0 in the device, it will enumerate using the unmodified driver and come up as a "Cypress USB BulkloopExample" in Windows device manager. You cannot change this name without changing the INF file, which would invalidate the signature.

   

An important thing to note is that the Windows application software will have to identify the device in a different way, since in theory you could have lots of devices all claiming to be a "Cypress USB BulkloopExample", when in fact they are not. A fairly straightforward solution would be to look at the Vendor and Product strings from the USB descriptor.

   

A discussion on whether this is a good idea or not can be found here:
http://www.cypress.com/?app=forum&id=167&rID=91241

0 Likes