Menu
▾
▴
libusb-win32-devel
|
From: Paarvai N. <ope...@gm...> - 2007-11-08 17:04:34
|
Hi all, I know this is an oft asked question, but I did some searching on the mailing list and did not find very clear answers to a few questions that I had. I'd appreciate if anyone here can help clarify these issues for me: 1) What is the build process for a 64-bit version of libusb-win32? There were no clear steps that I saw. Does a DDK have to be installed? Which one? What compiler is to be used? A short bullet list of what to do here would be much appreciated. 2) If I do build the 64-bit version of the sys and dll, can I use the unaltered 32-bit version of the dll for use by 32-bit applications on the 64-bit OS? 3) I have read in numerous posts that the 64-bit libusb-win32 will not work on Vista 64 due to the lack of a signed driver. It seems that as long as I have a VeriSign certificate, I should be able to sign the driver. Has anyone tried this and been able to use libusb-win32 on a Vista 64 machine as a result? 4) I know there is an effort to move to winusb.sys but it seems like progress on this has been slow. Is there a way the libusb-win32 can have a stop gap in the meantime? For example, is the libusb-win32 development team open to having a company sponsor the fees required to obtaining a VeriSign certificate so that any future released versions of the libusb-win32 64-bit drivers are properly signed? I look forward to some information on this topic. Thank you in advance. Best regards, Paarvai |
|
From: Stephan M. <Ste...@ia...> - 2007-11-09 09:52:51
|
> Hi all, > > I know this is an oft asked question, but I did some searching on the > mailing list and did not find very clear answers to a few questions > that I had. I'd appreciate if anyone here can help clarify these > issues for me: > > 1) What is the build process for a 64-bit version of libusb-win32? > There were no clear steps that I saw. Does a DDK have to be > installed? Which one? What compiler is to be used? A short bullet > list of what to do here would be much appreciated. * install the latest DDK * open a DDK 64bit build environment * download libusb-win32's latest sources * navigate to the ddk_make folder * run make_all.bat from the DDK's build environment > > 2) If I do build the 64-bit version of the sys and dll, can I use the > unaltered 32-bit version of the dll for use by 32-bit applications on > the 64-bit OS? Yes you can. Just copy the 32bit DLL to Windows' 'syswow64' folder. > > 3) I have read in numerous posts that the 64-bit libusb-win32 will not > work on Vista 64 due to the lack of a signed driver. It seems that as > long as I have a VeriSign certificate, I should be able to sign the > driver. Has anyone tried this and been able to use libusb-win32 on a > Vista 64 machine as a result? I haven't tested this yet. > > 4) I know there is an effort to move to winusb.sys but it seems like > progress on this has been slow. Is there a way the libusb-win32 can > have a stop gap in the meantime? For example, is the libusb-win32 > development team open to having a company sponsor the fees required to > obtaining a VeriSign certificate so that any future released versions > of the libusb-win32 64-bit drivers are properly signed? It's not possible to sign just a driver (.sys file). You always have to sign the combination of the driver and the device specific .inf file. > > I look forward to some information on this topic. Thank you in advance. > > Best regards, > Paarvai > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Libusb-win32-devel mailing list > Lib...@li... > https://lists.sourceforge.net/lists/listinfo/libusb-win32-devel |
|
From: Graeme G. <gr...@ar...> - 2007-11-09 10:27:23
|
Stephan Meyer wrote:
> It's not possible to sign just a driver (.sys file).
> You always have to sign the combination of the driver and the device
> specific .inf file.
Since Microsoft seem to have at least shifted their policy to
allow companies other than themselves to sign drivers ("Self-Signing"),
this seems more feasible that it once was, but it's still
a significant barrier to non-commercial developers.
Is there any distinction between how unsigned .sys and
unsigned .inf files are handled ?
As I understand it, the administrator simply cannot load an
unsigned .sys file, unless the operating system has
been booted up with some special flags that permit this.
Does anyone know if the same apply to .inf files, or is it
merely that the administrator will get an warning/OK dialog for
an unsigned .inf file ?
If not, then there seems less point in continuing to develop
a winusb.sys version of libusb-win32.
Graeme Gill.
|
|
From: Paarvai N. <ope...@gm...> - 2007-11-09 17:24:13
|
Hi Stephan, Thanks for the quick reply. My response below: On Nov 9, 2007 1:49 AM, Stephan Meyer <Ste...@ia...> wrote: > * install the latest DDK > * open a DDK 64bit build environment Does this have to be the Windows Server 2003 SP1 DDK or can it be the latest WDK? > Yes you can. Just copy the 32bit DLL to Windows' 'syswow64' folder. Does the 32-bit DLL have to be built with the DDK or will the MinGW version work? I am guessing that the MinGW one will work too. > It's not possible to sign just a driver (.sys file). > You always have to sign the combination of the driver and the device > specific .inf file. Actually it is my understanding that you have to have a signed CAT file but the CAT file does not need to have hashes for anything but the KMOD (.sys file) to pass through the Kernel Mode Code Signing (KMCS) requirements. Please see: http://download.microsoft.com/download/d/c/3/dc32d46e-58e7-46b8-8689-a3b17606b53a/kernel_mode_code_signing_x-64_windows_vista.ppt http://www.microsoft.com/whdc/winlogo/drvsign/kmsigning.mspx http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/kmsigning.doc This makes sense anyway since if one were to use winusb.sys, they don't need to sign their INF and DLL (unless they wish to have WHQL certification). In the same way, if a publisher makes a SYS, DLL, and INF file, they would simply have to sign the SYS file and the situation would be then similar to using a 3rd party SYS file. I know that using winusb.sys is probably the best long-term approach, but having an official libusb-win32 signed driver seems like a great short-term stop gap. I am not totally sure, but I believe our company would be willing to sponsor the cost of a Verisign certificate in that case. Best regards, Paarvai |
|
From: Paarvai N. <ope...@gm...> - 2007-11-09 17:25:43
|
Hi Graeme,
Yes, it does appear that the publisher can self-sign once they have
obtained a software publishing certificate (SPC) from Microsoft. The
process of obtaining the SPC requires a Verisign certificate which
costs ~$500.
Paarvai
On Nov 9, 2007 2:27 AM, Graeme Gill <gr...@ar...> wrote:
> Stephan Meyer wrote:
>
> > It's not possible to sign just a driver (.sys file).
> > You always have to sign the combination of the driver and the device
> > specific .inf file.
>
> Since Microsoft seem to have at least shifted their policy to
> allow companies other than themselves to sign drivers ("Self-Signing"),
> this seems more feasible that it once was, but it's still
> a significant barrier to non-commercial developers.
>
> Is there any distinction between how unsigned .sys and
> unsigned .inf files are handled ?
>
> As I understand it, the administrator simply cannot load an
> unsigned .sys file, unless the operating system has
> been booted up with some special flags that permit this.
>
> Does anyone know if the same apply to .inf files, or is it
> merely that the administrator will get an warning/OK dialog for
> an unsigned .inf file ?
>
> If not, then there seems less point in continuing to develop
> a winusb.sys version of libusb-win32.
>
> Graeme Gill.
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Libusb-win32-devel mailing list
> Lib...@li...
> https://lists.sourceforge.net/lists/listinfo/libusb-win32-devel
>
|
|
From: Spiro T. <an-...@sp...> - 2007-11-09 17:52:50
|
Hello, * On Fri, Nov 09, 2007 at 09:25:42AM -0800 Paarvai Naai wrote: > Yes, it does appear that the publisher can self-sign once they have > obtained a software publishing certificate (SPC) from Microsoft. The > process of obtaining the SPC requires a Verisign certificate which > costs ~$500. AFAIR, it was $500 p.a. When your certificate expires, you cannot load the driver anymore. (But you can let VeriSign or someone else "timestamp" the signature, so it does not expire. But this costs, again.) In the meantime, MS also allows for other certificates but Verisign. Nevertheless, the problem itself remains. Regards, Spiro. -- Spiro R. Trikaliotis http://opencbm.sf.net/ http://www.trikaliotis.net/ http://www.viceteam.org/ |
|
From: Spiro T. <an-...@sp...> - 2007-11-09 17:51:02
|
Hello,
* On Fri, Nov 09, 2007 at 09:27:10PM +1100 Graeme Gill wrote:
> Since Microsoft seem to have at least shifted their policy to
> allow companies other than themselves to sign drivers ("Self-Signing"),
> this seems more feasible that it once was, but it's still
> a significant barrier to non-commercial developers.
Note that a driver signed by MS is different to a self-signed driver.
At least on Vista 64 bit, you *must* use a self-signed driver, or the
driver will not load. This way, MS ensures that you know from whom the
driver is. That's the purpose of the self-signed drivers.
The "special flags for booting the system" or there mostly for
developers, not for the average user (IMHO). The other option is to
attach a kernel-mode debugger to your machine; this way, you can load
your unsigned driver, too.
The signature MS gives to your driver tells you that the driver passed
WHQL (http://www.microsoft.com/whdc/winlogo/getstart/default.mspx) -
that is, your driver "survives" some automated tests.
Regards,
Spiro.
--
Spiro R. Trikaliotis http://opencbm.sf.net/
http://www.trikaliotis.net/ http://www.viceteam.org/
|
|
From: Paarvai N. <ope...@gm...> - 2007-11-09 18:48:08
|
Hi Sprio,
I think what Graeme probably meant to say was that Microsoft allows
drivers to be self-signed as opposed to being self-signed and then
also signed by Microsoft. Thank you for clarifying that since it is
definitely an important distinction.
The interesting question that remains is whether the INF file needs to
be signed to actually allow the driver to install and load. Do you
know anything about this?
Best regards,
Paarvai
On Nov 9, 2007 9:47 AM, Spiro Trikaliotis
<an-...@sp...> wrote:
> Hello,
>
> * On Fri, Nov 09, 2007 at 09:27:10PM +1100 Graeme Gill wrote:
>
> > Since Microsoft seem to have at least shifted their policy to
> > allow companies other than themselves to sign drivers ("Self-Signing"),
> > this seems more feasible that it once was, but it's still
> > a significant barrier to non-commercial developers.
>
> Note that a driver signed by MS is different to a self-signed driver.
>
> At least on Vista 64 bit, you *must* use a self-signed driver, or the
> driver will not load. This way, MS ensures that you know from whom the
> driver is. That's the purpose of the self-signed drivers.
>
> The "special flags for booting the system" or there mostly for
> developers, not for the average user (IMHO). The other option is to
> attach a kernel-mode debugger to your machine; this way, you can load
> your unsigned driver, too.
>
> The signature MS gives to your driver tells you that the driver passed
> WHQL (http://www.microsoft.com/whdc/winlogo/getstart/default.mspx) -
> that is, your driver "survives" some automated tests.
>
>
> Regards,
> Spiro.
>
> --
> Spiro R. Trikaliotis http://opencbm.sf.net/
> http://www.trikaliotis.net/ http://www.viceteam.org/
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Libusb-win32-devel mailing list
> Lib...@li...
> https://lists.sourceforge.net/lists/listinfo/libusb-win32-devel
>
|
|
From: Spiro T. <an-...@sp...> - 2007-11-10 16:21:25
|
Hello, * On Fri, Nov 09, 2007 at 10:47:27AM -0800 Paarvai Naai wrote: > The interesting question that remains is whether the INF file needs to > be signed to actually allow the driver to install and load. Do you > know anything about this? I don't know for sure as I do not own a 64 bit machine (nor Vista 64 bit). Anyway, from my understanding, 1. in order for the driver (.sys) to load, it must be signed; 2. in order for Vista (64bit) to accept your .inf, it must be signed, too. If this is correct, the question is: Are we able to install a USB driver (WDM, not legacy kernel-mode driver) without an INF? AFAIK, this is not possible, but I may be wrong. But, again, remember: This is only guessing, as I do not own a system to test this. Regards, Spiro. -- Spiro R. Trikaliotis http://opencbm.sf.net/ http://www.trikaliotis.net/ http://www.viceteam.org/ |
|
From: Paarvai N. <ope...@gm...> - 2007-11-10 19:03:06
|
>From what I have read the INF does not need to be signed. I might be wrong so I want to try this in-house and see what the result is. The impression I had was that Microsoft wants to keep the kernel mode code signing (KMCS) separate from WHQL. The INF gets signed and hashed as part of the WHQL process. The links I posed earlier were: http://www.microsoft.com/whdc/winlogo/drvsign/kmsigning.mspx http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/kmsigning.doc There is discussion in the kmsigning.doc that specifically says that you can release a driver *without* WHQL as long as you follow KMCS. And then, there is discussion on KMCS and how it only requires that the KMOD be signed, its hash placed in the CAT file, and the CAT file signed. Sprio, did you look through that document above and find something contradictory, or are you working of some other reference? Personally, I'm unclear on all of this and Microsoft's documentation hasn't been the greatest here. Sadly, the only way to really be sure would be to try this all out or here from someone who has. Paarvai On Nov 10, 2007 8:20 AM, Spiro Trikaliotis <an-...@sp...> wrote: > Hello, > > * On Fri, Nov 09, 2007 at 10:47:27AM -0800 Paarvai Naai wrote: > > > The interesting question that remains is whether the INF file needs to > > be signed to actually allow the driver to install and load. Do you > > know anything about this? > > I don't know for sure as I do not own a 64 bit machine (nor Vista 64 > bit). Anyway, from my understanding, > > 1. in order for the driver (.sys) to load, it must be signed; > > 2. in order for Vista (64bit) to accept your .inf, it must be signed, > too. > > If this is correct, the question is: Are we able to install a USB > driver (WDM, not legacy kernel-mode driver) without an INF? AFAIK, this > is not possible, but I may be wrong. > > But, again, remember: This is only guessing, as I do not own a system to > test this. > > > Regards, > Spiro. > > -- > Spiro R. Trikaliotis http://opencbm.sf.net/ > http://www.trikaliotis.net/ http://www.viceteam.org/ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Libusb-win32-devel mailing list > Lib...@li... > https://lists.sourceforge.net/lists/listinfo/libusb-win32-devel > |
|
From: Spiro T. <an-...@sp...> - 2007-11-11 09:51:03
|
Hello Paarvai, * On Sat, Nov 10, 2007 at 11:01:17AM -0800 Paarvai Naai wrote: > The > impression I had was that Microsoft wants to keep the kernel mode code > signing (KMCS) separate from WHQL. The INF gets signed and hashed as > part of the WHQL process. Indeed, you are right. I confused all of this. > There is discussion in the kmsigning.doc that specifically says that > you can release a driver *without* WHQL as long as you follow KMCS. Yes, I was aware of this, but I totally forgot that signing the INF is part of WHQL, not of KMCS. > Sprio, did you look through that document above and find something > contradictory, or are you working of some other reference? I have had a look into that document more than once, but not recently. What I had written was from my memory, and it seems I was confused "a little bit". So, please disregard my previous statements. > Personally, I'm unclear on all of this and Microsoft's documentation > hasn't been the greatest here. Sadly, the only way to really be sure > would be to try this all out or here from someone who has. We could ask this question on the MS newsgroups; questions regarding signing are rather common there. It might be better to search for something there, as there have been many questions regarding this. However, even if this is possible: We would still need someone who is willing to sign the driver. BTW: I have another driver project (http://sf.net/projects/opencbm) where I would want at least the 64 bit driver to be signed. ;) Gruß, Spiro. -- Spiro R. Trikaliotis http://opencbm.sf.net/ http://www.trikaliotis.net/ http://www.viceteam.org/ |
|
From: Xiaofan C. <xia...@gm...> - 2007-11-11 12:55:20
|
On Nov 10, 2007 2:47 AM, Paarvai Naai <ope...@gm...> wrote: > I think what Graeme probably meant to say was that Microsoft allows > drivers to be self-signed as opposed to being self-signed and then > also signed by Microsoft. Thank you for clarifying that since it is > definitely an important distinction. > > The interesting question that remains is whether the INF file needs to > be signed to actually allow the driver to install and load. Do you > know anything about this? > I do not know much about this topic but I think the INF files does not need to be signed to load the driver. Of course this will not fulfill the WHQL requirement (then you need to sign the INF file as well). Example: this guy (J1M) has done the WinUSB C# Example on Vista 64. So he must be able to load the driver and I do not think he will have the INF signed. http://forum.microchip.com/tm.aspx?m=283064&mpage=2 This may be similar to CDC device using usbser.sys. The INF file needs to be signed to have WHQL, if it is not necessary, then the INF file does not need to be signed. Xiaofan |
|
From: Paarvai N. <ope...@gm...> - 2007-11-11 16:05:21
|
On Nov 11, 2007 4:55 AM, Xiaofan Chen <xia...@gm...> wrote: > I do not know much about this topic but I think the INF files does not > need to be signed to load the driver. Of course this will not fulfill > the WHQL requirement (then you need to sign the INF file as well). > > Example: this guy (J1M) has done the WinUSB C# Example > on Vista 64. So he must be able to load the driver and I do not > think he will have the INF signed. > http://forum.microchip.com/tm.aspx?m=283064&mpage=2 Yes, this was exactly my thinking and I alluded to that in my second email on this thread. Great to know others are also thinking of it the same way! Best regards, Paarvai |
|
From: Xiaofan C. <xia...@gm...> - 2007-11-11 13:00:26
|
On Nov 11, 2007 5:50 PM, Spiro Trikaliotis <an-...@sp...> wrote: > However, even if this is possible: We would still need someone who is > willing to sign the driver. > > BTW: I have another driver project (http://sf.net/projects/opencbm) > where I would want at least the 64 bit driver to be signed. ;) I believe the WinUSB backend will solve the main issues. Not WHQL but at least the user will be able to load the INF file associated with WinUSB. Xiaofan |
|
From: Paarvai N. <ope...@gm...> - 2007-11-11 16:08:51
|
I agree that WinUSB will solve this but right now we don't have a proper migration from the current libusb-win32 to the winusb-based version. Unfortunately our end-users are using Vista 64 more and more. Unless a winusb-based libusb-win32 is around the corner, we have to find an alternate solution in the meantime (i.e., sign the current 64-bit kernel-mode driver). As for who will sign the kernel-mode driver, I think it should be signed by the libusb-win32 project. I think we can probably find someone to subsidize the cost of buying the certificates if libusb-win32 is willing to do the signing. Best regards, Paarvai On Nov 11, 2007 5:00 AM, Xiaofan Chen <xia...@gm...> wrote: > On Nov 11, 2007 5:50 PM, Spiro Trikaliotis > <an-...@sp...> wrote: > > However, even if this is possible: We would still need someone who is > > willing to sign the driver. > > > > BTW: I have another driver project (http://sf.net/projects/opencbm) > > where I would want at least the 64 bit driver to be signed. ;) > > I believe the WinUSB backend will solve the main issues. > Not WHQL but at least the user will be able to load the INF file > associated with WinUSB. > > Xiaofan > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Libusb-win32-devel mailing list > Lib...@li... > https://lists.sourceforge.net/lists/listinfo/libusb-win32-devel > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X