Error Code 52 On Signed 64-Bit Kernel Driver - More Signing Needed

Discussion in 'Windows Vista Drivers' started by DWinters, Mar 19, 2010.

  1. DWinters

    DWinters Guest

    In expanding our drivers to support Windows Seven 64-bit, we've run into a
    snag, with error code 52. We're currently using a minimal .INF to try to get
    one card working in just this environment, and once it works we'll expand it
    for the other 100+ products and combine it with our 32-bit .INF.

    We have a certificate based on the VeriSign Class 3 Code Signing 2009-2 CA.
    We build the .SYS, sign the .SYS, make a .CAT with INF2CAT, then sign the
    ..CAT. Previous (failed) driver versions are removed by uninstalling via
    Device Manager, and checking the checkbox to delete driver files. Driver
    installation starts out well, asks if we want to trust ourselves, and does
    not show the red dialog, but ends with a Code 52 failure message, saying
    something unspecific in the driver package isn't signed properly and warning
    that this may be the result of an attack.

    Installing the certificate in the Trusted Root Certification Authorities
    store doesn't appear to change anything, so we don't think it's a problem
    with the certificate itself. Performing the build/sign/INF2CAT/sign steps
    from Windows Seven 64-bit doesn't appear to change anything, so we don't
    think it's a format problem. Our leading hypothesis is that there's an
    additional signing step needed; does Code 52 correspond to a more specific
    failure of signing than its message indicates? Is there a step noticeably
    missing?
     
    DWinters, Mar 19, 2010
    #1
    1. Advertising

  2. > In expanding our drivers to support Windows Seven 64-bit, we've run into a
    > snag, with error code 52.


    What will setupapi.dev.log say?

    --
    Maxim S. Shatskih
    Windows DDK MVP

    http://www.storagecraft.com
     
    Maxim S. Shatskih, Mar 20, 2010
    #2
    1. Advertising

  3. DWinters

    DWinters Guest

    Re: Error Code 52 On Signed 64-Bit Kernel Driver - More Signing Ne

    Sorry for the delay, I got pulled off the project to do firefighting on
    another.

    "Maxim S. Shatskih" wrote:
    > What will setupapi.dev.log say?


    I cleared the log and repeated the install (with the same result), and
    uploaded it here: http://www.accesio.com/files/setupapi.dev.log

    Based on my amateur reading, three times it doublechecks the .INF's
    signature, failing the first and passing the second of each pair; but it's
    ultimately the .SYS that fails, with "Error 0x800b0109: A certificate chain
    processed, but terminated in a root certificate which is not trusted by the
    trust provider.", and error code 52 is a cascade error, at "Device not
    started: Device has problem: 0x34: CM_PROB_UNSIGNED_DRIVER.".
     
    DWinters, Apr 1, 2010
    #3
  4. DWinters

    DWinters Guest

    DWinters, Apr 14, 2010
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. shou nagai

    About Kernel Mode Code Signing in 64 bit Vista

    shou nagai, Jul 13, 2006, in forum: Windows Vista Drivers
    Replies:
    4
    Views:
    825
    Jennifer Stepler [MSFT]
    Oct 26, 2006
  2. Jan
    Replies:
    7
    Views:
    1,445
    Thomas F. Divine
    May 7, 2007
  3. SenseShankar

    Kernel mode code signing - Test signing

    SenseShankar, Apr 15, 2008, in forum: Windows Vista Drivers
    Replies:
    4
    Views:
    747
    Jennifer Stepler [MSFT]
    Apr 17, 2008
  4. Replies:
    2
    Views:
    481
  5. Loring
    Replies:
    0
    Views:
    2,426
    Loring
    Apr 26, 2010
Loading...

Share This Page