Microsoft hardware driver co-signing tool

%3CLINGO-SUB%20id%3D%22lingo-sub-63674%22%20slang%3D%22en-US%22%3EMicrosoft%20hardware%20driver%20co-signing%20tool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-63674%22%20slang%3D%22en-US%22%3E%3CP%3ECould%20I%20please%20have%20some%20advice%20around%20using%20the%20Microsoft%20hardware%20driver%20co-signing%20tool%3F%26nbsp%3B%20The%20URL%20is%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fdashboard%2Fhardware%2FDriver%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fdashboard%2Fhardware%2FDriver%2F%3C%2FA%3E%20.%26nbsp%3B%20As%20I%20understand%20the%20process%2C%20I%20provide%20a%20CAB%20file%20with%20the%20signed%20driver%20enclosed.%26nbsp%3B%20The%20Microsoft%20Dev%20Center%20account%20has%20access%20to%20the%20same%20signing%20certificate.%26nbsp%3B%20When%20I%20upload%20the%20CAB%20file%2C%20it%20fails%20the%20%22preparation%22%20phase%20with%20the%20error%20message%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%E2%80%9CUnfortunately%20we%20were%20unable%20to%20validate%20the%20signature%20on%20your%20attestation%20submission.%20Common%20reasons%20for%20this%20are%3A%20the%20submission%20was%20not%20signed%2C%20the%20signing%20certificate%20was%20expired%2C%20or%20the%20signing%20certificate%20isn%E2%80%99t%20associated%20with%20your%20Dev%20Center%20account.%20Double%20check%20the%20signature%20on%20your%20package%20and%20try%20your%20submission%20again.%20If%20you%20continue%20to%20receive%20this%20error%20contact%20support.%E2%80%9D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20needed%20to%20get%20a%20duplicate%20certificate%20to%20incorporate%20in%20my%20CAB%20file%20since%20we%20could%20not%20find%20the%20original.%26nbsp%3B%20I%20strongly%20suspect%20the%20problem%20is%20the%20signing%20certificate%20that%20Microsoft%20has%20does%20not%20match%20the%20duplicate%20certificate%20in%20my%20CAB%20file.%26nbsp%3B%20Where%20and%20how%20do%20I%20update%20my%20Dev%20Center%20account%20with%20the%20duplicate%20certificate%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-194734%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20hardware%20driver%20co-signing%20tool%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-194734%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%2C%26nbsp%3B%3CBR%20%2F%3EHere%20in%20question%2C%20I%20found%20this%20suspicious%20%22As%20I%20understand%20the%20process%2C%20I%20provide%20a%20CAB%20file%20with%20the%20signed%20driver%20enclosed%22%26nbsp%3B%3C%2FP%3E%3CP%3Eas%20per%20process%3C%2FP%3E%3CUL%3E%3CLI%3EAcquire%20an%20EV%20Code%20Signing%20Certificate%3C%2FLI%3E%3CLI%3ERegister%20your%20company%20for%20the%20Hardware%20Dev%20Center%20(Sysdev)%3C%2FLI%3E%3CLI%3EDownload%20and%20install%20the%20Windows%20Driver%20Kit%3C%2FLI%3E%3CLI%3ECreate%20a%20CAB%20files%20submission%3C%2FLI%3E%3CLI%3ESign%20the%20CAB%20file%20submission%20with%20your%20EV%20Cert%20(not%20driver%20file)**%3C%2FLI%3E%3CLI%3ESubmit%20the%20EV%20signed%20Cab%20file%20using%20the%20Hardware%20Dev%20Center%20(Sysdev)%20dashboard%3C%2FLI%3E%3CLI%3EValidate%20that%20the%20driver%20was%20properly%20signed%3C%2FLI%3E%3CLI%3ETest%20your%20driver%20on%20Windows%2010%20for%20Desktop%3C%2FLI%3E%3C%2FUL%3E%3CP%3ENo%20need%20to%20sign%20driver%20file%26nbsp%3Bbefore%20enclosing%20instead%20you%20need%20to%20sign%20cab%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22container%20mainContainer%22%3E%3CDIV%20class%3D%22primary-holder%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Could I please have some advice around using the Microsoft hardware driver co-signing tool?  The URL is https://developer.microsoft.com/en-us/dashboard/hardware/Driver/ .  As I understand the process, I provide a CAB file with the signed driver enclosed.  The Microsoft Dev Center account has access to the same signing certificate.  When I upload the CAB file, it fails the "preparation" phase with the error message:

 

“Unfortunately we were unable to validate the signature on your attestation submission. Common reasons for this are: the submission was not signed, the signing certificate was expired, or the signing certificate isn’t associated with your Dev Center account. Double check the signature on your package and try your submission again. If you continue to receive this error contact support.”

 

I needed to get a duplicate certificate to incorporate in my CAB file since we could not find the original.  I strongly suspect the problem is the signing certificate that Microsoft has does not match the duplicate certificate in my CAB file.  Where and how do I update my Dev Center account with the duplicate certificate?

 

Thanks!

1 Reply

hi, 
Here in question, I found this suspicious "As I understand the process, I provide a CAB file with the signed driver enclosed" 

as per process

  • Acquire an EV Code Signing Certificate
  • Register your company for the Hardware Dev Center (Sysdev)
  • Download and install the Windows Driver Kit
  • Create a CAB files submission
  • Sign the CAB file submission with your EV Cert (not driver file)**
  • Submit the EV signed Cab file using the Hardware Dev Center (Sysdev) dashboard
  • Validate that the driver was properly signed
  • Test your driver on Windows 10 for Desktop

No need to sign driver file before enclosing instead you need to sign cab