Windows Kernel Driver Signing issue (WFP/Inspect)

Question

I'm learning about WFP/Inspect kmdf. I'm using VS 2017. So far I've succesully build my own kmdf:

------ Rebuild All started: Project: inspect, Configuration: Win10 Debug x64 ------

Building 'inspect' with toolset 'WindowsKernelModeDriver10.0' and the 'Desktop' target platform.
Stamping x64\Win10Debug\inspect.inf
Stamping [Version] section with DriverVer=08/25/2018,20.7.57.345

...
inspect.vcxproj -> D:\sys\x64\Win10Debug\inspect.sys
Done Adding Additional Store
Successfully signed: D:\sys\x64\Win10Debug\inspect.sys
........................
Signability test complete.

Errors:
None

Warnings:
None

Catalog generation complete.
D:\sys\x64\Win10Debug\inspect\inspect.cat
Done Adding Additional Store
Successfully signed: x64\Win10Debug\inspect\inspect.cat

Done building project "inspect.vcxproj".
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========

In VS in "Driver signing->General" option I have following (screenshoot attached):

Sign mode : Test Sign
Test Certificate : here I have generated Test certificate
Cross-Signing Certificate: cert AddTrust External CA Root obtained from https://docs.microsoft.com/pl-pl/windows-hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing
File Digest Algorithm: SHA256

So I have 4 files

25.08.2018  20:08             2 332 inspect.cat
25.08.2018  20:08               792 inspect.cer
25.08.2018  20:07             2 312 inspect.inf
25.08.2018  20:08           100 344 inspect.sys

c:\Program Files (x86)\Windows Kits\10\bin\x64>certmgr.exe /add D:\sys\x64\Win10Debug\inspect\inspect.cer /s /r localMachine root
CertMgr Succeeded

c:\Program Files (x86)\Windows Kits\10\bin\x64>certmgr.exe /add D:\sys\x64\Win10Debug\inspect\inspect.cer /s /r localMachine trustedpublisher
CertMgr Succeeded

I'm installing (rmb->install) inspect.inf. After this, when I'm running:

net start inspect

I'm getting

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a filed that was signed incorrectly or damaged, or that might be malicious software from an unknown source.

Since I'm a new in this area (KMDF) can someone point out where I can find a problem? Did I forgot to do something?

You're using at-least a 64-bit version of Windows which is either Vista or above which means your environment has Patch Guard which includes Driver Signature Enforcement and Kernel Patch Protection. You need to enable Test Mode via `bcdedit.exe` or disable driver signature enforcement for the session on your test environment before the device driver can load with the test certificate. — ImmortaleVBR, Aug 29 '18 at 16:39
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option — ImmortaleVBR, Aug 29 '18 at 16:40

Windows Kernel Driver Signing issue (WFP/Inspect)

0 Answers0