Share via

Windows 11 ARM64 - driver Install signature validation failed

Aleš Pospíchal 21 Reputation points
2021-12-03T14:09:08.067+00:00

Hello,

we are device driver developer and have found issues installing our driver to Windows 11 on ARM64, build 22000.
Currently the driver is self-signed and the public key of signing certificate is imported to Trusted CAs and Trusted Publishers under Local Machine. When we disable driver signature enforcement, the driver installs fine. Also we are able to install our driver on standard x86 and x64 versions of Windows 11. Here we just imports the signing certificate and installation succeed.

The driver's catalog was made using Inf2Cat (PS C:\Program Files (x86)\Windows Kits\10\bin\x86> .\Inf2Cat.exe /driver:"C:\Users\Pospichal\Desktop\minidriver2" /os:"10_X86,10_X64,6_3_X86,6_3_X64,8_X64,8_X86,7_X64,7_X86,Server2008R2_X64,Server8_X64,Server6_3_X64,Server10_X64,SERVER2016_X64,10_19H1_ARM64,Server10_ARM64" /verbose)

It looks likes to me Microsoft is just only accepting its own Authenticode certificate but I did not find info about this. Or maybe Inf2cat is not enough for this Windows edition.

Where do you think can be the issue?

>> [Device Install (DiInstallDriver) - C:\icasecurestoreminidriver.inf]

>>>  Section start 2021/12/02 13:48:51.989

      cmd: "C:\Windows\System32\InfDefaultInstall.exe" "C:\icasecurestoreminidriver.inf"
     ndv: Flags: 0x00000000
     ndv: INF path: C:\icasecurestoreminidriver.inf
     dvs: {DrvSetupInstallDriver - C:\icasecurestoreminidriver.inf}
     dvs:      Flags: 0x00000000
     dvs:      {Driver Setup Import Driver Package: C:\icasecurestoreminidriver.inf} 13:48:52.021
     sto:           {Copy Driver Package: C:\icasecurestoreminidriver.inf} 13:48:52.054
     sto:                Driver Package = C:\icasecurestoreminidriver.inf
     sto:                Flags          = 0x00000007
     sto:                Destination    = C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}
     sto:                Copying driver package files to 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}'.
     flq:                {FILE_QUEUE_COMMIT} 13:48:52.055
     flq:                     Copying 'C:\ICASecureStoreMinidriver.cat' to 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\ICASecureStoreMinidriver.cat'.
     flq:                     Copying 'C:\icasecurestoreminidriver.inf' to 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf'.
     flq:                {FILE_QUEUE_COMMIT - exit(0x00000000)} 13:48:52.055
     sto:           {Copy Driver Package: exit(0x00000000)} 13:48:52.070
     ump:           Import flags: 0x00000000
     pol:           {Driver package policy check} 13:48:52.102
     pol:           {Driver package policy check - exit(0x00000000)} 13:48:52.102
     sto:           {Stage Driver Package: C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf} 13:48:52.102
     inf:                {Query Configurability: C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf} 13:48:52.102
     inf:                     Driver package is fully isolated.
     inf:                     Driver package 'icasecurestoreminidriver.inf' is configurable.
     inf:                {Query Configurability: exit(0x00000000)} 13:48:52.117
     flq:                {FILE_QUEUE_COMMIT} 13:48:52.117
     flq:                     Copying 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\ICASecureStoreMinidriver.cat' to 'C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\ICASecureStoreMinidriver.cat'.
     flq:                     Copying 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf' to 'C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\icasecurestoreminidriver.inf'.
     flq:                {FILE_QUEUE_COMMIT - exit(0x00000000)} 13:48:52.117
     sto:                {DRIVERSTORE IMPORT VALIDATE} 13:48:52.117
     sig:                     Driver package catalog is valid.
     sig:                     {_VERIFY_FILE_SIGNATURE} 13:48:52.133
     sig:                          Key      = icasecurestoreminidriver.inf
     sig:                          FilePath = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\icasecurestoreminidriver.inf
     sig:                          Catalog  = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\ICASecureStoreMinidriver.cat
!    sig:                          Verifying file against specific (valid) catalog failed.
     sig:                     {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 13:48:52.149
     sig:                     {_VERIFY_FILE_SIGNATURE} 13:48:52.149
     sig:                          Key      = icasecurestoreminidriver.inf
     sig:                          FilePath = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\icasecurestoreminidriver.inf
     sig:                          Catalog  = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\ICASecureStoreMinidriver.cat
!    sig:                          Verifying file against specific Authenticode(tm) catalog failed.
     sig:                     {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 13:48:52.149
!!!  sig:                     Driver package catalog file certificate does not belong to Trusted Root Certificates, and Code Integrity is enforced.
!!!  sig:                     Driver package failed signature validation. Error = 0x800B0109
     sto:                {DRIVERSTORE IMPORT VALIDATE: exit(0x800b0109)} 13:48:52.149
!!!  sig:                Driver package failed signature verification. Error = 0x800B0109
!!!  sto:                Failed to import driver package into Driver Store. Error = 0x800B0109
     sto:           {Stage Driver Package: exit(0x800b0109)} 13:48:52.149
     dvs:      {Driver Setup Import Driver Package - exit (0x800b0109)} 13:48:52.164
!!!  dvs:      Failed to import driver packages under 'C:\icasecurestoreminidriver.inf'. Error = 0x800b0109
     dvs: {DrvSetupInstallDriver - exit(800b0109)}
<<<  Section end 2021/12/02 13:48:52.164
<<<  [Exit status: FAILURE(0x800b0109)]
Windows Hardware Performance
Windows Hardware Performance
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Hardware Performance: Delivering / providing hardware or hardware systems or adjusting / adapting hardware or hardware systems.
1,683 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Adrian Dela Piedra 1 Reputation point
    2022-03-24T07:28:21.633+00:00

    @Aleš Pospíchal any luck with this problem?
    We also encountered this issue and this also occurs on Windows 10 ARM64 in our side.

    0 comments
  2. Qing Xiang 0 Reputation points
    2023-07-21T07:44:58.35+00:00

    I seem to meet the same problem too. Do you resolve this problem?

  3. Qing Xiang 0 Reputation points
    2024-01-18T09:16:22.59+00:00

    We had to run WHQL for ARM64 driver and get whql catalog file instead of the other signing certificate

    0 comments
  4. Adrian Dela Piedra 0 Reputation points
    2024-10-26T05:40:29.6033333+00:00

    In their recent announcements, Microsoft will be going away with WHQL for Printer Drivers.
    https://learn.microsoft.com/en-us/windows-hardware/drivers/print/end-of-servicing-plan-for-third-party-printer-drivers-on-windows

    screenshot

    Are there plans to support ARM64 self-signed drivers since WHQL will not be a solution soon?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.