MPLAB Harmony USB Stack
|
In general, USB driver packages that are designed for Windows 7 and prior operating system versions will also work in Windows 8, but there is one important exception to this. Starting with Windows 8 64-bit, all drivers must contain a proper "full driver package" digital signature (prior operating systems only required an embedded signature in the .sys file, rather than the entire driver package including the .inf file). The driver package signature exists as a .cat file that comes with the driver package, and needs to be correctly referenced from within the .inf file. If either the .cat file is entirely missing, or it is not being correctly referenced from the .inf file, Windows 8 will generate the following error message when the user attempts to install the driver: The third party INF does not contain digital signature information.
If the .cat file is present and is correctly referenced, but something in the driver package was modified since the signature was applied, a slightly different error message will occur: The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering.
In both cases, Windows 8 64-bit will not allow the driver package to be installed, even though it may technically be capable of functioning correctly. To correct this, the driver package must be properly signed with a full package signature. This signature may be either a WHQL signature (which is the best kind of signature), or a Microsoft Authenticode signature.
The MPLAB Harmony USB CDC and WinUSB Application driver packages include a WHQL signature and can be installed successfully on Windows 8 32-bit and 64-bit (as well as prior operating systems). When the firmware is using the same VID/PID as the default value from the demonstration, the latest driver package from MPLAB Harmony should install directly.
When the application uses a customized .inf file (e.g., VID/PID and/or strings are different), it will not be possible to directly use the driver package from MPLAB Harmony. The reason for this is that any time anyone makes any changes to the driver package (including adding or deleting one character of whitespace in the .inf file), this action will break and invalidate the driver package signature. Therefore, even if the .cat file is present, the signature will be invalid (and will not install correctly).
Therefore, if an application needs to use a custom-modified driver package, the only practical solution is to make the modifications, and then resign the driver package. A driver package can be signed with an Authenticode signature using the procedure described in Using a Code Signing Certificate to Sign Driver Packages. A package signed with the Microsoft Authenticode signature will install successfully on Windows 8, but will still produce a user prompt asking if they would like to trust the company that signed the driver package. This user dialog can be suppressed if the driver package instead contains a WHQL signature.
Although not very suitable for end-consumers, Windows 8 does have a feature that allows driver package signing enforcement to be temporarily disabled. This is particularly useful for development and testing purposes. The feature is hidden under several layers of menus and requires the following steps to enable:
Once driver signing enforcement is disabled, unsigned driver packages can then be installed. After rebooting the PC, driver signing enforcement will be reenabled, but Windows 8 will continue to allow the installed unsigned driver(s) to be loaded for the hardware, without requiring the system to be repeatedly rebooted into the driver signing enforcement disabled mode.
MPLAB Harmony USB Stack
|