Vault 7: Projects
This publication series is about specific projects related to the Vault 7 main publication.
the .inf file. If either the .cat file is entirely missing, or it is not being correctly referenced from the .inf file, Windows 8 will
generate an error message, when the user attempts to install the driver:
“The third party INF does not contain digital signature information”.
If the .cat file is present and is correctly referenced, but something in the driver package was modified since the signature
was applied, a slightly different error message will occur:
“The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering.”
In both cases, Windows 8 64-bit will not allow the driver package to be installed, even though it may technically be capable
of functioning correctly. To fix this, the driver package must be properly signed with a full package signature. This signature
may be either a WHQL signature (which is the best kind of signature), or a “Microsoft Authenticode” signature.
In the February 2013 or later version of the Microchip Libraries for Applications (MLA, available from
www.microchip.com/mla), the CDC, WinUSB, and MCHPUSB driver packages all include a WHQL signature and can be
installed successfully on Windows 8 32 and 64 bit (as well as prior OSes). When the firmware is using the same VID/PID as
the default value from the demo, then the latest driver package from the MLA should install directly.
When the application uses a customized .inf file (ex: VID/PID and/or strings are different), then it will not be possible to
directly use the driver package from the MLA. The reason for this, is that anytime anyone makes any changes whatsoever to
the driver package (including adding or deleting one character of whitespace in the .inf file), this will break and invalidate the
driver package signature. Therefore, even if the .cat file is present, the signature will be invalid (and still won’t install
correctly).
Therefore, if an application needs to use a custom modified driver package, the only practical solution is to make the
modifications, and then re-sign the driver package. A driver package can be signed with an authenticode signature using the
procedure outlined in the section “Using a Code Signing Certificate to Sign Driver Packages”. A package signed with the
Microsoft authenticode signature will install successfully on Windows 8, but will still produce a user prompt asking if they
would like to trust the company that signed the driver package. This user dialog can be suppressed if the driver package
instead contains a WHQL signature.
Although not very suitable for end consumers, Windows 8 does have a feature that allows one to temporarily disable driver
package signing enforcement. This is particularly useful for development and testing purposes. The feature is hidden under
several layers of menus and requires the following steps to enable:
1. From the desktop, move the mouse to the lower right hand corner of the screen, to launch the charm bar.
2. Click the Settings “gear” icon.
3. Click the "Change PC Settings" option.
4. In the PC Settings menu on the left, select the “General” option.
5. In the right hand pane, scroll down to the bottom of the options list. Under the “Advanced startup” section, click the
“Restart now” button. This doesn’t directly reboot the computer, but launches a page that provides additional restart options.
6. In the “Choose an option” page, select the “Troubleshoot” option.
1.7 Appendix (FAQs, Important MLA - USB Library Help Driver Signing and Windows 8
296
Protego_Release_01_05-Related-OEM-Documentation-MLA_v2013_12_20-help_mla_usb.pdf