Check the log for system integrity events with an event ID of 5038.Event Viewer can also be started from the Control Panel Computer Management application. To start Windows Event Viewer, run Eventvwr.exe.For more information, see Appendix 3: Enable Code Integrity Event Logging and System Auditing. Note The security audit log must be explicitly enabled. The security log audit events are generated only if the local security audit policy enables logging of system failure events. The log entries include the driver file's full path name. Audit failure events are recorded in the Windows security log, indicating that Code Integrity could not verify the image hash of the driver file. If the driver failed to load because it lacked a valid signature, it will be recorded as an audit failure event. If the above checks fail to find the root cause, then check the Windows security audit log and code Integrity event logs, described in the next section. Usually the log file information is sufficient to resolve the issue. Run the signtool verify command on the cat file and other embedded signed binaries. To troubleshoot, review the log file and look for exclamation marks next to a driver binary. The file has also reported the following error: !!! dvi: Device not started: Device has problem: 0x34: CM_PROB_UNSIGNED_DRIVER. If you also see the following error log in the log file, the driver may not be loaded. ! sto: Driver package signer is unknown but user trusts the signer. The Device Manager will not report any errors or a yellow exclamation mark for the driver. If you select the "Install" button on the dialog shown when the signer is not yet trusted on this machine, you will see the log below, which in most cases means the driver will install and load fine. Sig: Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted. Sig: Success: File is signed in Authenticode(tm) catalog. ! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. ! sig: Verifying file against specific (valid) catalog failed! (0x800b0109) These are warnings that the cat file has not been verified yet. You will see the following single exclamation mark when you install a driver package release signed with a CA vendor provided SPC certificate. The single exclamation mark is a warning message, but the triple exclamation mark indicates a failure. The left most column may have a single exclamation mark “!” or multiple exclamation marks “!!!”. The log file can be opened in any text editing software. However, the log file should not be renamed as part of a production scenario. A new log file will be easier to search for important logs from a new driver install. When testing your driver package install, if the file is renamed before a driver is installed, a new log file will be generated. Check the Windows security audit log and Code Integrity event logs.Īs explained before, any driver installation information will be logged (appended) to the file in the %windir%\inf directory.Refer to the section on setting the registry entry and renaming of the file before installing the driver. Open the file created in the %windir%\inf directory after driver install.Use Device Manager to check whether the driver is loaded and signed, as described in Verify that the Test-Signed Driver Is Operating Correctly of Test Signing.Several common ways to troubleshoot problems with loading signed or test signed drivers are listed below: Below is the screen shot to show if the driver is working. Use Device Manager to view the driver Properties (described earlier for the test-signed driver). Verify that the Release-Signed Driver is Operating Correctly For more information on trust and driver installation, see Code-Signing Best Practices.Īn unsigned driver will show the following dialog, which allows a user to install an unsigned driver (this may not work in 圆4 version of Windows). For the installation to proceed, the user must select Install. If the publisher trust level is unknown-as will be true for -the system displays the dialog box. Note The system verifies that publisher information is accurate based on the SPC that was used to sign the catalog. Selecting the check box will not show this dialog box again on the computer if the driver is installed again or if the driver is removed for any reason. If the signer of the driver package has not already been set up on the system to be trusted, you may see the following Windows Security dialog box. Installing a release-signed driver is the same as described in Installing, Uninstalling and Loading the Test-Signed Driver Package in Test Signing, except for two additional steps needed when installing using either of the methods described there.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |