search

Watfaq / SoftU2F-Win

Software U2F authenticator for Windows
The Unlicense
67 stars 20 forks source link

Driver installation #4

Closed julieen closed 2 years ago

julieen commented 3 years ago

I didn't succeed to install he driver correctly. Indeed the driver installation seems to be successful but in the control panel there is a problem :

"Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or corrupted. (Code 19)"

And so, the daemon can't start.

ibigbug commented 3 years ago

Not so sure about this but just want to make sure if you have disabled the Driver Signing Enforcement https://github.com/SoftU2F/SoftU2F-Win#prerequisites

If that didn’t help, I’ll need the exact environment that you are running on to reproduce the issue you described here.

mrhell69 commented 3 years ago

Hello,

just started to implement and followed installation instrutions. No success. Set TESTSIGNIG OFF. also going other ideas url. Nothing. Here is what the log says:

 sig:                     Driver package catalog is valid.
 sig:                     {_VERIFY_FILE_SIGNATURE} 10:30:57.989
 sig:                          Key      = SoftU2F.inf
 sig:                          FilePath = C:\WINDOWS\System32\DriverStore\Temp\{2e8a3dd6-427a-ca45-be4b-a43d9eaca758}\SoftU2F.inf
 sig:                          Catalog  = C:\WINDOWS\System32\DriverStore\Temp\{2e8a3dd6-427a-ca45-be4b-a43d9eaca758}\SoftU2F.cat

! sig: Verifying file against specific (valid) catalog failed. sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 10:30:57.996 sig: {_VERIFY_FILE_SIGNATURE} 10:30:57.999 sig: Key = SoftU2F.inf sig: FilePath = C:\WINDOWS\System32\DriverStore\Temp{2e8a3dd6-427a-ca45-be4b-a43d9eaca758}\SoftU2F.inf sig: Catalog = C:\WINDOWS\System32\DriverStore\Temp{2e8a3dd6-427a-ca45-be4b-a43d9eaca758}\SoftU2F.cat ! sig: Verifying file against specific Authenticode(tm) catalog failed. sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 10:30:58.003 !!! sig: Driver package catalog file certificate does not belong to Trusted Root Certificates, and Code Integrity is enforced. !!! sig: Driver package failed signature validation. Error = 0xE0000247 sto: {DRIVERSTORE IMPORT VALIDATE: exit(0xe0000247)} 10:30:58.005 !!! sig: Driver package failed signature verification. Error = 0xE0000247 !!! sto: Failed to import driver package into Driver Store. Error = 0xE0000247 sto: {Stage Driver Package: exit(0xe0000247)} 10:30:58.010 dvs: {Driver Setup Import Driver Package - exit (0xe0000247)} 10:30:58.016 !!! dvs: Failed to import driver packages under 'F:\SoftU2F-Driver-2021-03-28\SoftU2F.inf'. Error = 0xe0000247 dvs: {DrvSetupInstallDriver - exit(e0000247)} <<< Section end 2021/04/29 10:30:58.020 <<< [Exit status: FAILURE(0xe0000247)]

Windows Version: 20H2 Build 19042.928.

THX Gerd

ibigbug commented 3 years ago

hi @mrhell69

what's the output of bcdedit on your machine?

could you please also try to disable "Secure Boot" from your mother board setup?

it does look like a cert trust issue to me.

also you may find this useful by tuning the registry: https://superuser.com/questions/1113674/how-do-i-allow-cross-signed-kernel-drivers-in-windows-10-version-1607-with-secur

mrhell69 commented 3 years ago

hi @ibigbug,

I disabled Secure Boot in Bios. no success! Added reg key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy] "UpgradedSystem"=dword:00000001 no success!

PS C:\WINDOWS\system32> bcdedit /set TESTSIGNING OFF Der Vorgang wurde erfolgreich beendet. PS F:\SoftU2F-Driver-2021-03-28> ./driver-install.ps1 Device node created. Install is complete when drivers are installed... Updating drivers for Root\SoftU2F from F:\SoftU2F-Driver-2021-03-28\SoftU2F.inf. devcon.exe failed.

Some more I could do?

Cheers Gerd

ibigbug commented 3 years ago

@mrhell69 Please download the latest release from https://github.com/SoftU2F/SoftU2F-Win/releases/tag/2021-04-30

and install the certificates to the "Trusted Store" on your machine.

The cert can be found by right clicking on the .sys file and "View Certificate"

this should work.

qqux commented 2 years ago

@ibigbug I have the exact same problem on Windows 7. Installing certificates from .sys file does not help.

xhums1 commented 2 years ago

@ibigbug I have the exact same problem on Windows 7. Installing certificates from .sys file does not help.

https://github.com/SoftU2F/SoftU2F-Win/issues/12#issuecomment-1065002646

ibigbug commented 2 years ago

the latest release should work: https://github.com/SoftU2F/SoftU2F-Win/issues/12#issuecomment-1065002646

softworkz commented 2 years ago

A possible reason why adding the certificate doesn't work, might be that there is no trust relationship when adding the certificate directly.

The driver needs to be signed with a (self-made) certificate that is issued by a (self-made) Root CA. Then you need to include the Root CA cert in the driver zip and users will need to install the Root CA cert into the "Trusted Root Certification Authorities". I'm not sure whether it will work, but it might be worth trying..

BTW: "Trusted Store" doesn't exist!

image

softworkz commented 2 years ago

It could also be due to the driver being signed without time counter signature:

image

All other drivers have it.

id-ten-tee commented 2 years ago

Driver Signing Enforcement and Secure Boot both off, certificate installed, driver installed, though perhaps not properly? Daemon won't open, what am I doing wrong? image

github-actions[bot] commented 2 years ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 2 years ago

This issue was closed because it has been inactive for 14 days since being marked as stale.