Windows 11 ARM64 - driver Install signature validation failed
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 33%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Aleš Pospíchal
21
Reputation points
Hello,
we are device driver developer and have found issues installing our driver to Windows 11 on ARM64, build 22000.
Currently the driver is self-signed and the public key of signing certificate is imported to Trusted CAs and Trusted Publishers under Local Machine. When we disable driver signature enforcement, the driver installs fine. Also we are able to install our driver on standard x86 and x64 versions of Windows 11. Here we just imports the signing certificate and installation succeed.
The driver's catalog was made using Inf2Cat (PS C:\Program Files (x86)\Windows Kits\10\bin\x86> .\Inf2Cat.exe /driver:"C:\Users\Pospichal\Desktop\minidriver2" /os:"10_X86,10_X64,6_3_X86,6_3_X64,8_X64,8_X86,7_X64,7_X86,Server2008R2_X64,Server8_X64,Server6_3_X64,Server10_X64,SERVER2016_X64,10_19H1_ARM64,Server10_ARM64" /verbose)
It looks likes to me Microsoft is just only accepting its own Authenticode certificate but I did not find info about this. Or maybe Inf2cat is not enough for this Windows edition.
Where do you think can be the issue?
>> [Device Install (DiInstallDriver) - C:\icasecurestoreminidriver.inf]
>>> Section start 2021/12/02 13:48:51.989
cmd: "C:\Windows\System32\InfDefaultInstall.exe" "C:\icasecurestoreminidriver.inf"
ndv: Flags: 0x00000000
ndv: INF path: C:\icasecurestoreminidriver.inf
dvs: {DrvSetupInstallDriver - C:\icasecurestoreminidriver.inf}
dvs: Flags: 0x00000000
dvs: {Driver Setup Import Driver Package: C:\icasecurestoreminidriver.inf} 13:48:52.021
sto: {Copy Driver Package: C:\icasecurestoreminidriver.inf} 13:48:52.054
sto: Driver Package = C:\icasecurestoreminidriver.inf
sto: Flags = 0x00000007
sto: Destination = C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}
sto: Copying driver package files to 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}'.
flq: {FILE_QUEUE_COMMIT} 13:48:52.055
flq: Copying 'C:\ICASecureStoreMinidriver.cat' to 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\ICASecureStoreMinidriver.cat'.
flq: Copying 'C:\icasecurestoreminidriver.inf' to 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf'.
flq: {FILE_QUEUE_COMMIT - exit(0x00000000)} 13:48:52.055
sto: {Copy Driver Package: exit(0x00000000)} 13:48:52.070
ump: Import flags: 0x00000000
pol: {Driver package policy check} 13:48:52.102
pol: {Driver package policy check - exit(0x00000000)} 13:48:52.102
sto: {Stage Driver Package: C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf} 13:48:52.102
inf: {Query Configurability: C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf} 13:48:52.102
inf: Driver package is fully isolated.
inf: Driver package 'icasecurestoreminidriver.inf' is configurable.
inf: {Query Configurability: exit(0x00000000)} 13:48:52.117
flq: {FILE_QUEUE_COMMIT} 13:48:52.117
flq: Copying 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\ICASecureStoreMinidriver.cat' to 'C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\ICASecureStoreMinidriver.cat'.
flq: Copying 'C:\Users\ROMANK~1\AppData\Local\Temp\{11f45f5d-a8b1-0846-8bac-3b21524d807e}\icasecurestoreminidriver.inf' to 'C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\icasecurestoreminidriver.inf'.
flq: {FILE_QUEUE_COMMIT - exit(0x00000000)} 13:48:52.117
sto: {DRIVERSTORE IMPORT VALIDATE} 13:48:52.117
sig: Driver package catalog is valid.
sig: {_VERIFY_FILE_SIGNATURE} 13:48:52.133
sig: Key = icasecurestoreminidriver.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\icasecurestoreminidriver.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\ICASecureStoreMinidriver.cat
! sig: Verifying file against specific (valid) catalog failed.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 13:48:52.149
sig: {_VERIFY_FILE_SIGNATURE} 13:48:52.149
sig: Key = icasecurestoreminidriver.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\icasecurestoreminidriver.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp\{4499a41d-053a-0444-97ff-e852ae10b721}\ICASecureStoreMinidriver.cat
! sig: Verifying file against specific Authenticode(tm) catalog failed.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 13:48:52.149
!!! sig: Driver package catalog file certificate does not belong to Trusted Root Certificates, and Code Integrity is enforced.
!!! sig: Driver package failed signature validation. Error = 0x800B0109
sto: {DRIVERSTORE IMPORT VALIDATE: exit(0x800b0109)} 13:48:52.149
!!! sig: Driver package failed signature verification. Error = 0x800B0109
!!! sto: Failed to import driver package into Driver Store. Error = 0x800B0109
sto: {Stage Driver Package: exit(0x800b0109)} 13:48:52.149
dvs: {Driver Setup Import Driver Package - exit (0x800b0109)} 13:48:52.164
!!! dvs: Failed to import driver packages under 'C:\icasecurestoreminidriver.inf'. Error = 0x800b0109
dvs: {DrvSetupInstallDriver - exit(800b0109)}
<<< Section end 2021/12/02 13:48:52.164
<<< [Exit status: FAILURE(0x800b0109)]
Windows for business | Windows Client for IT Pros | Devices and deployment | Other
Locked Question. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 2%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Adrian Dela Piedra 1 Reputation point2022-03-24T07:28:21.633+00:00 @Aleš Pospíchal any luck with this problem?
We also encountered this issue and this also occurs on Windows 10 ARM64 in our side. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 10%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQX%3C/text%3E%3C/svg%3E)
Qing Xiang 0 Reputation points2023-07-21T07:44:58.35+00:00 I seem to meet the same problem too. Do you resolve this problem?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 97%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
pdt 0 Reputation points2024-01-05T10:02:42.9233333+00:00 Was this every resolved? I face the same problem.
-
Qing Xiang 0 Reputation points
2024-01-18T09:16:22.59+00:00 We had to run WHQL for ARM64 driver and get whql catalog file instead of the other signing certificate
-
Qing Xiang 0 Reputation points
2024-01-18T09:18:38.8966667+00:00 @pdt
We had to run WHQL for ARM64 driver and get whql catalog file instead of the other signing certificate -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2024-10-26T05:40:29.6033333+00:00 In their recent announcements, Microsoft will be going away with WHQL for Printer Drivers.
https://learn.microsoft.com/en-us/windows-hardware/drivers/print/end-of-servicing-plan-for-third-party-printer-drivers-on-windowsAre there plans to support ARM64 self-signed drivers since WHQL will not be a solution soon?
-
Anonymous
2024-10-26T06:21:42.4133333+00:00 Removed redundant comment.
1 answer
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more