This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TMS320C5535: Need the TI “C55xx_USB_EP_64.sys” driver signed to increase security on our MS Windows PCs. Can no longer run with Driver Signing Disabled.

Part Number: TMS320C5535

Microsoft is slowly clamping down regarding the use of unsigned drivers especially related to Windows 10. As Microsoft states; "Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal". Their rationale is that this is for security purposes (which is now crucial for us).

 We have been using the unsigned (C55xx_USB_EP_64.sys) TI USB Boot loader driver (with driver signing disabled) on our Windows 10 PCs. We use it to facilitate loading Firmware on our TI based product in manufacturing. Our latest Company IT policy now disallows operating our PCs with driver signing disabled (for security purposes). We must also continually install the latest updates on our Windows 10 PCs. Based on the direction Microsoft is heading, one of their updates could easily cause the bootloader to quit working, and disrupt our manufacturing process.

 Is TI planning to supply a signed driver for this application soon to resolve this situation once and for all? If not, what is the rationale for not doing so? We are aware that other TI product lines do provide signed drivers in various cases.

 Please advise ASAP,

  • Hi Joe,

    This question recently came up on another thread. You can read it over here:
    e2e.ti.com/.../2597845

    I just pinged the engineer about it, but I believe there is no plan to sign the C55x related driver for USB booting. See his post for a workaround.

    Hope this helps,
    Mark
  • Hi Mark,

    This doesn’t really help me.

    Disabling Driver Signing is no longer an option for us due to Security concerns (not because it won’t work as a workaround). Keeping our PCs running with driver signing disabled violates our internal IT security policy. I am really looking for a general solution (not a workaround that may quit working down the road). What is the rationale for not providing a signed driver in this case? Is there a general TI Policy that covers this. I know that signed drivers are available from TI for certain product lines, and providing one in this case should eliminate the issue altogether.

    Thanks for the quick response,

    Joe
  • Joe,

    I understand. I don't know the rationale. I've raised your issue up the chain.

    Just considering all possibilities... Can you run a PC or virtual machine with an older version Windows, and keep it off the network just for this task?

    Regards,
    Mark
  • Mark,

     

    Well, we have already floated the suggestions you mentioned internally. Our CIO is adamant that we need to keep up with the latest version of Win 10 and remain networked, which in the short term is working (with driver signing disabled of course).  Also note that the PCs we use for the USB boot load are in multiple locations, and perform tests that require a network connection to a server to store the test results. Anyway, we are disabling driver signing for the time being (as I mentioned), but we really need to come up with a better long-term solution.

     

    Thanks again for the quick response and raising the issue up the chain,

     

    Joe

  • Hi Joe,

    Just following up.
    We are working on a signed driver release using our TI certificate. It is estimated to be available around the end of Sept 2018.

    Regards,
    Mark
  • Mark, that's great news, thanks for the update.
    Joe