MSP430 USB CDC class driver find - digitally signed?

Thanks Katie, I'll take a look at that.

Driver signing is available only from Microsoft, for a (significant) fee.

Jens-Michael Gross said:

Driver signing is available only from Microsoft, for a (significant) fee.

That is not entirely accurate. Software publishers can obtain an SPC from a trusted CA and a certificate from Microsoft that allows them to sign their own drivers. Indeed that is what we do here at my employer. I recently went through this for a driver I modified.

TI can provide their own signed drivers for the standard (un-modified) modes of the USB stack. However, usually modifying the .INF file (for updating VID/PID for instance) invalidates the signature, as what is signed is the whole package, not just the driver files individually.

I imagine this is what Katie was referring to.

Well, so it is either directly or indirectly available from Microsoft only. For a fee in both cases. And I guess, an even larger one if you can sign your own drivers.  :)

Not to mention that you need to have your certificate imported into the target windows (Microsoft surely won’t give away their ‘master’ certificate)

Well, for a plain vanilla developer, it is out-of-reach.

Maybe TI can provide a signing service, so you can send-in your driver package and get it signed (of course not with the official TI certificate but rather with a ‘TI customer’ certificate)
Like it is done for vendor/product IDs for USB devices, or MAC addresses.

Well, having the same certificate for all customers also means that the end user can’t really trust it anymore (since TI surely won’t do any driver testing), rendering the whole driver signing mechanism void.

Hi All,

TI has the ability to get a driver signed in-house with what is called a TI test signature. Not sure about the cost. Our internal department handled it for us. In our next USB stack release all CDC examples will use this signed inf file.

Regards,

Nitya Ramdas

Would be great if you could send in your INF file (or enter the ID information into a form) and get a signed driver package back. This way, nobody can get a signature for a fake driver but still get a signed driver for his product.
Could be automated on TI’s side and greatly increase the value of the MSPs with USB controller for small projects.

There seems to be a very muddled picture on this topic within TI - small developers can't tackle this sort of issue without the support of the manufacturer. There needs to be an official strategy, and one that helps us to use TI solutions in our designs.

Maybe nobody ever thought about it until now.

For Vendor/device IDs as well as for MAC addresses, many manufacturers (including TI) offer services for their customers for years. However, the need to sign drivers is quite new, compared to the need for an ID/MAC. More, it wasn’t an issue at all in the past while for ID/MAC it was a known requirement right from the beginning.

Perhaps it needs only be brought to attention to the right persons to get it solved soon.

I’ll forward this thread to someone ‘official’.

Jens-Michael Gross said:

I’ll forward this thread to someone ‘official’.

Jens-Michael,

I did post this suggestion over at Power Players hoping some of the TI folks there would pick it up. I haven't seen any response. I would be interested to know what you hear back (you can comment on my thread there).

Things like that aren’t simple and can’t be discussed in the public. Maybe your post has already started a big internal discussion. But likely you won’t hear about the outcome before there isn’t at least a semi-official answer found.

I did discuss this with Katie at the TI Munich event, it seems we should expect to see something relevant in the next stack release.

Hi all,

The latest USB stack version was just released, and there's a post here describing some of the relevant changes: http://e2e.ti.com/support/microcontrollers/msp430/f/166/p/381350/1343199.aspx#1343199

Regards,

Katie

Steven Brown64 said:

Has anyone found a way to digitally sign their INF file, complete with a Security Catalog (*.cat) file?

If it were as simple as writing your own CAT file, signing drivers would be pointless.

The point in signing drivers is that they are signed by someone the end user knows and trusts. And this institution needs to be sure it won't sign drivers that are potentially harmful (so people would no longer trust them).

That means, you can send your drivers to Microsoft for (testing and) signing. Or to someone else who got Microsofts permission to do so. If this one wants to risk his reputation on your drivers. This gives Microsoft some control oabout the drivers out there (and also some additional income).

However, I suggested 20 months ago that one should be able to send-in his INF file (or maybe even just a form with the required changes regarding device ID and name) to TI and get back a signed package with the proper INF file and the (already tested)  binaries from the standard package. Could be done as a simple (and inexpensive if not free) service.

And a required step to appeal any developer to use TI USB products so they can run under a recent windows installation without any admin tricks and manual registry hacks on the end user side.

You can test CDC device on Linux, OS X (before 10.11) or older windows. Linux and OS X will not ask for any drivers, and inf file for Win will be enough. if your device is working fine (regarding CDC) with 4 MHz XT2, it will work with 32 MHz XT2 with same Win drivers (inf file). There is no need to generate new driver (inf file) because of changed XT2.

As Zrno Soli correctly stated, the original, signed drivers will work as long as your device uses the original vendor and device ID.
It doesn't matter what firmware you have on the device. If USB works at all, only the reported vendor and device IDs determine the driver that is loaded in Windows.

Of course, all devices will appear as the same one to Windows then, and will have the default name. If you later want your device to appear with your own, 'telling' name, you'll need to change the INF file to show a different name and recognize other IDs. And then you'll need to sign the whole driver package again.

You promised signed CDC drivers 3 years ago where they are?

Can I get one?

Hi Viktor,

Signed CDC drivers for Windows 7 and 8 are already part of the latest version of MSP430USBDevelopersPackage:  

 http://www.ti.com/tool/MSP430USBDEVPACK

Are you having issues with a particular Windows operating system?  Can you give me more information as to what error you are seeing if any?  What version of the MSP430USBDEVPack is your software running? 

Regards,

Arthi Bhat