USB Debug Connection Device (usb2dbg.sys) - Windows cannot verify the digital signature... (Code 52)

  • Thread starter Thread starter JP Styskal
  • Start date Start date
J

JP Styskal

Guest
Trying to connect host system to target system over USB 3.0 cable for WinDbg debugging.

Followed all the steps at the "setting-up-a-usb-3-0-debug-cable-connection" article.

Using WinDbg Preview, which installs the 10.0.19528.1000 version of usb2dbg (per .inf file). The problem has also occurred with the 10.0.17763.132 version.

Unable to connect. (The cable works in colleague's environment.)

Device Manager is showing the USB Debug Connection Device yellow-banged with the following message:

“Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)”

Manually/visually the certificate chain appears to be fine ("The certificate is OK" for each cert.)

Data point: I disabled driver signature enforcement (enabled testsigning) and it still failed.

I watched setupapi.dev.log on the most recent cycle, with these results:

Uninstalled WinDbg Preview à usb2dbg ‘19528 is removed from DriverStore).

Re-installed WinDbg Preview

Ran WinDbg and attempted to attach via USB ("Waiting to connect…")

NOTE: I had previously checked the box to trust drivers from “Microsoft Corporation” when prompted, so this time there was no prompt.

à usb2dbg ‘19528 is added to DriverStore at

C:\WINDOWS\System32\DriverStore\FileRepository\usb2dbg.inf_amd64_f3f7cebc79d06753

This results in the following lines in setupapi.dev.log:

. . .

sig: {_VERIFY_FILE_SIGNATURE} 10:49:22.696

sig: Key = usb2dbg.inf

sig: FilePath = C:\WINDOWS\System32\DriverStore\Temp\{5902830c-116d-5f4d-ac90-e5f55db1266e}\usb2dbg.inf

sig: Catalog = C:\WINDOWS\System32\DriverStore\Temp\{5902830c-116d-5f4d-ac90-e5f55db1266e}\usb2dbg.cat

! sig: Verifying file against specific (valid) catalog failed.

! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 10:49:22.703

sig: {_VERIFY_FILE_SIGNATURE} 10:49:22.704

sig: Key = usb2dbg.inf

sig: FilePath = C:\WINDOWS\System32\DriverStore\Temp\{5902830c-116d-5f4d-ac90-e5f55db1266e}\usb2dbg.inf

sig: Catalog = C:\WINDOWS\System32\DriverStore\Temp\{5902830c-116d-5f4d-ac90-e5f55db1266e}\usb2dbg.cat

sig: Success: File is signed in Authenticode(tm) catalog.

Sig: Error 0xe0000241: The INF was signed with an Authenticode(tm) catalog from a trusted publisher.

Sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 10:49:22.718


Then I connected host/target over USB3 cable and powered-on the target. Device arrival on host à

This resulted in the following lines in setupapi.dev.log:

. . .

!!! dvi: Device not started: Device has problem: 0x34 (CM_PROB_UNSIGNED_DRIVER), problem status: 0xc0000428.

dvi: {Configure Device - exit(0x00000000)} 10:58:28.615

dvi: Device Status: 0x01806400, Problem: 0x34


Trying to validate the cert chain of the signature:

C:\Windows\System32\DriverStore\FileRepository\usb2dbg.inf_amd64_f3f7cebc79d06753>signtool verify /v /kp /c usb2dbg.cat usb2dbg.sys



Verifying: usb2dbg.sys

File is signed in catalog: usb2dbg.cat

Hash of file (sha1): 067B6BFEE040F38AC2181B37D1DAEB07F0F6A4DA



Signing Certificate Chain:

Issued to: Microsoft Root Certificate Authority 2011

Issued by: Microsoft Root Certificate Authority 2011

Expires: Sat Mar 22 16:13:04 2036

SHA1 hash: 8F43288AD272F3103B6FB1428485EA3014C0BCFE



Issued to: Microsoft Code Signing PCA 2011

Issued by: Microsoft Root Certificate Authority 2011

Expires: Wed Jul 08 15:09:09 2026

SHA1 hash: F252E794FE438E35ACE6E53762C0A234A2C52135



Issued to: Microsoft Corporation

Issued by: Microsoft Code Signing PCA 2011

Expires: Sat May 02 15:37:46 2020

SHA1 hash: 711AF71DC4C4952C8ED65BB4BA06826ED3922A32



The signature is timestamped: Thu Jan 02 16:14:20 2020

Timestamp Verified by:

Issued to: Microsoft Root Certificate Authority 2010

Issued by: Microsoft Root Certificate Authority 2010

Expires: Sat Jun 23 16:04:01 2035

SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5



Issued to: Microsoft Time-Stamp PCA 2010

Issued by: Microsoft Root Certificate Authority 2010

Expires: Tue Jul 01 15:46:55 2025

SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE



Issued to: Microsoft Time-Stamp Service

Issued by: Microsoft Time-Stamp PCA 2010

Expires: Fri Dec 04 14:41:09 2020

SHA1 hash: 38071FF037D5DC5476017EDB8D63BCB31EA18CC5



SignTool Error: A certificate chain processed, but terminated in a root

certificate which is not trusted by the trust provider.

SignTool Error: File not valid: usb2dbg.sys



Number of files successfully Verified: 0

Number of warnings: 0

Number of errors: 1


So at least it’s consistent with Device Manager (and setupapi.dev.log) now. However, I can’t find any evidence that the certificates are bad. The root certs in the two chains above are both present without error (“The certificate is OK”) in the Trusted Root Certification Authorities store. For the intermediate certs, only the one from the signing cert chain ("Microsoft Code Signing PCA 2011") appears in Intermediate Certification Authorities. The other one, from the time-stamp chain ("Microsoft Time-Stamp PCA 2010") is nowhere to be found in certlm.msc, certmgr.msc, or in the output of the powershell command: Get-ChildItem -Recurse Cert:\

However, I see this same intermediate cert in the apparently-OK chains of other MS drivers (acpi.sys, disk.sys, …).

I have gone through the process with three other generic machines (not a development system) as host, just installing WinDbg Preview, and the problem occurs there as well. In all, I have tried two 1809 Win10 x64 machines and two 1909 Win10 x64 machines.

Any ideas?

It's a lot of details -- please let me know if you need even more!

Thank you very much.

Continue reading...
 
Back
Top