Home AOMEI Products Support

Windows 10 Anniversary: Backupper 3.5's drivers not signed with EV certificate

edited August 2016 in AOMEI Products Support

Last week I've been building a new system with Windows 10 Anniversary Update (version 1607). I wasn't really aware about this, but the mainboard had UEFI Secure Boot enabled per default, as recommended (enforced on out-of-the-box systems) by Microsoft.

Now, with the introduction of Windows 10 Anniversary Update, Microsoft enforces drivers that are signed with an Extended Validation Code Signing Certificate on all new (clean) Windows installs on systems with Secure Boot enabled

When trying to install AOMEI Backupper, Windows rejects the installation of the corresponding drivers as they are not signed with the the correct certificate.

I am aware that I can disable Secure Boot, but would rather not to, as it has some advantages. Many users probably wouldn't know how to do this anyway.

As per Microsoft Developer:
"Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change.

We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software."


Sources:

Windows Hardware Certification blog

Digital Trends

Comments

  • edited August 2016

    PS: Your website has been hacked & defaced (nice pic, though).

  • Sorry for that we do not test the windows10 Anniversary, so there are some problems. We are trying to test it and we will improve it in the next new version. Sorry

  • edited August 2016

    Thanks for your comment. The obvious, official and only (apart from not using your own kernel drivers at all) remedy for fixing this issue is to submit Backupper's kernel drivers to Microsoft's Dev Portal in order to get them digitally signed by Microsoft.


    This is a problem with Backupper's installation process (trying to install drivers without Extended Validation signing), not a problem with Backupper as an application itself.

  • Thanks Riset. We will check it.

  • Confirmed, and really really annoying :(

  • So how many people have you scared away from your product by now, by letting this problem linger for months?

  • Trust us, we are trying to solve it, but EV apply takes long time, and also the Microsoftware company are checking it, they do not respond us now. Please do not worry, it will be solved quickly.

  • edited December 2016

    Imho, the real problem is that AOMEI took notice of this issue far too late.

    Initially, Microsoft published their intent to enforce code-signing for kernel mode drivers in April of 2015 (yes, that's a 5):

    https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/04/01/driver-signing-changes-in-windows-10/

    There, they stated that they will start enforcing this with the release of the first Windows 10 version. So that was the first time you could have taken notice of this upcoming issue.

    Then in July of 2016, Microsoft stated that they had postponed enforcing this to the release of Windows 10 Anniversary Update:

    https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/

    Then, with the release of Windows 10 AU in August 2016, that enforcement went into effect.

    Experiencing the issue, I've tried to explain to you both the problem and its only solution in August 2016 (see - among others - my first post above).

    After a while, you've released a new binary for Backupper 3.5 with updated Symantec certificates and said that this would solve the problem, although it was clear that there's no way that this could fix the issue.

    I don't know at what time you finally submitted your kernel drivers to MIcrosoft's Dev Center for code-signing, but as the auditing by Microsoft obviously isn't completed yet, it must have been again pretty late.

  • edited December 2016

    Sorry for Windows 10 Anniversary Update (Windows 10 version 1607 or higher)

     

    We are happy that the driver signature problem on Windows 10 Anniversary version was solved. You can download AOMEI Backupper 4.0.1to enjoy. Hope this is the good news for every AOMEI user. And we apologize forall inconvenience caused sincerely.

     

    A few months ago, the Microsoft released the new Windows 10 Anniversary Update (Windows 10 version 1607 or higher) which requires digital signed driver. If the drivers of all softwares don’t use the EV certification, all the drivers in the software cannot be installed and usedsuccessfully. As you know, this is the new requirements from Microsoft. There is no doubt that AOMEI software meets the same problem of the EV certification and it causes much inconvenience for all of the loyal users of AOMEI software.

     

    Although we have been tried to solve the problem and it was solved eventually, we do not solve it immediately. AOMEI must say so sorry for all the users again. Your understanding is very appreciated. Thanks all of you.

     

    Please trust AOMEI, the technicians and allthe staff of AOMEI don’t give up to solve this problem all the time. AOMEI is worthy of your trust and support. Now we would like to share with you about the experience on solving the problem.

     

    As soon as we get the feedback about the problem from the users on the forum and email, our technicians try to do more tests and our leaders strive to ask the related information from the digital certification reseller. We find that although the SHA1 signature is in the AOMEI software, it also needs the SHA265 signature. Then we buy the SHA265 immediately. (You can check that there are two signature certifications of theAOMEI Backupper 3.5 version in the Windows 7 or higher system) After that, welet out a sign of relief, because we think that this problem is solved. But itdisappoints us again, the problem is also there. The worst thing is that ittakes long time to try this method to solve this problem.

     

    At this time, after we get the EV certification indication from our user, say thanks for you, on the Forum and we do the search from the website, we think that maybe the EV certification is useful for this problem. Then we ask the help from the EV certification reseller but they tell us that they are also not sure the driver problem will be solved with the EV certification. And the reseller continues to inform us that the EV certification for the driver must be authenticated by MS official website. But we want to try, because we need to try every possible way to solve the problem ASAP. So AOMEI don’t hesitate to buy the EV certification, however,there is one USB token for the EV certification must be delivered from foreign and it also takes so long time about one month. Finally, when we get the USB token for the EV one month later, our technicians work over time to get the AOMEI software which has the EV certification and then they submit the softwareto get the authentication from MS several times. It takes several work days toget the good news from MS. At last, our technicians test the fixed version many times and they exhaustedly inform us that the driver signature problem is solved perfectly.

     

    AOMEI are very sorry for that the problemon the Windows 10 Anniversary Update, we know that it has brought lots of inconvenience for all the AOMEI loyal users. Thanks very much for your supportand trust, AOMEI will try to improve the software all the time. Hope we arehelpful for you, because we are here with you.

     

    We would like to say thanks for all the friends in there. Your discussion in there is useful for AOMEI and AOMEIsoftware. We also must say thanks to those who @RiseT gives us the solution and suggestions to solve this problem.

     

    Due to this problem, AOMEI brings the troublefor all your guys. In order to show our sincerity, if you need the AOMEI paid software such as AOMEI Backupper or Partition Assistant, please send us theemail to [email protected]. We would like to give you the software for free to say thanks for your support and understanding.

     

    AOMEI TECH

    Merry Christmas


Sign In or Register to comment.