SynchronousAudioRouter
SynchronousAudioRouter copied to clipboard
eiz
SAR still unsigned.
I've been trying a 0.12 and 0.13 and they all seemed to be unsigned for me.
I've recently just got it to start working! Check this link here for ways to install unsigned drivers:
https://www.supportrix.com/kb/how-to-install-unsigned-drivers-in-windows-10/
I've tried using the Advanced Boot Menu method and it worked for me. You should be able to check whether the driver is working in the Device Manager (using the search function should bring it up for you) under "Sound, video, and game controllers." If "Synchronous Audio Router" has an exclamation icon next to it then it means that Windows won't run it. After getting it installed properly it should disappear. Hope this helps!
EDIT: This method seems to deactivate the driver upon restart; I tried using the enable test mode method and SAR still worked after several reboots after so maybe you could try that too if you'd like.
Release 0.13.2 is not signed. I could install 0.13.1 without issues. Will future releases be signed again? I read the following https://github.com/eiz/SynchronousAudioRouter#unsigned-prereleased-drivers-note
Prereleases of SAR are unsigned. That means that it is required to enable testsigning boot option to make Windows load the driver. Else the driver won't be loaded.
However, I just looked at the releases and all releases are marked pre-release. Release 0.13.1 is signed and I could install that without any issues.
Signing a driver for Windows 10 requires:
- understanding the complex process of signing a driver by Microsoft
- and probably a registered enterprise or maybe just a AD directory
- a lot of money for an EV certificate (around 600€ / year)
Previous releases were signed using an older certificate that is now expired.
Maybe eiz is working on it, but sadly that's a lot of administrative work to get it signed. (which I'm not willing to do, this is too much for me and I don't have any issues using Windows with testsigning enabled).
what sort of bounty would you/eiz need in order to be willing to go through the process for a given renewal period?
See also: https://discord.com/channels/373750800947871745/731985642950754366/799747195841937448
Now, signing a driver requires heavy administrative stuff (like having a registered enterprise). And that's mostly the issue, not a money issue. To quote eiz in the above discord link:
from time to time people have offered to chip in money to help solve this problem, and it's 100% not the issue. I can pay for any fees. The issue is I don't have the time or patience to navigate this bullshit, they just keep making it more and more complicated and locking things down more
See also: https://github.com/eiz/SynchronousAudioRouter/issues/86#issuecomment-769951998 https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/register-for-the-hardware-program https://www.reddit.com/r/windowsdev/comments/aloemr/just_what_is_needed_to_sign_a_windows_driver/eg1sow3?utm_source=share&utm_medium=web2x&context=3 https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release
Reading that reddit thread you cited, it seems that the poster discovered that an EV certificate (the one requiring the registered enterprise and so forth) is only required for SecureBoot-compatible drivers, and a Standard Class 3 certificate can be used with SecureBoot disabled and not require testsigning mode to be enabled? Would that be a possibility?
I've recently just got it to start working! Check this link here for ways to install unsigned drivers:
https://www.supportrix.com/kb/how-to-install-unsigned-drivers-in-windows-10/
I've tried using the Advanced Boot Menu method and it worked for me. You should be able to check whether the driver is working in the Device Manager (using the search function should bring it up for you) under "Sound, video, and game controllers." If "Synchronous Audio Router" has an exclamation icon next to it then it means that Windows won't run it. After getting it installed properly it should disappear. Hope this helps!
EDIT: This method seems to deactivate the driver upon restart; I tried using the enable test mode method and SAR still worked after several reboots after so maybe you could try that too if you'd like.
Did you use test mode only for installation, or you left it turned on?
Signing a driver for Windows 10 requires:
- understanding the complex process of signing a driver by Microsoft
- and probably a registered enterprise or maybe just a AD directory
- a lot of money for an EV certificate (around 600€ / year)
Previous releases were signed using an older certificate that is now expired.
Maybe eiz is working on it, but sadly that's a lot of administrative work to get it signed. (which I'm not willing to do, this is too much for me and I don't have any issues using Windows with testsigning enabled).
I, personally, am unable to enable testsigning, so this sucks. Lmao.
I, personally, am unable to enable testsigning, so this sucks. Lmao.
Just use something else then unless you want to donate a large sum of money so that someone can spend hours or days to get this done?
If not, keep your LMAO to yourself.....
I think I was unclear before - how much would it cost to pay for someone to go through the frustration of figuring this out? I wasn't talking about paying for microsoft fees, I'm talking about cost of labor of getting it to work with microsoft's system so that the fees can be paid. My expectation is that the answer will be "geez, like, $5000 at least? I don't know?" and then that will be that unless someone turns up who wants it enough to spend either that much money to pay for the frustration-time of the core devs, or who wants to spend that-much-money's-worth of their own developer skills. But that's where I'm coming from in asking. But it's possible the answer is "If someone wanted to pay enough, I would be unwilling to accept the money due to suspicion"
I, personally, am unable to enable testsigning, so this sucks. Lmao.
Just use something else then unless you want to donate a large sum of money so that someone can spend hours or days to get this done?
If not, keep your LMAO to yourself.....
Uhm... I'm fairly certain you're taking my "lmao" personally. I was more laughing at my situation, not at the product/program. "this sucks" refers to it sucking that I'm unable to use the program. Please, I'm aware that it's impossible to tell inflections in text, but don't take "lmao" personally. Makes you look like a bit of a twat...
Has anyone discovered a way to get this to work without the unsigned drivers option?
UPDATE: I won't have time to test until later but I tried editing the group policy so that whenever windows encounters an unsigned driver it ignores the warning. It installed easy peezy but I won't have time to see if SAR works correctly with this setup until later.
UPDATE: I won't have time to test until later but I tried editing the group policy so that whenever windows encounters an unsigned driver it ignores the warning. It installed easy peezy but I won't have time to see if SAR works correctly with this setup until later.
This must be an older version of Windows, or you don't have secure boot enabled. With secure boot the kernel will flatly refuse to load unsigned drivers at all; it's not a warning that can be skipped.
Mabye if we all ponyed up for the needed registering and licensing, we could get SAR into Windows 11 and into the future!. The developer should launch some kind of gofundme. SAR is so much better than ALP, voicemeeter, even better than using the built in loopback functions of most audio interfaces. It makes Windows more flexible at audio routing than Mac, for chrissake
El El sáb, 11 sep. 2021 a la(s) 10:53, Chris Howie @.***> escribió:
UPDATE: I won't have time to test until later but I tried editing the group policy so that whenever windows encounters an unsigned driver it ignores the warning. It installed easy peezy but I won't have time to see if SAR works correctly with this setup until later.
This must be an older version of Windows, or you don't have secure boot enabled. With secure boot the kernel will flatly refuse to load unsigned drivers at all; it's not a warning that can be skipped.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/eiz/SynchronousAudioRouter/issues/86#issuecomment-917411423, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATM3HVWMXSOXE6WYB277ZETUBNNNZANCNFSM4LDVJ4ZA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Yeah how much would the cost be? I can contribute a little bit for sure. I mean, I'd certainly purchase SAR as a product. Right now I'm using ASIO Link Pro, which gets the job done but its slightly more limited than SAR, plus it gives me issues with pro tools which just can't handle asio changes in windows. SAR would be really nice but I can't use it if I have to run in test mode.
looks like the prices range from 250-500/year depending on how many years you sign up for. Unfortunately I'm pretty broke but I can probably afford around $70. If I book a good gig this month I might be able to do a little more. #freelancelife
if the price is THAT low, from my vantage point (I use this for work every week, channeling various audio sources like Sonobus and Reaper in an out of Zoom and OBS) it would be a no brainer, really. A donation icon could be added to SAR webpage... I mean, don't we all want it to work without the unsigned driver shenanigans? I for one really want to migrate to Windows 11. I was fearing the cost for signing a driver would be up in the thousands... Look, I am in Latin America, 3rd world country, but* I am willing to pledge US$100 towards this happening*, and be the first to do so if needed, if the developer is reading this... please implement a donation channel, so we can jumpstart the whole process and get it by October 5, when Windows 11 will launch!
Yonatan
El sáb, 11 sept 2021 a las 15:21, InanimateCrbnRod (< @.***>) escribió:
looks like the prices range from 250-500/year depending on how many years you sign up for. Unfortunately I'm pretty broke but I can probably afford around $70. If I book a good gig this month I might be able to do a little more. #freelancelife
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/eiz/SynchronousAudioRouter/issues/86#issuecomment-917450788, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATM3HVUTZNZEGHEF62BW4O3UBOMZNANCNFSM4LDVJ4ZA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
The $$ cost is not really the issue, it's the process itself. See https://github.com/eiz/SynchronousAudioRouter/issues/86#issuecomment-771972441
The comment is vague, it just says its difficult. How can we make it less difficult? I really want to support the developers and not only would i purchase the software but I have others I could convince to purchase as well. I could also maybe help in other capacities. I would just really love better asio support in windows and SAR is the best bet I've found, unfortunately its too cumbersome for me to use in its current state without driver-signing. Any way I can help please let me know i really want to make this happen
EDIT: I read the links below the comment and understand the situation a little better now. I would be happy to research it more and try and come up with a streamlined solution on Monday when I have free time.
Basically, you need to have a registered company to have an EV certificate, which is needed to get the driver properly signed. That's one of the deal breaker. See https://community.osr.com/discussion/292357/driver-signing-options-for-an-independent-developer
Tim_Roberts - September 2020
No, there is no alternative. You are correct that the GoDaddy certificate will not work for Windows 10. For Windows 10, your driver must be signed by Microsoft itself. In order to do that, you have to create a Hardware Dashboard account. To do THAT, you need an EV certificate. To do THAT, you have to be a corporation. Individuals cannot get one.
An open source driver would usually be released in source form. That doesn't need a certificate, of course. The people who want to build and use your driver would either need their own certificate, or to put their system in "test" mode.
Source is here: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/register-for-the-hardware-program
Information I've found about signing drivers
Recent changes
Kernel-Mode Code Signing Requirements for Public Release of a Driver:
Starting with Windows 10, version 1607, Windows will not load any new kernel mode drivers which are not signed by the Microsoft through the Hardware Dev Center. Valid signatures can be obtained by either Hardware Certification or Attestation.
| Driver runs on | Drivers signed before July 1 2021 by | Driver signed on or after July 1 2021 by |
|---|---|---|
| Windows Server 2008 and later, Windows 7, Windows 8 | WHQL or cross-signed drivers | WHQL or drivers cross-signed before July 1 2021 |
| Windows 10 | WHQL or attested | WHQL or attested |
Hardware Certification requires to register the hardware program:
-
If you have an existing organization Dev Center account that you want to use for the Hardware program, sign in with it before you begin registration.
-
You must have an Extended Validation (EV) code signing certificate. Check whether your organization already has a code signing certificate. If your organization already has a certificate, have the certificate available as you will be asked to sign a file. If your organization does not have a certificate, you will need to buy one as part of the registration process.
For information about code signing certificates and how to get a certificate, see Get a code signing certificate.
-
You will need to sign in with your organization’s Azure Active Directory (Azure AD) Global administrator account. If you don’t know whether your organization has an Azure AD directory, contact your IT department. If your organization doesn’t have an Azure AD directory, you must be able to create one.
-
You must have the authority to sign legal agreements on behalf of your organization.
Attestation signing requires:
- Acquire an EV Code Signing Certificate (This is a requirement for step 2.)
- Register your company for the Partner Center
- Download and install the Windows Driver Kit
- Create a CAB files submission
- Sign the CAB file submission with your EV Cert
- Submit the EV signed Cab file using the Partner Center
- Validate that the driver was properly signed
- Test your driver on Windows 10 for Desktop
Import thing to note about attestation signing:
An attestation signed driver works on Windows 10. It does not work on earlier versions of Windows, such as Windows 8.1 and Windows 7, and is not supported for Windows Server 2016 and later.
Summary
Hardware certification requires doing many tests using Windows HLK Studio and sending the result along with the driver to Microsoft. I admit I don't fully understand everything about this process. Attestation signing is "easier" but still requires a company to take over the driver signing process.
Other sources
http://wrogn.com/tag/driver-signing/ https://www.davidegrayson.com/signing/
https://www.ghacks.net/2020/11/30/reminder-supports-for-root-certificates-with-kernel-mode-signing-capabilities-ends-next-year/ https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-signing-changes-in-windows-10-version-1607/ba-p/364894 https://borncity.com/win/2021/01/07/windows-10-achtung-treibersignierung-ndert-sich-2021-alt-treiber-nicht-mehr-nutzbar/
Thank you for the succinct information! I am going to do research o Monday when I'm free and reply here. If an LLC can count as a corporation and it doesn't cost much to become a Microsoft partner, then I might be able to be your corporation. Will report back later, thank you.
UPDATE: In the meantime, the developer mentioned that former versions of SAR used a now expired certificate. Would it then be possible to sign the driver using something like this? :
https://github.com/lnslbrty/PastDSE
ALSO, would just using EFIGuard allow us to run the driver for now?? I'm trying to figure out how unsecure that would make my system but a lot of this stuff is over my head
Sorry, not trying to spam this thread, I am just hyper-focused on this right now (which sucks because I'm supposed to be working haha). My main problem is that my work computer is also my gaming computer and I don't want to constantly be rebooting in and out of test mode (because of anti-cheat). This github page is a little confusing but would it be possible to sign SAR with this?? and then anyone who wants to run SAR outside of test mode could just use this driver enabler?
https://github.com/valinet/ssde
yes you may be able to use it, if you can do this:
- Generate a self signed certificate (this should not be a problem)
- Set that certificate as the platform key in the UEFI BIOS (I don't know if all BIOSes support this, this can be the major thing)
- Sign the SAR driver with that certificate
- Sign the SSDE driver with that certificate
- Use SSDE to install everything in Windows so it let you load drivers signed by your custom certificate
This can be done individually by anyone who want to try, but this can't be done globally for SAR releases as this would require everyone to use the same platform key whose private key would be public by being in GitHub release files (which I'm not comfortable with).
Read that README, it contains a good summary of how it works: https://github.com/HyperSine/Windows10-CustomKernelSigners (the other article is rather long)
thank you so much for responding! I completely agree about not wanting to share platform keys! The article is extremely confusing for me but I'm gonna do my best to understand it when I have the time to focus on it. Thanks again. Would I really have to re-install all my past and future drivers with ssde?? That sounds like a hassle. or does it sound worse than it actually is? Thanks again
I think you need so sign only drivers that are unsigned but not existing drivers already signed by Microsoft. But if the SAR driver changes, you will need to re-sign it if you want to use it.
Oh gotcha, that's not a problem at all! Can't wait to look into this later, I hope it works
Thank you all for looking into this. I appreciate the time you're putting into getting this sorted. (It's exactly the kind of thing I'd've tinkered with when I was in college but now lack the free time for. 😢 )
I'm still trying to get the workaround to work using ssde. I'm almost there but ran into a snag. in the meantime, I'm trying to sign the SAR driver but I have some noob questions.
-I extracted the msi, and I see two DLLs, and two Sys files. I'm assuming I sign all four files. Do I sign them with my Kernel-Mode certificate or my root authority one? or my UEFI/PK one?? I'm assuming I use the kernel mode certificate on the two sys files, its the DLL's I am confused about
-After signing them, how do I repackage the msi, or alternatively how do I install them without the msi?
Thanks!
UPDATE: same questions apply but just wanted everyone to know that I have ssde working now and can run self-signed drivers on windows 10 now. If anyone would like to know how I can help. Its not easy and you should make a full backup of your OS drive with macrium reflect or something beforehand, but it is doable.
UPDATE 2: Okay so the snag I've hit now is that the workaround with ssde somehow disables the ability to use advanced startup so I can't disable Driver Signature enforcement to install the MSI package. My plan was to install, then sign the files individually with my own certificate. I can't use testmode without disabling secure_boot and I don't want to do that
UPDATE 3: SUCCESS!!!!!!!!! I am running the latest SAR in Reaper as we speak on windows 10 without testmode.
@InanimateCrbnRod I'm running into issues with the Policy file, did you generate your own or use the bin file?
