On a Windows 64-bit system, when digital signature authentication is enabled normally, the driver software must be digitally signed by Microsoft before it can be used. Otherwise, under the device manager, after the hardware driver is installed, there will be a "yellow exclamation mark" mark on the device, and right-clicking the device properties will prompt: "Windows cannot verify the digital signature of the driver required by this device. (Code 52)"
When installing and using a digitally signed driver on some Windows operating systems, but still prompting the above error, the reason should be related to the digital signature algorithm supported by the system, and the details are as follows.
Tips: Check whether the driver used contains digital signature information. Take the CH341SER driver software as an example, right-click the CAT certificate file in the driver package, and select the "Digital Signature" column, the following indicates that the driver contains digital signature information.
background knowledge
Signatures are used to verify that updates come directly from Microsoft and have not been tampered with during delivery. To help secure the Windows operating system, drivers were originally signed using both the SHA-1 and SHA-2 hash algorithms. Due to the weakness of the SHA-1 algorithm and to align with industry standards, Windows changed the signing of Windows Updates to exclusively use the more secure SHA-2 algorithm. This change was phased in from April 2019 to September 2019 to allow for a smooth migration.
limited operating system
Customers running older OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2) will need to have SHA-2 code signing support installed on their devices in order to install updates released on or after July 2019. Windows Updates installed on or after July 2019 will not work without SHA-2 support. To help you prepare for this change, we released support for SHA-2 signatures starting in March 2019, with incremental improvements. Windows Server Update Services (WSUS) 3.0 SP2 will gain SHA-2 support for secure delivery of SHA-2 signed updates.
Windows original link description: 2019 SHA-2 Code Signing Support requirement for Windows and WSUS - Microsoft Support
Summary and Solutions
At present, Microsoft has completely disabled the SHA-1 hash algorithm to complete the signature. After August 2018, the digital signature of the driver all uses the SHA-2 (ie SHA256) algorithm, resulting in some not being updated in time and not supporting SHA-2. Greek-based operating systems cannot properly support digitally signed drivers.
On the above system, you can download and install Windows security patches that support the SHA-2 algorithm: