[email protected]: can not build a signed catalog file for Vista 64.

Discussion in 'Windows Vista Drivers' started by Joerg Hoppe, Sep 4, 2006.

  1. Joerg Hoppe

    Joerg Hoppe Guest

    Hello everybody!



    *** Problem:
    WDF/KMDF: I can not build a signed catalog file
    (signtool.exe verify gives errors).
    I use already the updated signtool.exe (Version 6.0.5440.0).
    - signtool.exe verify gives an undocumented error
    - Vista says about my inf-file: "This driver is not digitally signed!"

    So I think to whole signing process failed



    *** Background:
    Because I worked the last years with Compuware Driver:Works, I'm quite
    new to the driver development process with Microsoft tools.

    I now have to port a driver to WDF/KMDF and try to get familiar with the
    driver signing process for Vista.

    For test of my own build environment, I want to get the WDF-ECHO-example
    running on Vista on a AMD64x2 machine.

    For build, I use WindowsXP.


    *** I list here all steps of my building and signing process:

    1) This is how I made a test certificate:

    CMD>c:\WinDDK\5384\bin\selfsign\Makecert.exe -r -pe -ss PrivateCertStore
    -n "CN=PEAKTESTCERT" D:\PEAK\PEAKCAN3\testcert.cer

    .... seems OK.

    2) This is how I build ECHO (copied into my own build directory):

    CMD>call C:\WinDDK\5384\bin\setenv.bat c:\WinDDK\5384\ CHK x86 WLH
    CMD>cd /d D:\PEAK\PEAKCAN3\CURRENT\ECHO
    CMD>build -ceZP

    .... seems OK.
    Now I have echo.sys and echo.inf. See echo.inf at the end of thsi email!


    3) Now I copy the coinstaller DLL in the directory where echo.sys and
    echo.inf were generated:
    CMD>copy c:\WinDDK\5384\redist\wdf\x86\WdfCoInstaller01005.dll
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386


    4) I stamp ECHO.INF:
    CMD>c:\WinDDK\5384\bin\x86\stampinf -f ECHO.inf -d 09/04/2006 -v 6.0.9999.0

    .... seems OK

    5) Now I create an catalog file, I call it "KmdfSamples.inf"
    I use "makecat.exe" and a *.cdf-File, see below.
    (This is because SIGNABILITY.EXE does not work at all ...)


    ----------------- BEGIN pack_sign.cdf --------------------------------
    [CatalogHeader]
    Name=KmdfSamples
    ResultDir=D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386

    [CatalogFiles]
    <HASH>wdfcoinstaller=D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\WdfCoInstaller01005.dll
    <HASH>inffile=D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\ECHO.inf
    <HASH>sysfile=D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\ECHO.sys
    --------------------- END pack_sign.cdf --------------------------------


    CMD>c:\WinDDK\5384\bin\selfsign\makecat.exe -v
    D:\PEAK\PEAKCAN3\Scripts\execute\pack_sign.cdf
    opened: D:\PEAK\PEAKCAN3\Scripts\execute\pack_sign.cdf
    processing: <HASH>wdfcoinstaller
    processing: <HASH>inffile
    processing: <HASH>sysfile
    Succeeded


    6) I try to sign my catalog file "KmdfSamples.inf"


    CMD>c:\WinDDK\5384\bin\selfsign\SignTool.exe sign /v /s PrivateCertStore
    /n PEAKTESTCERT

    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.cat
    The following certificate was selected:
    Issued to: PEAKTESTCERT
    Issued by: PEAKTESTCERT
    Expires: 01.01.2040 01:59:59
    SHA1 hash: 91F8CF9553ED09B76D039A17646416533D9534D0

    Done Adding Additional Store

    Attempting to sign:
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.CAT
    Successfully signed:
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.CAT

    Number of files successfully Signed: 1
    Number of warnings: 0
    Number of errors: 0


    .... it seems OK

    7) I timestamp the catalog file
    CMD>c:\WinDDK\5384\bin\selfsign\SignTool.exe timestamp /v /t
    http://timestamp.verisign.com/scripts/timestamp.dll
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.cat

    Timestamping:
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.CAT
    Successfully timestamped:
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.CAT

    Number of files successfully timestamped: 1
    Number of errors: 0

    .... it seems OK

    8) I verify the catalog file:

    CMD>c:\WinDDK\5384\bin\selfsign\SignTool.exe verify /v /pa
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.cat

    Verifying:
    D:\PEAK\PEAKCAN3\CURRENT\ECHO\sys\OBJCHK_WLH_x86\i386\KmdfSamples.CAT
    Signing Certificate Chain:
    Issued to: PEAKTESTCERT
    Issued by: PEAKTESTCERT
    Expires: 01.01.2040 01:59:59
    SHA1 hash: 91F8CF9553ED09B76D039A17646416533D9534D0

    The signature is timestamped: 04.09.2006 10:38:20
    Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires: 01.01.2021 01:59:59
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

    Issued to: VeriSign Time Stamping Services CA
    Issued by: Thawte Timestamping CA
    Expires: 04.12.2013 01:59:59
    SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

    Issued to: VeriSign Time Stamping Services Signer
    Issued by: VeriSign Time Stamping Services CA
    Expires: 04.12.2008 01:59:59
    SHA1 hash: 817E78267300CB0FE5D631357851DB366123A690


    Number of files successfully Verified: 0
    Number of warnings: 0
    Number of errors: 1

    *** What is this error???


    9) I try to install on Vista:

    After I select the echo.inf, there's the message
    "This driver is not digitally signed!"

    So I think to whole signing process failed




    ----------------- BEGIN echo.inf -----------------------
    ;/*++
    ;
    ;Copyright (c) 1990-2000 Microsoft Corporation
    ;
    ;Module Name:
    ; ECHO.INF
    ;
    ;Abstract:
    ; INF file for installing the Driver Frameworks ECHO Driver
    ;
    ;Author:
    ; Ravi Gollapudi (RaviG) Oct 2002
    ;
    ;Installation Notes:
    ; Using Devcon: Type "devcon install ECHO.inf root\ECHO" to install
    ;
    ;--*/

    [Version]
    Signature="$WINDOWS NT$"
    Class=Sample
    ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171}
    Provider=%MSFT%
    DriverVer=09/04/2006,6.0.5384.4
    CatalogFile=KmdfSamples.cat

    [DestinationDirs]
    DefaultDestDir = 12

    ; ================= Class section =====================

    [ClassInstall32]
    Addreg=SampleClassReg

    [SampleClassReg]
    HKR,,,0,%ClassName%
    HKR,,Icon,,-5

    [SourceDisksNames]
    1 = %DiskId1%,,,""

    [SourceDisksFiles]
    ECHO.sys = 1,,

    ;*****************************************
    ; ECHO Install Section
    ;*****************************************

    [Manufacturer]
    %StdMfg%=Standard,NTx86

    ; Following section is meant for Windows 2000 as it
    ; cannot parse decorated model sections
    [Standard]
    ;
    ; Hw Id is root\ECHO
    ;
    %ECHO.DeviceDesc%=ECHO_Device, root\ECHO

    ; Decorated model section take precedence over undecorated
    ; ones on XP and later.
    [Standard.NTx86]
    %ECHO.DeviceDesc%=ECHO_Device, root\ECHO

    [ECHO_Device.NT]
    CopyFiles=Drivers_Dir

    [Drivers_Dir]
    ECHO.sys


    ;-------------- Service installation
    [ECHO_Device.NT.Services]
    AddService = ECHO,%SPSVCINST_ASSOCSERVICE%, ECHO_Service_Inst

    ; -------------- ECHO driver install sections
    [ECHO_Service_Inst]
    DisplayName = %ECHO.SVCDESC%
    ServiceType = 1 ; SERVICE_KERNEL_DRIVER
    StartType = 3 ; SERVICE_DEMAND_START
    ErrorControl = 1 ; SERVICE_ERROR_NORMAL
    ServiceBinary = %12%\ECHO.sys
    LoadOrderGroup = Extended Base

    ;
    ;--- ECHO_Device Coinstaller installation ------
    ;

    [DestinationDirs]
    ECHO_Device_CoInstaller_CopyFiles = 11

    [ECHO_Device.NT.CoInstallers]
    AddReg=ECHO_Device_CoInstaller_AddReg
    CopyFiles=ECHO_Device_CoInstaller_CopyFiles

    [ECHO_Device_CoInstaller_AddReg]
    HKR,,CoInstallers32,0x00010000, "wdfcoinstaller01005.dll,WdfCoInstaller"

    [ECHO_Device_CoInstaller_CopyFiles]
    wdfcoinstaller01005.dll

    [SourceDisksFiles]
    wdfcoinstaller01005.dll=1 ; make sure the number matches with
    SourceDisksNames

    [ECHO_Device.NT.Wdf]
    KmdfService = ECHO, ECHO_wdfsect
    [ECHO_wdfsect]
    KmdfLibraryVersion = 1.5


    [Strings]
    SPSVCINST_ASSOCSERVICE= 0x00000002
    MSFT = "Microsoft"
    StdMfg = "(Standard system devices)"
    DiskId1 = "WDF Sample ECHO Installation Disk #1"
    ECHO.DeviceDesc = "Sample WDF ECHO Driver"
    ECHO.SVCDESC = "Sample WDF ECHO Service"
    ClassName = "Sample Device"
     
    Joerg Hoppe, Sep 4, 2006
    #1
    1. Advertisements

  2. the coinstaller dll has to be a part of the package that you create&sign.

    d

    --
    Please do not send e-mail directly to this alias. this alias is for
    newsgroup purposes only.
    This posting is provided "AS IS" with no warranties, and confers no rights.


     
    Doron Holan [MS], Sep 4, 2006
    #2
    1. Advertisements

  3. Joerg Hoppe

    Joerg Hoppe Guest

    it is!
     
    Joerg Hoppe, Sep 4, 2006
    #3
  4. Did you add the certificate you created to the Trusted Root store on your
    machine?

    User certmgr.exe to add your certificate to the Trusted Root and Trusted
    Publisher store on your machine.

    Look at ..\bin\selfsign\selfsign_example.cmd for syntax.

    -Jennifer
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jennifer Stepler [MSFT], Sep 29, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.