Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting... Please check out the Community Guidelines in the
Announcements and Administration Category, below.

Attestation signing a kernel service (non PnP) driver

matt_sykesmatt_sykes Posts: 233
ie no inf file. How do you submit it for signing?

Sysdev just pointed me back to the stock documentation, which says submit the sys and inf file in a cab file, ie, useless, as always.

So how does one submit it?

Thanks in advance for any help on this.

Comments

  • Bill_WandelBill_Wandel Posts: 204
    You can create an inf file even though you don't use it.

    Bill Wandel

    -----Original Message-----
    From: xxxxx@lists.osr.com <xxxxx@lists.osr.com>
    On Behalf Of xxxxx@hotmail.com
    Sent: Wednesday, March 14, 2018 5:20 AM
    To: Windows System Software Devs Interest List <xxxxx@lists.osr.com>
    Subject: [ntdev] Attestation signing a kernel service (non PnP) driver

    ie no inf file. How do you submit it for signing?

    Sysdev just pointed me back to the stock documentation, which says submit
    the sys and inf file in a cab file, ie, useless, as always.

    So how does one submit it?

    Thanks in advance for any help on this.

    ---
    NTDEV is sponsored by OSR

    Visit the list online at:
    <http://www.osronline.com/showlists.cfm?list=ntdev>;

    MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
    drivers!
    Details at <http://www.osr.com/seminars>;

    To unsubscribe, visit the List Server section of OSR Online at
    <http://www.osronline.com/page.cfm?name=ListServer>;
  • matt_sykesmatt_sykes Posts: 233
    OK, I thought that was probably the way to do it. So I guess this results in a signed cat file rather than signing the sys file itself.

    Shame sysdev cant sign sys file on its own without needing an inf file.

    Thanks Bill
  • Peter_ViscarolaPeter_Viscarola Posts: 6,633
    >So I guess this results in a
    >signed cat file rather than signing the sys file itself.

    BOTH get signed -- the CAT and the SYS file.

    >Shame sysdev cant sign sys file on its own
    >without needing an inf file.

    Why? Then you'd just need to create some OTHER type of infrastructure file that describes the file to be signed. An INF file is already well know and semi-universal.

    Note that you CAN use an INF file to install a non-PnP driver:

    <https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/creating-an-inf-file-for-a-file-system-filter-driver>;

    or see the "nonPNP" sample driver that is/was in the WDK.

    Peter
    OSR
    @OSRDrivers

    Peter Viscarola
    OSR
    @OSRDrivers

  • Tim_RobertsTim_Roberts Posts: 12,566
    xxxxx@hotmail.com wrote:
    > OK, I thought that was probably the way to do it. So I guess this results in a signed cat file rather than signing the sys file itself.
    >
    > Shame sysdev cant sign sys file on its own without needing an inf file.

    Wrong.  The attestation signing creates a brand new CAT file and signs
    it, but it also signs every executable file in your package.

    --
    Tim Roberts, xxxxx@probo.com
    Providenza & Boekelheide, Inc.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!