Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Steps to get PCIe driver signed for Windows 10

BrianDColoradoBrianDColorado Member Posts: 8

We have a 32-bit and 64-bit PCIe drivers that we developed using the Jungo software (https://www.jungo.com/st/products/windriver/). We have purchased an EV from Sertico. At this point we have the USB token and can access it from SafeNet. My question is, what are the next steps to getting this signed so that our customers can use it on Windows 10?

Do I use SafeNet to create a certificate that I then register on MS Partner portal?

Do I send the DLL's to MS?

As you can see, I am currently lost in what to do.

Thanks for any help.

Brian

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,349

    Have you created your dashboard account yet? When you create your dashboard account, they will have you download a file. You then sign the file with your EV certificate and send it back. That's how you register a certificate. There are a number of hoops to jump through, including the signing of a number of legal documents.

    https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/register-for-the-hardware-program

    Once your account is set up, you will need to create a driver package (SYS, INF, CAT). You put all of those into a "cabinet" file, sign the cabinet, and upload it for attestation signing.

    https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • BrianDColoradoBrianDColorado Member Posts: 8

    Tim, thank you so much for the information. I'll give it a try.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,996

    Peter Viscarola
    OSR
    @OSRDrivers

  • BrianDColoradoBrianDColorado Member Posts: 8

    @Peter_Viscarola_(OSR) I read your article. I really wish it was so easy...but for me, I'm not getting it. @Tim_Roberts, I have the CERT key in the computer. I can open and view the information in it using SafetNet Authentication Tools. How do I 'sign' a file using it?

  • BrianDColoradoBrianDColorado Member Posts: 8

    Sorry, forgot to add something. @Peter_Viscarola_(OSR) I tried to make an account on Microsoft Hardware Dev Center. Seemed like my MS account is not administrator? How do I use the EV Cert to sign-up for the account on MHDC?

    Thanks so much.

    Brian

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,996

    I tried to make an account on Microsoft Hardware Dev Center. Seemed like my MS account is not administrator?

    Ah, well, there IS a problem that's been discussed here just recently. Does this discussion sound like the problem you're having. If so, perhaps the OP in that discussion can advise if/how he fixed it.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,349
    edited November 2021

    How do I 'sign' a file using it?

    You fetch the certificate's thumbprint (a 24-byte value; the SafeNet client will show you this), and provide that as the /sha1 parameter to signtool sign, or to the <ProductionCertificate> value in your vcxproj file.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • BrianDColoradoBrianDColorado Member Posts: 8

    Hello. I was able to create a CAB file finally, and submitted it. It comes back with "failed" with this error:

    "InfVerif failed for Driver. Partial Log:Error 1233 in StKvdPCIe3264.inf, line 13 : Missing directive CatalogFile required for digital signature."

    There was a Catalog = statement that pointed to a CAT file in my DDF. I removed it, then tried a different name. I still get this same exact error message when resibmitting.

    Any ideas?

    Thanks, Brian

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,349

    The directive is CatalogFile, not Catalog. It is absolutely required, and has been since Windows 8.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • BrianDColoradoBrianDColorado Member Posts: 8

    Thank you, @Tim Roberts

  • BrianDColoradoBrianDColorado Member Posts: 8

    Hello again. It was "CatalogFile" in my INF file. Any other ideas? Or maybe how to debug this? Thanks.

  • BrianDColoradoBrianDColorado Member Posts: 8

    @Tim_Roberts I have made it further in the process now.

    This is the last error message I received from the CAB submission:

    No installation INF found in the root path of the driver. For the driver to be digitally signed, and for it to install properly the installation inf must be in the root of each driver path you have provided. If you have separate folders with different driver packages for different languages, operating systems or device categories then specify each driver set as a separate driver. Each driver package must be selected separately and must contain an installation INF.

    Not sure what I need to do.

    I tried to upload my DFF file and could not. Same with n image for the DFF file.

    Thanks, Brian

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,996

    The required layout of the CAB often confuses people the first time they go through the process.

    You can see an example here of how it needs to look.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,349

    Right. Even if there is only one driver package in the cabinet, it must be in a subdirectory. That subdirectory need your SYS and your INF.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Jason_T.Jason_T. Member Posts: 98

    @BrianDColorado said:
    Not sure what I need to do.

    I tried to upload my DFF file and could not. Same with n image for the DFF file.

    You can find a simple sample DDF here: https://kerneldrivers.com/dual-signed-binaries-windows-7-beyond/

  • Mark_RoddyMark_Roddy Member - All Emails Posts: 4,552

    Here is a powershell script that constructs the cab using makecab from a generated ddf file.

    param(
        [string] $name,
        [string] $path,
        [string[]] $files,
        [switch] $keepFiles
    )
    $ErrorActionPreference = 'Stop'
    $ret = 0
    $pushValue = $null
    try {
        if (-Not (test-path $path)) {
            throw "$path not found"
        }
    
        $pushValue = Push-Location $path
        $tempFiles = @(".\setup.inf",".\setup.rpt",".\$($name).ddf")
    
        $t = @"
    .OPTION EXPLICIT     ; Generate errors
    .Set CabinetFileCountThreshold=0
    .Set FolderFileCountThreshold=0
    .Set FolderSizeThreshold=0
    .Set MaxCabinetSize=0
    .Set MaxDiskFileCount=0
    .Set MaxDiskSize=0
    .Set CompressionType=MSZIP
    .Set Cabinet=on
    .Set Compress=on
    .Set CabinetNameTemplate=$($name).cab
    .Set DiskDirectoryTemplate=$((resolve-path $path).Path)
    .Set DestinationDir=Driver
    "@
        foreach  ($file in $files) {
            if (-Not (test-path $file)) {
                throw "$file not found"
            }
            $t += "`r`n$((resolve-path $file).Path)"
        }
        $t += "`r`n"
        $t | set-content -path "$path\$($name).ddf" -Force
        if ($verbose) {
            & makecab /f "$path\$($name).ddf" -V3
        } else {
            $null = & makecab /f "$path\$($name).ddf"
        }
        $ret = $LastExitCode
    
        if (!$keepFiles) {
            $tempFiles | foreach-Object {
                if (Test-Path $_ ) {
                    Remove-Item -Path $_ -Force
                }
            }
        }
    }
    catch {
        "Exception: $($Error[0])"
        $ret = 1
    } 
    finally {
        if ($pushValue) {
            pop-location
        }
        exit $ret
    }
    
    
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 12 September 2022 Live, Online
Internals & Software Drivers 23 October 2022 Live, Online
Kernel Debugging 14 November 2022 Live, Online
Developing Minifilters 5 December 2022 Live, Online