|
|
Making and Signing Driver Packages
| ||||||||||||||||||||||||||
 | Driver Executable (.sys) File |
| Driver's INF (.inf) File |
Some NDIS drivers may employ additional components, such as a notify object, to be installed and to operate properly. The files associated with these additional components are referenced in the INF file.
| Additional Components Referenced in the INF, such as Notify Objects |
The signing process will add a catalog file (.cat) to the driver package. The signed catalog file is used as a digital signature for the collection of files that comprise the driver package. The catalog file includes hashes or thumbprints of each file listed in the catalog. The thumbprints are used to detect If any file in the catalog has been modified since the catalog was signed.
| Driver Package Catalog (.cat) File |
First build the WDK 6000 NDISPROT driver sample using the Windows Vista x64 Free Build Environment. Copy the driver and the companion INF file to a folder. The contents will be:
| ndisprot.inf |
| ndisprot.sys |
This is the baseline driver package for NDISPROT.
See the article Self-Signing NDIS Protocol Drivers for Windows Vista for information about using the basic signing tools and the steps used to self-sign the driver executable.
If you must create your own INF file, then the most frequently recommended strategy is to search for an existing INF for a similar driver. Then modify that INF to suit your needs.
The in-box INF files are located in the \Windows\INF folder. Of course, you must also read the WDK documentation that specifies the INF layout and usage.
Once you have a basic INF file the next step is to begin the iterative process of verifying that it is correct. Use the WDK ChkINF tool to verify the structure and syntax of your setup information and make iterative changes until there are no warnings or errors.
| Use ChkINF to verify the structure and syntax of your INF file. ChkINF is included in the WDK. |
This note uses the NDISPROT INF file from the WDK. When ChkINF is run on this INF file there are (thankfully...) no reported errors or warnings.
Even though ChkINF reports no warnings or errors on NDISPROT.INF, there are changes to be made.
The second change is because the DriverVer date must later than an arbitrary date loosely tied to the release of the OS version for outside testing. For example, Vista drivers must have a DriverVer date after 04/01/2006 or they cannot be signed.
The modified Version section of the NDIS 6 NDISPROT driver is shown below. Fields highlighted in red have been changes from the stock WDK version.
[version]
Signature = "$Windows NT$"
Class = NetTrans
ClassGUID = {4d36e975-e325-11ce-bfc1-08002be10318}
Provider = %Msft%
DriverVer = 11/22/2006,6.0.5019.0
CatalogFile = NDISPROT.cat
There are several tools that can be used to make the catalog file for the driver package:
| MakeCat Tool - Makes an unsigned catalog file for files listed in
a catalog definition file (.cdf). MakeCat is included in the
WDK. See: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/using_makecat.asp |
| Inf2Cat Tool - Is a standalone tool that verifies driver packages
are valid by executing signability tests. Inf2Cat will transfer INF’s
into a catalog file format. Inf2Cat is a stand-alone tool that is
part of the Winqual Submission Tool. See: https://winqual.microsoft.com/Help/Inf2cat_FAQ.htm |
| Signability Tool - Signability checks driver package INF
files for structural errors and verifies that a driver package can be
digitally signed. The tool can optionally generate a catalog file. The
Signability tool is included in the WDK. See: http://msdn2.microsoft.com/en-us/library/aa906345.aspx |
The MakeCat tool is only sparsely documented, and involves making a catalog definition file (.cdf) file using a text editor. There is only one short example of a .CDF file and very little guidance. Nevertheless, MakeCat certainly works as advertised and .CDF files seem to actually require no more documentation than Microsoft has chosen to provide.
Inf2Cat, as well as the Signability tool, both read the INF file to extract the information necessary to build the catalog file. This eliminates the need to even bother with the .CDF file.
Early on I used the Signability tool to generate catalog files. It has a GUI interface as well as a command-line interface. It does get the job done, but leaves result logs in an open Notepad window. This is a nuisance if you are building and signing multiple drivers.
A note on OSR
Online
suggested using Inf2Cat, and it is better for making multiple catalog
files in an automated build environment.
If you actually encounter a need to make a driver package submission to WHQL, then you must use Signability,
Regardless of which tool you use, you will generate a NDISPROT.CAT file that becomes a new member of your driver package.
The steps described in the article Self-Signing NDIS Protocol Drivers for Windows Vista are used to self-sign the catalog file.
You may need to test installation many times on a fresh image of the operating system.
|
Topic Status |
|
| September 14, 2009 | Reviewed. |
| November 22, 2006 | Initial release. |
|
PCAUSA Home
· Privacy Statement ·
Products · Ordering · Support ·
Utilities ·
Resources
|
