Unsigned Driver Packaging
Assumption: You have the .inf file and the .sys file. Sometimes you don’t even have the .sys file.
Packaging Tool: Wise Packaging Studio 8.0 (You can also do it using ORCA or InstallShield). Need the DIFx Merge Module. Copy the Merge Module into the …\Wise Share Point\Merge Modules folder.
Driver Tools: Download MS Platform 2003 SP1 SDK and MS Windows Driver SDK v7 (Need dpinst.exe and Inf2Cat.exe). Need the following files.
Steps to create the certificate and catalog file
Step 1
Run the following command
Makecert.exe-r-svXYZGGC.pvk-n"CN=XYZGGC" XYZGGC.cer
Provide a password twice; make sure it’s not a strong password. I have used password as the password
XYZGGC.cer and XYZGGC.pvk will be created.
Step 2
Run the following command
Cert2spc.exe XYZGGC.cer XYZGGC.spc
It creates XYZGGC.spc
Step 3
Run the following command (the password needs to be same as the above)
Pvk2pfx.exe-pvkXYZGGC.pvk-pipassword-spcXYZGGC.spc-pfxXYZGGC.pfx-popassword
Creates an XYZGGC.pfx file.
Step 4: Creating catalog file for the driver
Run the following command
Inf2cat /driver:" C:\UnsignedDriver\Drivers" /os:7_x86,XP_X86 /verbose
You might get some errors
Some common errors and fixes:
For Win7 date should be after 4/21/2009.
Add the entry CatalogFile.ntx86=DhrunAK128.cat after the DriverVer. DhrunAK128 is the same name as the inf file.
If the driver comes with addition files, then they have to be added under the [SourceDisksFiles] in the inf file.
So you have a catalog file dhrunak128.cat
Step 5: Signing the catalog file
Run the following command
Signtool sign /f XYZGGC.pfx /p password /t
http://timestamp.verisign.com/scripts/timestamp.dll /v
C:\UnsignedDriver\Drivers\dhrunak128.cat
Needs the same password as used earlier on.
Now we have a signed off certificate for the catalog file.
Making the Driver Package using Wise Packaging Studio
Open Wise Packaging Studio
Select Windows Installer Editor
Select Device Driver
Rename the Default Feature(Complete) as DriverDriver
Go to Merge Module and add the DIFxApp Merge Module in the feature Driver. Next > Finish
In case of multiple drivers create separate folders for each one inside the INSTALLDIR. Make sure that the files are not in the same folder.
Now add the .inf, .sys, .cat and other files(following the same folder order as supplied by the vendor) in the respective driver folders.
Now go the components of the .inf files and make sure that the .inf files are the key files for the components.
Now click on the .inf file of one driver and select details.
Now go to Drivers and tick the Use DIFApp to install this driver file box.
Do the same for the other drivers. You can see the Driver Installation Order as you keep on adding driver installation.
Now for Unsigned Drivers you need to import the certificates before installing the drivers.
For this you need to write a custom action and also add the certificate manager and the certificate (created above) in the installation.
Create a folder under the INSTALLDIR named Cert and put the CertMgr.exe and the XYZGGC.cer in the folder.
Now go to MSI Script and you need to add two custom actions.
The CA should be after the BindImage Action. Add an End Statement.
Now Select Execute Program from Installed Files.
Give a Name, Call the CertMgr.exe by browsing to the required target folder inside installation.
Add the command line
-add“C:\Program Files\******\Cert\XYZGGC.cer”-s-rLocalMachine TRUSTEDPUBLISHER
For properties select, Deferred Execution in System Context and Synchronous , Ignore Exit code.
Just after this Custom action add another similar Custom Action with a different Command Line Argument
-add“C:\Program Files\*****\Cert\XYZGGC.cer”-s-rLocalMachine ROOT
Add an End Statement.
Now compile the WPS Project file to get a msi.
Now open the msi with WPS.
Go to the InstallExecuteSequence Table.
Make sure that the sequence number for MsiProcessDrivers is higher than the Custom action you have created to import the certificates.
Recompile the MSI.
Comments