CREATE TEST SIGN For Driver Package

The tool set is installed at the default install path which is ( in the sub of DDK)
"C:\WinDDK\7600.16385.1\bin\selfsign"

The document is here :
C:\WinDDK\7600.16385.1\bin\selfsign\selfsign_readme.htm

I list the commands which is work for me.

=== * Run once *

1. Create certification in store and create .cer file.

command : makecert -r -pe -ss xx yy.cer

xx: store name

yy:.cer file name

** No need to run it every time you do signing.

=== Regular signing actions

2. Create cat
command :
inf2cat /driver:"[Driver package directory]" /os:XP_X86,XP_X64,Vista_X86,Vista_X64

sample :
inf2cat /driver "c:\my crashable" /os:XP_X86,XP_X64,Vista_X86,Vista_X64

xxxx-> directory , the directory you want to create .cat for it. If there are multiplateform files
you can create sub folders for them, and put the main .inf in the directory root, inf2cat will
follow what is inside the main .inf to find out all dependent files.

Normally, you will have many error here at beginning, you have to fix them one by one.

3. Sign the .cat (from certificate store)
command :
signtool sign /s xx [.cat path]\zz.cat

sample :
signtool sign /s xx "c:\my crashable\zz.cat"

xx: the certification store name which is created at step 1.
zz: .cat file name which is created at step 2.

====

Verify the .cat(Option: Run this verification only when you want to)

command :
signtool verify /pa /v [.cat path]\zz.cat

sample :
signtool verify /pa /v "c:\my crashable\zz.cat"


Verify response :
Verifying: zz.cat
SHA1 hash of file: 47292D292D47DC4F9AE3E9DDBE8736DE293D1B52
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Signing Certificate Chain:
Issued to: Joe's-Software-Emporium
Issued by: Joe's-Software-Emporium
Expires: 2040/1/1 SHA1 hash: 84E76D8D1ECB4F1D2E4B92E5339D9895349D0EF6

File is not timestamped.
SignTool Error: File not valid: zz.cat

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1

Did you notice the error? Yes, It is ok. Vista accepts it. this error won't block your development.

=== Enable TEST Sign on target machine (if Vista)

4.Run Bcdedit within a Dos-prompt with "Run as an administrator"
Bcdedit.exe -set TESTSIGNING ON

arrow
arrow
    全站熱搜

    Jess 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄