Unsigned Driver Packaging

Assumption: You have the .inf file and the .sys file. Sometimes you don’t even have the .sys file.

Packaging Tool: Wise Packaging Studio 8.0 (You can also do it using ORCA or InstallShield). Need the DIFx Merge Module. Copy the Merge Module into the …\Wise Share Point\Merge Modules folder.

Driver Tools: Download MS Platform 2003 SP1 SDK and MS Windows Driver SDK v7 (Need dpinst.exe and Inf2Cat.exe). Need the following files.

Steps to create the certificate and catalog file

Step 1

Run the following command

Makecert.exe-r-svXYZGGC.pvk-n"CN=XYZGGC" XYZGGC.cer

Provide a password twice; make sure it’s not a strong password. I have used password as the password

XYZGGC.cer and XYZGGC.pvk will be created.

Step 2

Run the following command

Cert2spc.exe XYZGGC.cer XYZGGC.spc

It creates XYZGGC.spc

Step 3

Run the following command (the password needs to be same as the above)

Pvk2pfx.exe-pvkXYZGGC.pvk-pipassword-spcXYZGGC.spc-pfxXYZGGC.pfx-popassword

Creates an XYZGGC.pfx file.

Step 4: Creating catalog file for the driver

Run the following command

Inf2cat /driver:" C:\UnsignedDriver\Drivers" /os:7_x86,XP_X86 /verbose

You might get some errors

 

Some common errors and fixes:

For Win7 date should be after 4/21/2009.

Add the entry CatalogFile.ntx86=DhrunAK128.cat after the DriverVer. DhrunAK128 is the same name as the inf file.

If the driver comes with addition files, then they have to be added under the [SourceDisksFiles] in the inf file.

So you have a catalog file dhrunak128.cat

Step 5: Signing the catalog file

Run the following command

Signtool sign /f XYZGGC.pfx /p password /t

http://timestamp.verisign.com/scripts/timestamp.dll /v

C:\UnsignedDriver\Drivers\dhrunak128.cat

Needs the same password as used earlier on.

Now we have a signed off certificate for the catalog file.

 

Making the Driver Package using Wise Packaging Studio

 

Open Wise Packaging Studio

Select Windows Installer Editor

Select Device Driver

Rename the Default Feature(Complete) as DriverDriver

Go to Merge Module and add the DIFxApp Merge Module in the feature Driver. Next > Finish

 
 Create a folder with a name of your choice under program file for the driver files and make it the INSTALLDIR.

In case of multiple drivers create separate folders for each one inside the INSTALLDIR. Make sure that the files are not in the same folder.

Now add the .inf, .sys, .cat and other files(following the same folder order as supplied by the vendor) in the respective driver folders.

Now go the components of the .inf files and make sure that the .inf files are the key files for the components.

Now click on the .inf file of one driver and select details.

Now go to Drivers and tick the Use DIFApp to install this driver file box.

 

Do the same for the other drivers. You can see the Driver Installation Order as you keep on adding driver installation.

Now for Unsigned Drivers you need to import the certificates before installing the drivers.

For this you need to write a custom action and also add the certificate manager and the certificate (created above) in the installation.

Create a folder under the INSTALLDIR named Cert and put the CertMgr.exe and the XYZGGC.cer in the folder.

Now go to MSI Script and you need to add two custom actions.

The CA should be after the BindImage Action. Add an End Statement.

Now Select Execute Program from Installed Files.

Give a Name, Call the CertMgr.exe by browsing to the required target folder inside installation.

Add the command line

-add“C:\Program Files\******\Cert\XYZGGC.cer”-s-rLocalMachine TRUSTEDPUBLISHER

For properties select, Deferred Execution in System Context and Synchronous , Ignore Exit code.

 

Just after this Custom action add another similar Custom Action with a different Command Line Argument

-add“C:\Program Files\*****\Cert\XYZGGC.cer”-s-rLocalMachine ROOT

Add an End Statement.

Now compile the WPS Project file to get a msi.

Now open the msi with WPS.

Go to the InstallExecuteSequence Table.

Make sure that the sequence number for MsiProcessDrivers is higher than the Custom action you have created to import the certificates.

Recompile the MSI.