Driver doesn't load when built from source

Question

Driver doesn't load when built from source

mark0n opened this issue 2 years ago · comments

I noticed that when I download the v0.1 binary package everything works fine but when I build the driver ("v0.1" tag) from source it installs happily ("Installation completed successfully") but doesn't seem to load. Here are the steps I followed to build the driver:

Download and install the Windows Driver Kit for Windows 10, version 2004
git clone https://github.com/maharmstone/winmd.git

Build the project by running

cd winmd
mkdir build
cd build
cmake ..
cmake --build . --config RelWithDebInfo --parallel

Copy the relevant files into the right place

mkdir package\x64
cp .\RelWithDebInfo\* .\package\x64\
cp ..\src\winmd.inf .\package\

Create catalog file
```
Inf2Cat /driver:package /os:10_X64
```

Sign catalog file

signtool sign /sha1 <SHA1 of signing key> /t http://timestamp.comodoca.com/authenticode package\winmd.cat

"Official" information on how to build the driver is very sparse and I'm not a Windows expert. I would appreciate if someone with a little more Windows development experience could give me a hint.

Mark Harmstone · Answer 1 · Tue Jun 28 2022 00:52:14 GMT+0800 (China Standard Time)

Is this a signing key that Microsoft likes? If not, you'll have to enable test mode for your OS.

Martin Konrad · Answer 2 · Thu Jun 30 2022 01:18:26 GMT+0800 (China Standard Time)

Thanks, @maharmstone, I appreciate your help. It seems like there's indeed some sort of a problem with the signature: I'm getting event ID 5038.

I'm positive my signing key works for applications but I'm not sure if it is sufficient for signing a kernel-mode driver. Can anyone point me to the requirements for these signing keys so I can check whether mine fulfills them?

@maharmstone can you confirm that the command I'm using for signing the catalog file (see above) should work?

Mark Harmstone · Answer 3 · Thu Jun 30 2022 01:28:17 GMT+0800 (China Standard Time)

As far as I'm aware there's no difference between keys for applications and keys for drivers (which isn't what Microsoft says!). What version of Windows is this?

@maharmstone can you confirm that the command I'm using for signing the catalog file (see above) should work?

It looks okay to me. I don't think I ever automated it for winmd, but if it helps this is my sign.bat for btrfs:

signtool sign /ph /ac "C:\Program Files (x86)\Windows Kits\10\crosscertificates\ctnca.crt" /tr http://timestamp.digicert.com /sha1 D82F44DA9917B64C8A0117E6C3B2AB896F2B6A09 x86\btrfs.sys x86\shellbtrfs.dll x86\ubtrfs.dll x86\mkbtrfs.exe x64\btrfs.sys x64\shellbtrfs.dll x64\ubtrfs.dll x64\mkbtrfs.exe arm\btrfs.sys arm\shellbtrfs.dll arm\ubtrfs.dll arm\mkbtrfs.exe aarch64\btrfs.sys aarch64\shellbtrfs.dll aarch64\ubtrfs.dll aarch64\mkbtrfs.exe
inf2cat /driver:. /os:XP_X86,XP_X64,Vista_X86,Vista_X64,7_X86,7_X64,8_X86,8_X64,8_ARM,6_3_X86,6_3_X64,6_3_ARM,10_X86,10_X64
signtool sign /tr http://timestamp.digicert.com /sha1 D82F44DA9917B64C8A0117E6C3B2AB896F2B6A09 btrfs.cat

It might be that you've not signed the sys file as well as the cat file - I think you need to sign both.