Driver doesn't load when built from source
mark0n opened this issue · comments
I noticed that when I download the v0.1 binary package everything works fine but when I build the driver ("v0.1" tag) from source it installs happily ("Installation completed successfully") but doesn't seem to load. Here are the steps I followed to build the driver:
- Download and install the Windows Driver Kit for Windows 10, version 2004
- git clone https://github.com/maharmstone/winmd.git
- Build the project by running
cd winmd mkdir build cd build cmake .. cmake --build . --config RelWithDebInfo --parallel
- Copy the relevant files into the right place
mkdir package\x64 cp .\RelWithDebInfo\* .\package\x64\ cp ..\src\winmd.inf .\package\
- Create catalog file
Inf2Cat /driver:package /os:10_X64
- Sign catalog file
signtool sign /sha1 <SHA1 of signing key> /t http://timestamp.comodoca.com/authenticode package\winmd.cat
"Official" information on how to build the driver is very sparse and I'm not a Windows expert. I would appreciate if someone with a little more Windows development experience could give me a hint.
Is this a signing key that Microsoft likes? If not, you'll have to enable test mode for your OS.
Thanks, @maharmstone, I appreciate your help. It seems like there's indeed some sort of a problem with the signature: I'm getting event ID 5038.
I'm positive my signing key works for applications but I'm not sure if it is sufficient for signing a kernel-mode driver. Can anyone point me to the requirements for these signing keys so I can check whether mine fulfills them?
@maharmstone can you confirm that the command I'm using for signing the catalog file (see above) should work?
As far as I'm aware there's no difference between keys for applications and keys for drivers (which isn't what Microsoft says!). What version of Windows is this?
@maharmstone can you confirm that the command I'm using for signing the catalog file (see above) should work?
It looks okay to me. I don't think I ever automated it for winmd, but if it helps this is my sign.bat for btrfs:
signtool sign /ph /ac "C:\Program Files (x86)\Windows Kits\10\crosscertificates\ctnca.crt" /tr http://timestamp.digicert.com /sha1 D82F44DA9917B64C8A0117E6C3B2AB896F2B6A09 x86\btrfs.sys x86\shellbtrfs.dll x86\ubtrfs.dll x86\mkbtrfs.exe x64\btrfs.sys x64\shellbtrfs.dll x64\ubtrfs.dll x64\mkbtrfs.exe arm\btrfs.sys arm\shellbtrfs.dll arm\ubtrfs.dll arm\mkbtrfs.exe aarch64\btrfs.sys aarch64\shellbtrfs.dll aarch64\ubtrfs.dll aarch64\mkbtrfs.exe
inf2cat /driver:. /os:XP_X86,XP_X64,Vista_X86,Vista_X64,7_X86,7_X64,8_X86,8_X64,8_ARM,6_3_X86,6_3_X64,6_3_ARM,10_X86,10_X64
signtool sign /tr http://timestamp.digicert.com /sha1 D82F44DA9917B64C8A0117E6C3B2AB896F2B6A09 btrfs.cat
It might be that you've not signed the sys file as well as the cat file - I think you need to sign both.