Changes between Version 24 and Version 25 of BuildingTapWindows6


Ignore:
Timestamp:
04/19/18 13:17:48 (6 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • BuildingTapWindows6

    v24 v25  
    55Generic build instructions for tap-windows6 [https://github.com/OpenVPN/tap-windows6/blob/master/README.rst are available] in it's Git repo. This page contains additional information that is more generic and not really suitable for inclusion in the main documentation.
    66
    7 = Codesigning requirements =
     7= Generic requirements =
    88
    99Getting the [https://msdn.microsoft.com/en-us/library/windows/hardware/ff686697%28v=vs.85%29.aspx Authenticode signatures] right so that all Windows versions detect them can be quite tricky. This seems to be particularly true for kernel-mode driver packages. The Authenticode signatures have a few requirements:
     
    1616The build computer should have WinDDK 7600.* installed, because currently buildtap.py does not work on anything newer.
    1717
    18 == Supporting Windows Vista ==
     18= Building with support for Windows Vista =
    1919
    2020If the driver has to support Windows Vista or very old Windows 7 versions it has to have two signatures:
     
    103103If this process sounds complicated, that's because it is. At some point would make sense to adapt buildtap.py to add both signatures automatically, which would simplify the process dramatically. However, that would require porting buildtap.py to Windows Kit 10, which would require a non-trivial amount of work.
    104104
    105 = Supporting Windows 7 and later =
    106 
    107 '''TODO'''
     105= Building for Windows 7 and later =
     106
     107Any relatively recent Windows 7 installation supports SHA2 Authenticode signatures. This means that the laborious and fragile dual-signature process can be avoided. You only need the EV SHA2 kernel-mode code-signing certificate, which probably comes in the form of a dongle that integrated with Windows certificate store. Optionally you may sign the tap-windows6 installer with a non-EV SHA2 code-signing certificate.
     108
     109The build process is somewhat easier than with dual signatures.
     110
     111'''On build computer'''
     112
     113'''On code-signing computer'''
    108114
    109115= Useful commands =