Changes between Version 37 and Version 38 of BuildingTapWindows6


Ignore:
Timestamp:
04/05/19 12:41:32 (5 years ago)
Author:
Samuli Seppänen
Comment:

Add more practical instructions for Windows 10 attestation signing

Legend:

Unmodified
Added
Removed
Modified

  • BuildingTapWindows6

    v37 v38  
    105105}}}
    106106
    107 The next steps are
    108 * Generate a cabinet file as described [https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release here].
    109   * ''You have to'' put the driver files into one or more directories in the cabinet file as shown in the example diagram [https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release here]. If you don't, cabinet file verification will fail.
    110 * Sign the cabinet file with the EV dongle using signtool.exe
    111 * Submit the cabinet file to Windows Dev Center to obtain an attestation signature
     107Add a DDF file which is used to create the cabinet file. For example:
     108
     109{{{
     110; tap-windows6.ddf
     111;
     112.OPTION EXPLICIT     ; Generate errors
     113.Set CabinetFileCountThreshold=0
     114.Set FolderFileCountThreshold=0
     115.Set FolderSizeThreshold=0
     116.Set MaxCabinetSize=0
     117.Set MaxDiskFileCount=0
     118.Set MaxDiskSize=0
     119.Set CompressionType=MSZIP
     120.Set Cabinet=on
     121.Set Compress=on
     122;Specify file name for new cab file
     123.Set CabinetNameTemplate=tap-windows6.cab
     124;Specify files to be included in cab file
     125.Set DestinationDir=i386
     126C:\users\sign\opt\sign-tap6\tap6\i386\tap0901.sys
     127C:\users\sign\opt\sign-tap6\tap6\i386\OemVista.inf
     128.Set DestinationDir=amd64
     129C:\users\sign\opt\sign-tap6\tap6\amd64\tap0901.sys
     130C:\users\sign\opt\sign-tap6\tap6\amd64\OemVista.inf
     131.Set DestinationDir=arm64
     132C:\users\sign\opt\sign-tap6\tap6\arm64\tap0901.sys
     133C:\users\sign\opt\sign-tap6\tap6\arm64\OemVista.inf
     134}}}
     135
     136Generate the cabinet file:
     137
     138{{{
     139makecab.exe /f "C:\Users\sign\opt\sign-tap6\tap-windows6.ddf"
     140}}}
     141
     142This puts the cabinet file to a subdirectory called "disk1". Then sign the cabinet file, adapting the parameters as needed:
     143
     144{{{
     145SignTool sign /ac "C:\Users\sign\opt\sign-tap6\digicert-high-assurance-ev.crt" /s MY /n "OpenVPN" /fd sha256 /tr http://timestamp.digicert.com /td sha256 /v "C:\Users\sign\opt\sign-tap6\disk1\tap-windows6.cab"
     146}}}
     147
     148Now you have a signed cabined file.
     149
     150Finally submit the signed cabined file to Windows Dev Center for attestation signing.
     151
     152For more generic instructions and more details please refer to the [https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release official MS documentation] on attestation signing.
    112153
    113154= Useful commands =