107 | | The next steps are |
108 | | * Generate a cabinet file as described [https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release here]. |
109 | | * ''You have to'' put the driver files into one or more directories in the cabinet file as shown in the example diagram [https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release here]. If you don't, cabinet file verification will fail. |
110 | | * Sign the cabinet file with the EV dongle using signtool.exe |
111 | | * Submit the cabinet file to Windows Dev Center to obtain an attestation signature |
| 107 | Add a DDF file which is used to create the cabinet file. For example: |
| 108 | |
| 109 | {{{ |
| 110 | ; tap-windows6.ddf |
| 111 | ; |
| 112 | .OPTION EXPLICIT ; Generate errors |
| 113 | .Set CabinetFileCountThreshold=0 |
| 114 | .Set FolderFileCountThreshold=0 |
| 115 | .Set FolderSizeThreshold=0 |
| 116 | .Set MaxCabinetSize=0 |
| 117 | .Set MaxDiskFileCount=0 |
| 118 | .Set MaxDiskSize=0 |
| 119 | .Set CompressionType=MSZIP |
| 120 | .Set Cabinet=on |
| 121 | .Set Compress=on |
| 122 | ;Specify file name for new cab file |
| 123 | .Set CabinetNameTemplate=tap-windows6.cab |
| 124 | ;Specify files to be included in cab file |
| 125 | .Set DestinationDir=i386 |
| 126 | C:\users\sign\opt\sign-tap6\tap6\i386\tap0901.sys |
| 127 | C:\users\sign\opt\sign-tap6\tap6\i386\OemVista.inf |
| 128 | .Set DestinationDir=amd64 |
| 129 | C:\users\sign\opt\sign-tap6\tap6\amd64\tap0901.sys |
| 130 | C:\users\sign\opt\sign-tap6\tap6\amd64\OemVista.inf |
| 131 | .Set DestinationDir=arm64 |
| 132 | C:\users\sign\opt\sign-tap6\tap6\arm64\tap0901.sys |
| 133 | C:\users\sign\opt\sign-tap6\tap6\arm64\OemVista.inf |
| 134 | }}} |
| 135 | |
| 136 | Generate the cabinet file: |
| 137 | |
| 138 | {{{ |
| 139 | makecab.exe /f "C:\Users\sign\opt\sign-tap6\tap-windows6.ddf" |
| 140 | }}} |
| 141 | |
| 142 | This puts the cabinet file to a subdirectory called "disk1". Then sign the cabinet file, adapting the parameters as needed: |
| 143 | |
| 144 | {{{ |
| 145 | SignTool sign /ac "C:\Users\sign\opt\sign-tap6\digicert-high-assurance-ev.crt" /s MY /n "OpenVPN" /fd sha256 /tr http://timestamp.digicert.com /td sha256 /v "C:\Users\sign\opt\sign-tap6\disk1\tap-windows6.cab" |
| 146 | }}} |
| 147 | |
| 148 | Now you have a signed cabined file. |
| 149 | |
| 150 | Finally submit the signed cabined file to Windows Dev Center for attestation signing. |
| 151 | |
| 152 | For more generic instructions and more details please refer to the [https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release official MS documentation] on attestation signing. |