Windows Driver Signing

Posted on March 16, 2011 by

I decided to write a techie themed blog for once as this is my field of interest. Unusually for me I decided to make this a Windows article.

Driver signing in 64-bit Windows is a real pain. I’m unsure why Microsoft decided this would be a good idea unless their main aim was to further disadvantage people who create free software. Thanks to this driver signing requirement, if you write a Windows driver for some piece of hardware you either have to shell out several hundered of your hard-earned monies for an accepted code-signing certificate or expect people to run Windows in test-mode. This second option removes any advantage Microsoft may feel they introduced by adding the signing requirement.

I recently had to take a self signed MSI and put an accepted signature on it so the FlexiScale Windows images can load the drivers at boot time. Here’s how I did it.

  • Download the MSI file and put it somewhere useful
  • Install Windows Driver Kit from http://www.microsoft.com/whdc/devtools/wdk/wdkpkg.mspx
  • Install Qwerty.Msi from http://www.qwerty-msi.com/
  • In Qwerty.Msi go to File → Open and open the original MSI file. This will unpack the files to a folder called $FILENAME.Sources.
  • Delete any exisiting “.cer” files
  • Open a Windows Driver Kit shell (Start → All Programs → Windows Driver Kits → WDK 7600.16385.1 → Build Environments → Windows Vista and Windows Server 2008 → x64 Free Build Environment).
  • In the driver kit shell create new catalog files with the inf2cat command (example below is for the Xen GPLPV drivers, your paths will vary)
cd c:\Users\iwatson\Downloads
inf2cat /os:Server2008_X64,Server2008R2_X64 ^
        /driver:"gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xennet"
inf2cat /os:Server2008_X64,Server2008R2_X64 ^
        /driver:"gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenpci"
inf2cat /os:Server2008_X64,Server2008R2_X64 ^
        /driver:"gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenscsi"
inf2cat /os:Server2008_X64,Server2008R2_X64 ^
        /driver:"gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenusb"
inf2cat /os:Server2008_X64,Server2008R2_X64 ^
        /driver:"gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenvbd"
  • Because of some issue between Microsoft and Verisign’s Certificates you may need to follow the instructions at https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO16565&actp=search&viewlocale=en_US to add the alternative intermediate cert from Verisign.
  • Download the Verisign cross-certificate from http://www.microsoft.com/whdc/driver/install/drvsign/crosscert.mspx. You need to remember where this unpacks as you need to supply the name as the /ac argument to signtool later.
  • Get the SHA1 thumbprint of the key you want to use to sign the drivers.
    • Start → mmc → File → Add/Remove Snap-in… → Certificates → Add → Finish → OK
    • Go To Certificates – Current User → Personal → Certificates
    • Double Click on certificate you want to use
    • On Details tab scroll to bottom and click Thumbprint. This will display the hex you need for the /sha1 command line option below.
  • Sign the catalog files
signtool sign /v /t http://timestamp.verisign.com/scripts/timestamp.dll ^
        /sha1 $hex_string_from_sha1_section /ac "C:\Users\iwatson\Downloads\MSCV-VSClass3\MSCV-VSClass3.cer" ^
        "gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xennet\xennet.cat"
signtool sign /v /t http://timestamp.verisign.com/scripts/timestamp.dll ^
        /sha1 $hex_string_from_sha1_section /ac "C:\Users\iwatson\Downloads\MSCV-VSClass3\MSCV-VSClass3.cer" ^
        "gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenpci\xenpci.cat"
signtool sign /v /t http://timestamp.verisign.com/scripts/timestamp.dll ^
        /sha1 $hex_string_from_sha1_section /ac "C:\Users\iwatson\Downloads\MSCV-VSClass3\MSCV-VSClass3.cer" ^
        "gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenscsi\xenscsi.cat"
signtool sign /v /t http://timestamp.verisign.com/scripts/timestamp.dll ^
        /sha1 $hex_string_from_sha1_section /ac "C:\Users\iwatson\Downloads\MSCV-VSClass3\MSCV-VSClass3.cer" ^
        "gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenusb\xenusb.cat"
signtool sign /v /t http://timestamp.verisign.com/scripts/timestamp.dll ^
        /sha1 $hex_string_from_sha1_section /ac "C:\Users\iwatson\Downloads\MSCV-VSClass3\MSCV-VSClass3.cer" ^
        "gplpv_Vista2008x64_0.11.0.238.msi.Sources\SourceDir\PFiles\Xen PV Drivers\drivers\xenvbd\xenvbd.cat"
  • Finally go to Project > Build.

This will build the new .msi file and save it in “$FILENAME.Sources\Debug\Disk1_1″

It is, of course, too much to hope this will cover all eventuallities in Windows driver signing. If you have been following this article to sign your own drivers then I hope it gets you close.

Posted in windows, work | Tagged , , , , , | Leave a comment

Japan

Posted on March 13, 2011 by

Probably everyone who has been watching the TV coverage of the Japanese earthquake and subsequent tsunami will have been shocked by the absolute destruction caused in the worst affected areas. I was stunned watching the live coverage of the tsunami’s relentless surge across fields and through towns. Watching people in their cars trying to drive away from the oncoming water was quite shocking. I really hope I never experience anything like the Japanese are going through right now.

If you are looking to donate any money to help with the disaster relief effort a worthy cause is Shelterbox. A shelter box is basically a plastic box containing a custom designed 10 man tent, ground mats, blankets, cooking equipment and other essential items. The idea behind the box is to provide emergency shelter for families with the tools to help them survive.

You can make a Japan-specific donation to Shelterbox using Justgiving.com.

Posted in news | Tagged , , , | 1 Comment

My Friend Scott

Posted on February 21, 2011 by

When I was about nine years old I moved with my parents to a new house in a different part of Aberdeen. I’m not sure how soon after moving there I became best friends with the boy from number seven – Scott Duff. He was a few years older than me but that didn’t seem to matter.

Scott and I spent a lot of time out playing in summer. We used to go climb around in the adventure park beside the farmer fields or occasionally go play a bit of football in those fields. We would sometimes take a couple of golf clubs and balls up to the fields and see how many shots it took to get from one side to the other. Neither of us was particularly good, but Scott was better than me.

I used to help Scott with his paper round. There were 300 papers to deliver in two days each week. The bag was pretty heavy. I remember one summer taking full advantage of vouchers for Diet Coke that were meant to be given away with the paper. I can’t remember if the coke was cheap or totally free with this voucher but I do remember handing in quite a few to the local shop.

I started going to The Scouts with Scott. As Scott was from Torry we had to get two buses all the way across town to go to The Scouts there – Torry 16th: Aberdeen’s hardest! Scott made sure everyone there thought I was his cousin. He told me that was to make sure no-one would pick on me. I don’t know if that was quite needed as everyone one there was friendly, but he did say it more than once so maybe it was true. Walking up to the Scouts we always used to stop a little sweet shop and Scott introduced me to Sports Mixtures, which I still love to this day.

Another thing Scott introduced me to was good music. He gave me a copy of my first album with swearing on it. That album was Guns ‘n’ Roses’ Appetite For Destruction and is still a great album today. He also had a computer before me and we would play Commando on it. Again, I wasn’t very good. To keep the high scores on the little rubber keyed Spectrum Scott would leave it on all the time. I believe he burned through a couple of them that way as computers and power packs really weren’t designed to be left on all the time back then.

As Scott was a few years older than me he had to stop going to The Scouts and it was that which started us drifting apart as friends. I don’t remember us ever stop being friends, we just didn’t see each other or hang out anywhere.

It was about five years later we spent an evening drinking. It was just by chance that I was out watching a lightning storm with a beer in my hand. Scott was also watching the storm from his window and we got chatting. Scott came over to my house with a bottle of Coke and a litre of blue-label vodka. I don’t remember much of that evening other than throwing up around 7 am. From then it was around another five years later, in 1999, when I next (and last) saw Scott. I was walking through town heading to work when Scott came running up to me to say hello. I think we said something about meeting up for a drink, but that never happened. I occasionally though about getting in touch with Scott but never did get around to doing so. His parents still live beside mine so it would have been easy.

Yesterday my Dad called me to tell me Scott had died. Scott’s dad told him, but didn’t say how and my Dad didn’t ask. It’s odd that you don’t see someone for years and never really miss them, but once you learn you will never see someone again you do. At least I have lots of happy memories to remember him by.

Posted in life | Tagged , , | 2 Comments

Books

Posted on February 19, 2011 by

I cancelled all my magazine subscriptions recently. All three of them. I had one subscription for each hobby: Guitar, Motorbikes, Photography. I’ve had these subscriptions for two to four years depending on which magazine it was.

The problem I’ve had is that I’ve built up a backlog of magazines on my window and it was starting to get a bit stupid trying to catch up. I also never learn any of the songs in the guitar magazine, nor do I try any of the projects in the photography magazine. It didn’t seem like there was much point to actually subscribe.

The main thing that made me cancel, though, was going to a bookshop and just having a browse. I saw several authors I used to read have a whole load of new books out. There are also various book series out there where I’ve read the first book and never went back. Standing in the bookshop seeing all those books made me remember how I enjoy buying a bunch of new books. It made me remember how I enjoy opening a book at the first page and wondering where the journey will take me. Those are things you rarely get from a magazine subsciption. I also have a stack of books I’ve been given as gifts and really should read.

However, the subscription cancellations seem to be taking a while to trickle through – it appears I paid for one magazine in six-month blocks. Once I get through all the backlog of magazines plus the new ones that are still arriving then I can settle down to a good Discworld novel or two.

Posted in life | Tagged , , , , , , , | Leave a comment

Charity Exercise

Posted on February 12, 2011 by

A couple of years ago I started going to the gym but I was finding it hard to be motivated. Through work I ended up as part of a relay team running a half marathon. The best part of that was suddenly I was very motivated to start building my speed and stamina and I thoroughly enjoyed both the training and actual run. Unfortunately once that race was over I found it quite hard to maintain the training regime.

Over the last year and half I’ve managed to find loads of excuses to not get back to a regular routine at the gym. Most of these have revolved around not having enough time and preferring to spend more time with my son. I decided enough was enough and roped a friend into joining me on a 10 km charity run.

The run is in April and is for Chest Heart and Stroke Scotland (CHSS). The running route is through the lovely scenery of the Scottish Cairngorms near the Glenlivet whisky distillery. More information can be found behind this link. And you can sponsor me at www.justgiving.com/dagoaty

So now I just have to get myself back up to a decent running speed. I have managed to get to the gym five times in the last three weeks which isn’t great, but at least it’s a start. Once the weather is better I can also start running my 7 km route around Queensferry which should make a big difference.

Coincidently, a friend of mine has also entered a charity distance event. In Rob’s case he is planning to go full marathon distance. I’d like to do that at some point, but not for some time. If you fancy sponsoring Rob you can visit his blog to find out more.

Posted in life | Tagged , , | 2 Comments

Did Someone Order Rain?

Posted on February 4, 2011 by
Day 108 - Rainy Day

Rain Pane

Yes in fact, I did and it’s great. This might seem an odd thing to say given I ride a motorbike, but that is exactly why I wanted it to rain.

The reason I want rain is because of all the sand which has been spread over the roads during the last two months. I do wonder why the council doesn’t go back out with street sweepers and clean the sand back up again. Each year we hear complaints about the low stocks of sand and the cost of maintaining these stocks. All during last year there were certain corners on my way to work which had loads of the stuff just lying there. Given the council won’t sweep the sand all up, hopefully this rain will wash most of it away.

Of course, it is always possible to get too much of a good thing. After four days of torrential rain I think we may be at that point now. I got home from work today with my boots full of water so it’s time to get a new pair of them, but in the meantime –  please stop raining now.

Posted in life, motorbike | Tagged , , , , , | Leave a comment

Update Your CV

Posted on January 26, 2011 by

Recently I was clearing out old files saved on my computer when I found my stack of CV files. I always use the date of last edit as part of the filename when I update my CV. This quickly showed me it was over two years since the last time I had edited my CV, so I decided it was time to bring it up-to-date.

Even though I still have essentially the same job, it turns out quite a lot can change in two years. Two changes in job title and one change in company name adds a decent amount to a CV. In those two years I have also learnt quite a few new technologies and built on existing skills. All in all it turned out to be a reasonable set of changes I had to make.

As always adding the new things to my CV wasn’t that hard. I sometimes find it tricky to describe my job in a concise manner that still accurately reflects exactly what I do. In a social situation I can get away with one word when people ask my what I do.  ”Computers” I growl, in a slightly threatening manner that warns all but the truly stupid not to ask me about this problem they’ve been having with Windows recently. This doesn’t work on a CV.

So I add many lines describing my jobs and skills acquired over the last two years then set to the tricky task of reducing my CV to the mandatory two pages. This took me longer than adding text. Reducing margin sizes is always so obvious on a CV and rarely looks good so I tend to avoid that. This time in order to save space I started condensing different jobs at the same employer into a single entry. This saved significant space due to job overlap in different postition.

Oddly, with the new layout, I seem to have extra space for more information. This either means I have over-condensed my CV or I need to add more skills to it.

So my updated CV has been saved with a new datestamp in the filename and also saved as PDF. I now have copies reaching back 7 years. I’m not sure I want to look at the oldest file to see the evolution of my CV style. Maybe another day.

If you’ve just finished reading this, maybe you should go update your CV too.

Posted in life | Tagged , , | Leave a comment