I am working on writing a Windows kernel driver for a little project. As part of the project I decided to write a friendly .msi installer package that would install the driver along with the user-mode portions of my program. It turns out to be a surprisingly difficult/arcane task. After hours of struggling I think I finally figured out the solution. I am documenting it here so that other people can hopefully find this post and have a much easier time of it.
Note: I am using WiX 2.0.3309 and Driver Install Frameworks for Applications Version 2.0 (also known as DIFxApp 2.0) to install the drivers.
DIFxApp requires you to sign your drivers for it to install them. Actually, there is a test mode to get around that, but for most cases, you must sign them. The options for signing are to use an Authenticode certificate or a WHQL certificate once your driver passes Windows driver certification testing. I opted for the Authenticode certificate. I'll spare you the long story...
Here are the steps (simplified a bit) required to create a DIFx package with a signed catalog file.
1. Build your driver and create the .inf file for installation. Creating the .inf file is not easy either but at least there is a lot of documentation available if you search for it. I'll leave that part to you.
2. Create a .cdf file that describes the content you are cataloging. In the simple case, this is just your driver and the .inf file. Here is a simple example:
3. Run makecat on the .cdf file to generate the catalog.
makecat -r -v mydrv.cdf
4. Run signtool on the catalog to add a digital signature.
signtool sign /f mycert.pfx /p password /v /a mydrv.cat
if you prefer.
You will probably want to put a timestamp on the catalog with the /t option as well, but it is not required.
5. Build your installer package. In my case, I am using WiX. Here is what the driver component tag looks like.
DriverForceInstall="no" DriverSequence="0" >
<File Id="mydrvinf" Name="mydrv.inf" DiskId="1"
<File Id="mydrvsys" Name="mydrv.sys" DiskId="1"
<File Id="mydrvcat" Name="mydrv.cat" DiskId="1"
I could not find the documentation for creating a proper .cdf file for driver signing anywhere. Also, Microsoft ships an example signed .cat file in the DIFx kit, but surprisingly, they don't include the .cdf file that was used to generate it. I worked backward from the contents of the .cat file in order to figure out how to build the proper .cdf. If someone else knows of a place where this documentation exists, I'd be interested in knowing about it. Or, if you see a mistake, feel free to correct me.