[wix-users] conditional install of device driver using WIX and DIFXAPP because of new/stricter signing requirements in W10

Anthony LaMark anthony at squadratechnologies.com
Wed Jul 12 16:36:15 PDT 2017 

Hi,

 

Because MS is now forcing device drivers to be signed by MS on W10 and
Server 2016, 

I am modifying our WIX install to conditionally install our device driver.

To accomplish this, we have our device driver signed twice.

One for older Windows (we do the signing ourselves with a SHA1 code signing
certificate) and then one signed by MS (using the Hardware Developer Portal
- attestation signed...for now).

So, on our build machine, there are 2 directories each with the same driver
files (x.sys, x.inf, x.cat) but with different signing (one from us, one
from MS).

 

In our WIX install, we make two components (both with the same GUID
attribute but with different ID attribute), each with a <Condition> child
element.

The <Condition>s are mutually exclusive:

DriverCondition <> "1" and DriverCondition = "1"

 

The variable DriverCondition is set in a CustomAction that gets called at
the beginning

of the InstallExecuteSequence.

 

Here are the relevant WIX XML snippets:

..

          <Component Id='productDriver'
Guid='{E708D6C5-32DC-4435-B9F0-49D5A48B48F2}'>

              <Condition>

                <![CDATA[DriverCondition <> "1"]]>

              </Condition>

            <File Id='xSYS' Name='x.sys' DiskId='1'
Source='\Projects\product\driver\$(var.DriverSubdirectoryName)\x.sys'
KeyPath='yes' />

            <File Id='xINF' Name='x.inf' DiskId='1'
Source='\Projects\product\driver\$(var.DriverSubdirectoryName)\x.inf'
Hidden='yes' />

            <File Id='xCAT' Name='x.cat' DiskId='1'
Source='\Projects\product\driver\$(var.DriverSubdirectoryName)\x.cat'
Hidden='yes' />

            <difx:Driver AddRemovePrograms='no' DeleteFiles='yes'
ForceInstall='yes' Legacy='yes' PlugAndPlayPrompt='no' Sequence='1'/>

          </Component>      

            <Component Id='productDriverMicrosoftSigned'
Guid='{E708D6C5-32DC-4435-B9F0-49D5A48B48F2}'>

              <Condition>

                <![CDATA[DriverCondition = "1"]]>

              </Condition>

              <File Id='xSYSMicrosoftSigned' Name='x.sys' DiskId='1'
Source='\Projects\product\driver\$(var.DriverSubdirectoryNameMicrosoftEVDriv
erSigning)\x.sys' KeyPath='yes' />

              <File Id='xINFMicrosoftSigned' Name='x.inf' DiskId='1'
Source='\Projects\product\driver\$(var.DriverSubdirectoryNameMicrosoftEVDriv
erSigning)\x.inf' Hidden='yes' />

              <File Id='xCATMicrosoftSigned' Name='x.cat' DiskId='1'
Source='\Projects\product\driver\$(var.DriverSubdirectoryNameMicrosoftEVDriv
erSigning)\x.cat' Hidden='yes' />

              <difx:Driver AddRemovePrograms='no' DeleteFiles='yes'
ForceInstall='yes' Legacy='yes' PlugAndPlayPrompt='no' Sequence='1'/>

            </Component>

...

    <Feature Id="ProductFeatureBinaries"  Title="productBinaries" Level="1">

      <ComponentRef Id='productDriver' />

      <ComponentRef Id='productDriverMicrosoftSigned' />

...

    </Feature>

 

...

    <InstallExecuteSequence>

      <!-- INSTALL and UPGRADES -->

      <Custom Action='CustomActionSetDriverCondition'
Before='CreateFolders'>

        <![CDATA[(REMOVE="")]]>

      </Custom>

...

 

When we build the WIX install project, we get a warning message: 

warning LGHT1076: ICE30: The target file 'x.sys' might be installed in
'[ProgramFiles64Folder]\product\' by two different conditionalized
components on an SFN system: 'productDriver' and
'productDriverMicrosoftSigned'. If the conditions are not mutually
exclusive, this will break the component reference counting system.

 

At install, we get the following relevant messages in the install log:

MSI (s) (FC!84) [13:49:21:062]: PROPERTY CHANGE: Adding DriverCondition
property. Its value is '1'.

 

DIFXAPP: ENTER: ProcessDriverPackages()

DIFXAPP: INFO: 'Component' is 'productDriver'

DIFXAPP: INFO: Component state 0x2 -> 0x3

DIFXAPP: INFO: 'ComponentId' is {E708D6C5-32DC-4435-B9F0-49D5A48B48F2}

DIFXAPP: INFO: 'Flags' is 31

DIFXAPP: INFO: component path is C:\Program Files\product\

DIFXAPP: INFO: user SID of user performing the install is 'S-1-5-21-...'.

DIFXAPP: INFO: creating
HKEY_USERS\S-1-5-21-...\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Co
mponents\{E708D6C5-32DC-4435-B9F0-49D5A48B48F2} (User's SID: 'S-1-5-21-...')
...

DIFXAPP: INFO: 'Component' is 'productDriverMicrosoftSigned'

DIFXAPP: INFO: Component state 0x2 -> 0xFFFFFFFF

DIFXAPP: INFO: 'ComponentId' is {E708D6C5-32DC-4435-B9F0-49D5A48B48F2}

DIFXAPP: INFO: 'Flags' is 31

DIFXAPP: INFO: component path is 

DIFXAPP: INFO: This is a no-op custom action for component
productDriverMicrosoftSigned. The
NoOp_{E708D6C5-32DC-4435-B9F0-49D5A48B48F2} property has been set to TRUE.

DIFXAPP: RETURN: ProcessDriverPackages() 0 (0x0)

DIFXAPP: ENTER: InstallDriverPackages()

DIFXAPP: INFO: 'CustomActionData' property 'DIFxApp Version' is '2.1'.

DIFXAPP: INFO: 'CustomActionData' property 'UI Level' is '5'.

DIFXAPP: INFO: 'CustomActionData' property 'componentId' is
'{E708D6C5-32DC-4435-B9F0-49D5A48B48F2}'.

DIFXAPP: INFO: 'CustomActionData' property 'componentPath' is 'C:\Program
Files\product\'.

DIFXAPP: INFO: 'CustomActionData' property 'flags' is 0x1F.

DIFXAPP: INFO: 'CustomActionData' property 'installState' is '2'.

DIFXAPP: INFO: 'CustomActionData' property 'ProductName' is 'product'.

DIFXAPP: INFO: 'CustomActionData' property 'ManufacturerName' is
'CompanyName'.

DIFXAPP: INFO: user SID of user performing the install is 'S-1-5-21-...'.

DIFXAPP: INFO: opening
HKEY_USERS\S-1-5-21-...\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Co
mponents\{E708D6C5-32DC-4435-B9F0-49D5A48B48F2} (User's SID: 'S-1-5-21-...')
...

DIFXAPP: INFO:   ENTER:  DriverPackageInstallW

DIFXAPP: INFO:   Copied 'x.inf' to driver store...

DIFXAPP: INFO:   Copied 'x.cat' to driver store...

DIFXAPP: INFO:   Commiting queue...

DIFXAPP: INFO:   Copied file: 'C:\Program Files\product\x.sys' ->
'C:\WINDOWS\system32\DRVSTORE\x_BBCE708F79152E888F70B6A14291A0ED2F596DE4\x.s
ys'.

DIFXAPP: INFO:   Installing INF file
"C:\WINDOWS\system32\DRVSTORE\x_BBCE708F79152E888F70B6A14291A0ED2F596DE4\x.i
nf" of Type 4.

DIFXAPP: INFO:   Installing File System Driver
'C:\WINDOWS\system32\DRVSTORE\x_BBCE708F79152E888F70B6A14291A0ED2F596DE4\x.i
nf'

DIFXAPP: INFO:   Service 'x' was started

DIFXAPP: SUCCESS:Installation completed with code 0x0.

DIFXAPP: INFO:   RETURN: DriverPackageInstallW  (0x0)

DIFXAPP: INFO:   ENTER:  DriverPackageGetPathW

DIFXAPP: SUCCESS:Found driver store entry.

DIFXAPP: INFO:   RETURN: DriverPackageGetPathW  (0x7A)

DIFXAPP: INFO:   ENTER:  DriverPackageGetPathW

DIFXAPP: SUCCESS:Found driver store entry.

DIFXAPP: INFO:   RETURN: DriverPackageGetPathW  (0x0)

DIFXAPP: INFO: driver store entry for 'C:\Program Files\product\x.inf' is
'C:\WINDOWS\system32\DRVSTORE\x_BBCE708F79152E888F70B6A14291A0ED2F596DE4\x.i
nf'.

DIFXAPP: INFO: The component Id '{E708D6C5-32DC-4435-B9F0-49D5A48B48F2}' is
now set to point to driver store:
'C:\WINDOWS\system32\DRVSTORE\x_BBCE708F79152E888F70B6A14291A0ED2F596DE4\x.i
nf'

DIFXAPP: INFO: A reboot is not needed to install the component
'{E708D6C5-32DC-4435-B9F0-49D5A48B48F2}'.

DIFXAPP: RETURN: InstallDriverPackages() 0 (0x0)

DIFXAPP: ENTER: CleanupOnSuccess()

DIFXAPP: INFO: 'Component' is 'productDriver'

DIFXAPP: INFO: 'ComponentId' is {E708D6C5-32DC-4435-B9F0-49D5A48B48F2}

DIFXAPP: INFO: This is a no-op for component productDriver. The
NoOp_{E708D6C5-32DC-4435-B9F0-49D5A48B48F2} property has been set to TRUE.

DIFXAPP: INFO: Skipping cleanup for component productDriver, since it is a
no-op.

DIFXAPP: INFO: 'Component' is 'productDriverMicrosoftSigned'

DIFXAPP: INFO: 'ComponentId' is {E708D6C5-32DC-4435-B9F0-49D5A48B48F2}

DIFXAPP: INFO: user SID of user performing the install is 'S-1-5-21-...'.

DIFXAPP: INFO: opening
HKEY_USERS\S-1-5-21-...\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Co
mponents\{E708D6C5-32DC-4435-B9F0-49D5A48B48F2} (User's SID: 'S-1-5-21-...')
...

DIFXAPP: RETURN: CleanupOnSuccess() 0 (0x0)

 

When we run the installer on a W10 machine, we see that DriverCondition gets
set to 1.

However, the x.sys, x.inf, x.cat that gets installed is not the MS signed
driver files (but is the driver files we signed ourselves).

 

So, if you are still reading :-), my questions are:

1.	How can I troubleshoot the <Condition> element in the <Component>s?


I am questioning if they are working so I need to somehow validate variable
DriverCondition is properly getting analyzed when the Component is getting
processed.

2.	If the variable DriverCondition is getting processed correctly, then
I am completely stumped about why DIFXAPP is not looking at it when it
processes the Component element.  

I have a sinking feeling that DIFXAPP logic does not look for the Condition
element on the Component element and therefore, I have to come up with a
different approach.  

 

I thought of variablizing the File elements Source attribute.

I would do this in the CustomAction that is determining/setting the
DriverCondition variable.

However, when I search the web for this type of logic, I am coming up empty.

Not to say it cannot be done but if someone has not already attempted it, I
worry if it is possible.

Any help here would be greatly appreciated.

Thanks in advance.

 

Anthony LaMark

squadra technologies

http://www.squadratechnologies.com <http://www.squadratechnologies.com/> 

562.221.3079

More information about the wix-users mailing list