[wix-users] new Windows 10 version 1607 kernel mode device driver requirements - HOWTO implement in WIX conditionally?

Anthony LaMark anthony at squadratechnologies.com
Mon Jun 12 09:26:20 PDT 2017 

Hi,

 

Since Windows 10, version 1607 requires kernel mode device drivers to be
signed with an "Extended Validation Code Signing Certificate", I believe I
need to modify our installer (using WIX 3.10) now to install our kernel mode
device driver using a "conditional check" against the Windows Operating
System version.  I read this
<https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/
driver-signing-changes-in-windows-10-version-1607/> Microsoft blog and it is
still not clear to me whether I really need to do this or not but I am
moving forward (preparing) as if I will. 

 

The new logic for the WIX installer that I desire will be:

 

if (Windows 10, 1607 or greater) then

   install the device driver signed with the "Extended Validation Symantec
Code Signing Certificate"

else

   install the device driver signed with our existing "Symantec Code Signing
Certificate"

 

The wxs file currently is defined with:

 

          <Component Id='TheKernelModeDriver'
Guid='{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}'>

            <File Id=' TheKernelModeDriverSYS' Name='xxxxxx.sys' DiskId='1'
Source='\driver\secRMM.sys' KeyPath='yes' />

            <File Id=' TheKernelModeDriverINF' Name='xxxxxx.inf' DiskId='1'
Source='\driver\secRMM.inf' />

            <File Id=' TheKernelModeDriverCAT' Name='xxxxxx.cat' DiskId='1'
Source='\driver\secRMM.cat' />

            <difx:Driver AddRemovePrograms='no' DeleteFiles='yes'
ForceInstall='yes' Legacy='yes' PlugAndPlayPrompt='no' Sequence='1'/>

          </Component>

 

 

    <Feature Id="ProductFeatures"  Title="Binaries" Level="1">

      <ComponentRef Id='TheKernelModeDriver'  />

    </Feature>

 

Looking at the documentation and web searching, I am not sure whether the
conditional logic (if that is the solution/is possible for drivers) goes in
the Component or Feature.

Also, I am looking for the WIX/msiexec property to allow me implement the
conditional check above.

 

If this is not possible, I am going to have to build two different
installers (.msi), one with the Extended Validation signed driver and one
with the "non"Extended Validation driver (for older OS-es). 

 

Looking at the Microsoft documentation page titled
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa370556(v=vs.85).
aspx> "Operating System Property Values" , I do not see values for Windows
10 (and the versions such as 1607) or Server 2016.  

Web searching results have mixed information about determining a Windows 10
OS let alone the version of 1607.

 

Does anyone have any advice on how to implement this in WIX?

 

Anthony LaMark

squadra technologies

http://www.squadratechnologies.com <http://www.squadratechnologies.com/> 

562.221.3079

More information about the wix-users mailing list