[wix-users] [EXTERNAL] Re: new Windows 10 version 1607 kernel mode device driver requirements - HOWTO implement in WIX conditionally?

Anthony LaMark anthony at squadratechnologies.com
Tue Jun 13 10:20:13 PDT 2017


Hi Nick,

Thanks for the input and link!

Anthony LaMark
squadra technologies
http://www.squadratechnologies.com
562.221.3079

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
Nick Elmer
Sent: Tuesday, June 13, 2017 8:24 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] [EXTERNAL] Re: new Windows 10 version 1607 kernel
mode device driver requirements - HOWTO implement in WIX conditionally?

We went through this as well and after some discovery found that you can
dual sign a driver with SHA1 and SHA256 signatures. However, we also
discovered that Windows 2008 does not support SHA256 signing at all, so SHA1
has to be first. Windows 2008 R2 supports SHA256 but only with a service
pack so be sure to test across all of your platforms. This link references a
few MSDN threads on the dual signing question and some additional
considerations and issues. Hope this helps.

http://www.osronline.com/showThread.CFM?link=271472


-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
Hoover, Jacob
Sent: Tuesday, June 13, 2017 10:54 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: [EXTERNAL] Re: [wix-users] new Windows 10 version 1607 kernel mode
device driver requirements - HOWTO implement in WIX conditionally?

>From the first link... :

How do I sign a driver so that it is compatible with Windows Vista, Windows
7, Windows 8, Windows 8.1, and Windows 10?

All you need to do is run the HLK tests for Windows 10 and run the HCK tests
for Windows 8.1 and earlier versions as you have in the past. Then, using
the Windows 10 HLK, merge the two test logs and submit your driver along
with the merged HLK/HCK test results to the Windows Hardware Developer
Center Dashboard portal. The portal will sign the driver correctly such that
it will work on all platforms that you indicate.

Are you trying to support XP / Older OS's?

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
David Watson
Sent: Tuesday, June 13, 2017 4:08 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] new Windows 10 version 1607 kernel mode device
driver requirements - HOWTO implement in WIX conditionally?

Do you support a wide variety of older operating systems?

I ask because I would have expected the EV certificates to work on most
operating systems so you can just replace the old driver with the newly
signed one. Then you don't need conditionals.

If you do want to do this you need component conditions on both sets of
components, the OS can be determined with the VersionNT and WindowsBuild
properties, but I am not sure if these are being populated correctly in
windows 10, there used to be issues.

Dave


[http://dr0muzwhcp26z.cloudfront.net/static/corporate/SDL_emailLogo.png]<www
.sdl.com/>
www.sdl.com


SDL PLC confidential, all rights reserved. If you are not the intended
recipient of this mail SDL requests and requires that you delete it without
acting upon or copying any of its contents, and we further request that you
advise us.

SDL PLC is a public limited company registered in England and Wales.
Registered number: 02675207.
Registered address: Globe House, Clivemont Road, Maidenhead, Berkshire SL6
7DY, UK.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
Anthony LaMark
Sent: 12 June 2017 17:26
To: wix-users at lists.wixtoolset.org
Subject: [wix-users] new Windows 10 version 1607 kernel mode device driver
requirements - HOWTO implement in WIX conditionally?

Hi,



Since Windows 10, version 1607 requires kernel mode device drivers to be
signed with an "Extended Validation Code Signing Certificate", I believe I
need to modify our installer (using WIX 3.10) now to install our kernel mode
device driver using a "conditional check" against the Windows Operating
System version.  I read this
<https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/
driver-signing-changes-in-windows-10-version-1607/> Microsoft blog and it is
still not clear to me whether I really need to do this or not but I am
moving forward (preparing) as if I will.



The new logic for the WIX installer that I desire will be:



if (Windows 10, 1607 or greater) then

  install the device driver signed with the "Extended Validation Symantec
Code Signing Certificate"

else

  install the device driver signed with our existing "Symantec Code Signing
Certificate"



The wxs file currently is defined with:



         <Component Id='TheKernelModeDriver'
Guid='{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}'>

           <File Id=' TheKernelModeDriverSYS' Name='xxxxxx.sys' DiskId='1'
Source='\driver\secRMM.sys' KeyPath='yes' />

           <File Id=' TheKernelModeDriverINF' Name='xxxxxx.inf' DiskId='1'
Source='\driver\secRMM.inf' />

           <File Id=' TheKernelModeDriverCAT' Name='xxxxxx.cat' DiskId='1'
Source='\driver\secRMM.cat' />

           <difx:Driver AddRemovePrograms='no' DeleteFiles='yes'
ForceInstall='yes' Legacy='yes' PlugAndPlayPrompt='no' Sequence='1'/>

         </Component>





   <Feature Id="ProductFeatures"  Title="Binaries" Level="1">

     <ComponentRef Id='TheKernelModeDriver'  />

   </Feature>



Looking at the documentation and web searching, I am not sure whether the
conditional logic (if that is the solution/is possible for drivers) goes in
the Component or Feature.

Also, I am looking for the WIX/msiexec property to allow me implement the
conditional check above.



If this is not possible, I am going to have to build two different
installers (.msi), one with the Extended Validation signed driver and one
with the "non"Extended Validation driver (for older OS-es).



Looking at the Microsoft documentation page titled
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa370556(v=vs.85).
aspx> "Operating System Property Values" , I do not see values for 
aspx> Windows
10 (and the versions such as 1607) or Server 2016.

Web searching results have mixed information about determining a Windows 10
OS let alone the version of 1607.



Does anyone have any advice on how to implement this in WIX?



Anthony LaMark

squadra technologies

http://webdefence.global.blackspider.com/urlwrap/?q=AXicY2Rm8FrCwHB9AQNDUU6l
gUmSXnFRmV5uYmZOcn5eSVF-jl5yfi5Dmamze1BoloehoaW5iTFDSnliSXF-nkNxCkQ6o6SkwEpf
v7y8XK-4sDQxpSixJDU5Iy8_Jz89M7UYrISBoXMKAwMAuu8kcA&Z
<http://webdefence.global.blackspider.com/urlwrap/?q=AXicY2Rm8FrCwHB9AQNDUU6
lgUmSXnFRmV5uYmZOcn5eSVF-jl5yfi5Dmamze1BoloehoaW5iTFDSnliSXF-nkNxCkQ6o6SkwEp
fv7y8XK-4sDQxpSixJDU5Iy8_Jz89M7UYpESfgYGhcwoDAwDfuiSf&Z>

562.221.3079




____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/


This message has been scanned for malware by Websense. www.websense.com

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/






More information about the wix-users mailing list