1. Catalog Files and Digital Signature
Because Kernel Mode Drivers have essentially
unrestricted access to the system, they should be digitally signed.
Digitally signing the package simplifies the installation process, but
it also provides customers with two very important additional benefits:
Customers can use the signature to identify the origin of the package.
Customers
can use the signature to verify that the contents of the package have
not been tampered with since it was signed. For example, this assures
them that the driver has not been modified into a root kit or infected
with a virus.
With
recent versions of Windows, unsigned drivers can be installed only by
an administrator, and even administrators receive a warning dialog box
that requires them to explicitly approve the installation.
A signed catalog file (.cat)
contains the digital signature for the entire driver package. The
signing process ties the catalog file to a specific driver package. If
anyone subsequently modifies any member of the package by even a single
byte, it invalidates the signature. If you modify a driver package, it
must have a new signed catalog file.
There are two ways to obtain a signed catalog file for a driver package:
Obtain a Windows logo. Drivers that pass the
Windows Hardware Quality Lab (WHQL) testing and receive a Windows logo
also receive a catalog file for the driver package, signed with the
WHQL certificate.
Create your own signed catalog file. You can obtain a digital certificate from a certificate authority (CA). The WDK provides tools to create a catalog file and sign it with the certificate.
For testing purposes, you can create a test
certificate and install it in the trusted publishers’ certificates
store on the test computer. Sign the test driver packages with the test
certificate and the driver will install without warning messages.
The CatalogFile entry in the INF file’s Version section specifies a package’s catalog file. The following example is from the Featured Toaster sample’s INF file and declares KmdfSamples.cat as the package’s catalog file:
[Version]
Signature="$WINDOWS NT$"
Class=TOASTER
ClassGuid={B85B7C50-6A01-11d2-B841-00C04FAD5171}
Provider=%MSFT%
DriverVer=02/22/2006, 1.0.0.0
CatalogFile=KmdfSamples.cat
2. Installing Featured Toaster
Kernel Mode Drivers under development are normally
installed on a separate test computer that is used specifically for
testing and debugging drivers. If you are new to drivers, there are two
primary reasons for this practice:
Kernel Mode Drivers have essentially
unrestricted access to the system. This means that a misbehaving driver
can corrupt system memory and possibly the contents of the hard disk.
Drivers under development invariably have bugs, and it is better to
have any related damage happen to a stripped-down test computer that
can be easily reformatted.
Debugging
Kernel Mode Drivers normally requires two computers: one to host the
driver being debugged and one to host the debugging software. One
important reason for this arrangement is that driver bugs often hang or
crash the system. Hosting the debugger on a separate system protects it
from crashing along with the target computer and allows you to
immediately analyze the problem.
This section describes how to install Featured Toaster on a test computer. The driver is installed on a root-enumerated physical device object, which is the simplest approach. More commonly, drivers are installed on a bus-enumerated physical device object. The Toaster sample also includes a bus driver that can be used for this type of installation.
Remember that Featured Toaster
is a software driver, not a device driver. This means that there is
nothing for the Plug and Play manager to detect, so the driver must be
installed manually. Because the test driver is unsigned, installing it
requires administrator rights and an extra step. For a more streamlined
process, install a test certificate on the test computer and use the
certificate to sign the package. The steps involved in installing the Featured Toaster are as follows:
1. | Copy the driver binary (WdfFeatured.sys) and INF file (WdfFeatured.inf) to installable media such as a USB drive.
|
2. | Copy the WDF co-installer to the same media.
|
3. | Put the media on the test computer, start the Control Panel Add Hardware wizard, and go to page 2.
|
4. | Page 2: Click Yes, I Have Already Added the Hardware.
|
5. | Page 3: Select Add a New Hardware Device, from the bottom of the list.
|
6. | Page 4: Click Install the Hardware That I Manually Select From a List.
|
7. | Page 5: Select Show All Devices from the top of the list. It may take awhile for page 6 to appear.
|
8. | Page 6: Click Have Disk, which opens the Install From a Disk dialog box.
|
9. | Enter the drive letter for the media that contains the driver package and click OK to return to the wizard.
|
10. | Page 8: Select the Featured Toaster driver from the list and click Next on this page and the following page. The system then loads the driver.
|
11. | Page 10: Click Finish to complete the process.
|
Device Manager is the simplest way to
uninstall the driver. On Windows 7, you can also use System Restore to
restore the system to the state it had before the driver
installation—that uninstalls the driver, along with any other system
changes that took place in the interim.
