《2022年驱动程序签名 .pdf》由会员分享,可在线阅读,更多相关《2022年驱动程序签名 .pdf(23页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Digital Signatures for Kernel Modules on Systems Running Windows Vista July 25,2007 Abstract For Windows Vista?and later versions of the Windows?family of operating systems:Kernel-mode software must have a digital signature before it will load on x64-based computer systems.Boot-start drivers should
2、contain an embedded signature.Certain configurations of x86 systems require kernel-mode software to have digital signatures to access next-generation premium content depending on content protection policy.This paper describes how to manage the signing process for kernel-mode software for Windows Vis
3、ta.This information applies for the following operating systems:Windows Vista Windows Server?2008 The current version of this paper is maintained on the Web at:http:/ and resources discussed here are listed at the end of this paper.Contents Introduction.3Digital Signatures as a Best Practice.4Kernel
4、-Mode Code-Signing Options.4The Kernel-Mode Code-Signing Process.6How to Obtain a Software Publishing Certificate.6Guidance for Safeguarding Code-Signing Keys.7Using Cross-Certificates with Kernel-Mode Code Signing.7Verification During Driver Installation and Loading.8Generating Test Certificates.9C
5、reating a Signed Catalog File.10How to Create a Catalog File.10How to Create a Catalog File By Using Inf2Cat.11How to Create a Catalog File Manually.12How to Sign a Catalog File.12Signing the Self-Extracting Download file.13How to Install a Signed Catalog File.14Adding an Embedded Signature to a Dri
6、ver Image File.14How to Verify an Embedded Signature.15名师资料总结-精品资料欢迎下载-名师精心整理-第 1 页,共 23 页 -Digital Signatures for Kernel Modules on Systems Running Windows Vista-2 July 25,2007?2006 2007 Microsoft Corporation.All rights reserved.How to Disable Signature Enforcement during Development.15How to Use T
7、est Signing.15Using the WHQL Test Signature Program.16Enabling Test Signing.16Troubleshooting.17Detecting Driver Load Errors.17Enabling Code Integrity Diagnostic System Log Events.18System Audit Log Events.20Informational Events in the Verbose Log.20Driver Verification Debugging Options.21Code Integ
8、rity Event Log Messages.21Resources.22Disclaimer This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.The information contained in this document represents the current view of Microsoft Corporation on the issues discussed
9、as of the date of publication.Because Microsoft must respond to changing market conditions,it should not be interpreted to be a commitment on the part of Microsoft,and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.This White Paper is for informati
10、onal purposes only.MICROSOFT MAKES NO WARRANTIES,EXPRESS,IMPLIED OR STATUTORY,AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user.Without limiting the rights under copyright,no part of this document may be reproduced,stored in or intr
11、oduced into a retrieval system,or transmitted in any form or by any means(electronic,mechanical,photocopying,recording,or otherwise),or for any purpose,without the express written permission of Microsoft Corporation.Microsoft may have patents,patent applications,trademarks,copyrights,or other intell
12、ectual property rights covering subject matter in this document.Except as expressly provided in any written license agreement from Microsoft,the furnishing of this document does not give you any license to these patents,trademarks,copyrights,or other intellectual property.Unless otherwise noted,the
13、example companies,organizations,products,domain names,e-mail addresses,logos,people,places and events depicted herein are fictitious,and no association with any real company,organization,product,domain name,email address,logo,person,place or event is intended or should be inferred.?2006 2007 Microso
14、ft Corporation.All rights reserved.Microsoft,Win32,Windows,Windows Server,and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.The names of actual companies and products mentioned herein may be the trademarks of their r
15、espective owners.名师资料总结-精品资料欢迎下载-名师精心整理-第 2 页,共 23 页 -Digital Signatures for Kernel Modules on Systems Running Windows Vista-3 July 25,2007?2006 2007 Microsoft Corporation.All rights reserved.Introduction For both consumer and enterprise users of Windows?around the world,protecting personal and corp
16、orate data remains a top concern.Microsoft is committed to implementing new ways to help restrict the spread of malicious software.Digital signatures for kernel-mode software are an important way to ensure security on computer systems.Digital signatures allow the administrator or end user who is ins
17、talling Windows-based software to know whether a legitimate publisher provided the software package.When users choose to send Windows Error Reporting data to Microsoft after a fault or other error occurs,Microsoft can analyze the data to know which publishers software was running on the system at th
18、e time of the error.Software publishers can then use the information that Microsoft provides to find and fix problems in their software.Windows Vista?relies on digital signatures for kernel-mode code to increase the safety and stability of the Windows platform and to enable new customer experiences
19、with next-generation premium content:Drivers must be signed for devices that stream protected content.This includes audio drivers that use protected user-mode audio(PUMA)and protected audio path(PAP),and video device drivers that handle protected video path-output protection management(PVP-OPM)comma
20、nds.Unsigned kernel-mode software will not load and will not run on x64-based systems.Boot-start drivers must contain an embedded signature.The scope of the new kernel-mode code-signing policy is far reaching.For developers who publish kernel-mode software,this policy has the following effects:For a
21、ny kernel-mode component that is not already signed,publishers must obtain a software publishing certificate(SPC)and use the SPC to sign all 64-bit kernel-mode software that runs on x64-based computer systems running Windows Vista.This includes kernel-mode services software.Publishers that provide 6
22、4-bit device driver or other kernel-mode software that is already signed through the Windows Logo Program must have their driver catalog files signed with a Windows Hardware Quality Labs(WHQL)signature.To fully test the driver package before submission to WHQL,they must use an SPC to sign the driver
23、 catalog file.In the special case of boot-start drivers,publishers must use an SPC to embedded-sign the driver binary image file for optimal system boot performance.This requirement applies to x86 and x64 versions of Windows.A driver is said to be boot start if it is loaded by the Windows Vista oper
24、ating system loader.Boot-start drivers are identified when the drivers INF specifies the start type as Start=0 or a kernel service is configured with a Service Type as Kernel Driver or File System Driver and StartMode is boot.The kernel-mode code-signing policy applies to all kernel-mode software on
25、 x64-based systems running Windows Vista and to boot-start drivers for both x86 and x64 systems.However,Microsoft encourages publishers to digitally sign all software,including device drivers for both 32-bit and 64-bit platforms.Windows Vista performs kernel-mode signature verification on x86 system
26、s to support protected media content.名师资料总结-精品资料欢迎下载-名师精心整理-第 3 页,共 23 页 -Digital Signatures for Kernel Modules on Systems Running Windows Vista-4 July 25,2007?2006 2007 Microsoft Corporation.All rights reserved.This paper describes how to manage the signing process for kernel-mode code for Windows
27、Vista,including how to obtain an SPC,guidelines for protecting keys,and how to sign a driver package by using the tools in the Windows Driver Kit(WDK).Digital Signatures as a Best Practice Since the release of Windows 98,Microsoft has promoted driver signing for designated device classes as a way to
28、 advance driver reliability,to provide a better user experience,to reduce support costs for software and hardware vendors,and to lower the total cost of ownership for customers.For device drivers and other kernel-mode software,drivers signed as part of the Windows Logo Program increase end-user conf
29、idence in the quality of the software and improve the user experience because a drivers Windows logo indicates that the driver was tested and that the digital signature that accompanies the Windows logo confirms has not been altered since testing.For most kernel-mode driver packages,a digital signat
30、ure is provided in a signed catalog(.cat)file.WHQL provides a Microsoft-signed catalog file to distribute with a driver package that meets the requirements of the Windows Logo Program.The process of creating signed kernel-mode software consists of two distinct but related activities.These can be don
31、e in parallel because the software usually is not required to be signed until relatively late in the development process.Managing the signing process.This is typically handled by publishers program management and software release services and includes:Selecting the appropriate signing option.Obtaini
32、ng the necessary certificates.Managing the digital signature or code-signing keys.To digitally sign image binary files or catalog files,a software publisher must have a certified code-signing key,which means that a certification authority(CA)has sufficiently established the identity of the publisher
33、.Implementing the driver to be signed.This is typically handled by the publishers development team and includes:Implementing the driver itself.Creating a signed driver package for internal testing or release.These processes are documented for earlier versions of Windows in the WDK and the Platform S
34、DK.This paper describes additional options related to kernel-mode code signing for Windows Vista.Kernel-Mode Code-Signing Options Multiple options are available for working with the kernel-mode code signing(KMCS)requirements in Windows Vista.Signing driver files is not required for Windows Vista to
35、load drivers while developing kernel-mode code.Instead,developers can use one of the mechanisms to temporarily disable load-time checks by the kernel on development and nonautomated test systems.However,test signing of driver packages is required to automate installation of a driver package on test
36、systems without having driver installation pop-up menus.The Driver Management Infrastructure(DMI)verifies the driver package signature during installation and warns users of unsigned drivers.Table 1 compares options for digitally signing kernel modules that Windows Vista supports.名师资料总结-精品资料欢迎下载-名师精
37、心整理-第 4 页,共 23 页 -Digital Signatures for Kernel Modules on Systems Running Windows Vista-5 July 25,2007?2006 2007 Microsoft Corporation.All rights reserved.Table 1.Options for Signing Kernel Modules Signing options Functionality verified to meet logo requirements Identity verified Intended use Windo
38、ws Logo Program Yes Yes Release KMCS by using an SPC No Yes Release WHQL Test Signature program No Yes Testing KMCS test signing No No Testing The Windows Logo Program verifies correct driver functionality and ensures high quality and reliability.Microsoft digitally signs the driver packages that ar
39、e submitted to this program.The Windows Logo Program accepts device packages that are installed via INF file for hardware that meets the logo requirements.The driver publisher submits the driver package after completing driver verification tests.Drivers that qualify for the logo receive a Microsoft-
40、signed catalog file.For information about the Windows Logo Program,see Resources at the end of this paper.Developers can sign the driver image file or driver catalog file with an SPC for testing before submitting to WHQL to verify that the driver loads and operates correctly.KMCS that uses an SPC pr
41、ovides identifiability of the publisher of a kernel module loading into Windows Vista.KMCS does not provide any level of certification of functionality or reliability of the kernel module.If drivers do not qualify for the Windows logo or the logo is not one of the product requirements,the publisher
42、can create a catalog file for the driver package and sign it with the publishers SPC.Important:KMCS does not replace the WHQL program.Microsoft encourages publishers to use the Windows Logo Program to ensure driver quality.KMCS does not require the software publisher to pass the Windows Logo Program
43、 testing requirements associated with WHQL.A signed catalog file is all that is necessary for most driver packages to install and load correctly.The only exception is packages that contain a boot-start driver,which is loaded by the Windows Vista boot loader.These drivers must be signed in two ways:T
44、he kernel-mode driver binary file that is loaded at boot time must have an embedded signature in the binary signed with an SPC.For simplicity,it may be easier to embedded-sign all driver image files in the package.The driver package installed by using an INF file must also have a signed catalog file
45、 just like driver packages that do not contain a boot start driverfor signature verification during installation.Manufacturers should ensure that hardware vendors acquire an SPC and sign any boot-start drivers that will be installed on manufacturer-installed systems.For testing purposes during the d
46、evelopment cycle,code signing using a test certificate is recommended instead of signing with a release certificate.Windows Vista systems recognize a test-signed binary only when a boot configuration option that allows use of test signing certificates is enabled.Test signing is not enabled by defaul
47、t,and test signatures are not trusted by the majority of Windows Vista systems.The WHQL Test Signature program is also supported for test signing.Participants in the program can submit driver packages for WHQL test signing.The signature on the test-signed catalog files are generated by a certificate
48、 issued under the Microsoft Test Root Authority.The Microsoft Test Root Authority is accepted when 名师资料总结-精品资料欢迎下载-名师精心整理-第 5 页,共 23 页 -Digital Signatures for Kernel Modules on Systems Running Windows Vista-6 July 25,2007?2006 2007 Microsoft Corporation.All rights reserved.the Windows Vista boot con
49、figuration setting enables test signing.For information about the WHQL Test Signature program,see Resources at the end of this paper.For both test and release signing,the development team should follow best practices for key management,as described in Guidance for Safeguarding Code-Signing Keys late
50、r in this paper.Test signing is discussed in more detail in How to Use Test Signing later in this paper.The Kernel-Mode Code-Signing Process Digitally signing a kernel-mode image file or catalog file establishes the integrity of the signed file or files.Software modules should never be modified afte