aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rozman <simon@rozman.si>2019-09-02 11:00:28 +0200
committerSimon Rozman <simon@rozman.si>2019-09-02 11:00:28 +0200
commit92fbca1377552fc777a170e16e35d076f2c5cf7a (patch)
tree1063abeef7783394651d5917bd68b2033191061c
parentAppend SHA1 signature to wintun.cat (diff)
downloadwintun-sr/win7signing.tar.xz
wintun-sr/win7signing.zip
Append SHA1 signature to wintun.syssr/win7signing
Windows 7 install driver validation doesn't handle "Always trust" option in the "Untrusted publisher" dialog box for SHA-256-only signed drivers correctly (KB2921916). The workflow is now: - Build wintun.sys - SHA-256 sign wintun.sys - append SHA-1 signature to wintun.sys - Inf2Cat - SHA-256 sign wintun.cat - append SHA-1 signature to wintun.cat Signed-off-by: Simon Rozman <simon@rozman.si>
-rw-r--r--wintun.vcxproj17
1 files changed, 14 insertions, 3 deletions
diff --git a/wintun.vcxproj b/wintun.vcxproj
index 7c5ae74..ac28380 100644
--- a/wintun.vcxproj
+++ b/wintun.vcxproj
@@ -178,9 +178,19 @@
<ImportGroup Label="ExtensionTargets" />
<!-- TODO: Remove appending SHA-1 signature once Windows 7 support is discontinued. -->
<PropertyGroup>
- <BuildDependsOn>$(BuildDependsOn);AppendWin7TestSignatureToCat;AppendWin7ProductionSignatureToCat</BuildDependsOn>
- <CleanDependsOn>CleanAppendWin7SignatureToCat;$(CleanDependsOn)</CleanDependsOn>
+ <BuildDependsOn>$(BuildDependsOn);AppendWin7TestSignatureToSys;AppendWin7ProductionSignatureToSys;AppendWin7TestSignatureToCat;AppendWin7ProductionSignatureToCat</BuildDependsOn>
+ <CleanDependsOn>CleanAppendWin7Signature;$(CleanDependsOn)</CleanDependsOn>
</PropertyGroup>
+ <Target Name="AppendWin7TestSignatureToSys" AfterTargets="DriverTestSign" BeforeTargets="DriverPackageTarget" Condition="'$(SignMode)' == 'TestSign'"
+ Inputs="$(TargetPath)" Outputs="$(IntDir)$(TargetName).sys.sign">
+ <Exec Command="&quot;$(SignToolPath)&quot; sign /as /sha1 &quot;$(TestCertificate)&quot; /fd sha1 &quot;$(TargetPath)&quot;" />
+ <Touch Files="$(IntDir)$(TargetName).sys.sign" AlwaysCreate="true" />
+ </Target>
+ <Target Name="AppendWin7ProductionSignatureToSys" AfterTargets="DriverProductionSign" BeforeTargets="DriverPackageTarget" Condition="'$(SignMode)' == 'ProductionSign'"
+ Inputs="$(TargetPath)" Outputs="$(IntDir)$(TargetName).sys.sign">
+ <Exec Command="&quot;$(SignToolPath)&quot; sign /as /sha1 &quot;$(ProductionCertificate)&quot; /fd sha1 /tr &quot;$(TimeStampServer)&quot; /td sha1 &quot;$(TargetPath)&quot;" />
+ <Touch Files="$(IntDir)$(TargetName).sys.sign" AlwaysCreate="true" />
+ </Target>
<Target Name="AppendWin7TestSignatureToCat" AfterTargets="PackageTestSign" Condition="'$(SignMode)' == 'TestSign'"
Inputs="$(OutDir)$(ProjectName)\$(ProjectName).cat" Outputs="$(IntDir)$(TargetName).cat.sign">
<Exec Command="&quot;$(SignToolPath)&quot; sign /as /sha1 &quot;$(TestCertificate)&quot; /fd sha1 &quot;$(OutDir)$(ProjectName)\$(ProjectName).cat&quot;" />
@@ -191,7 +201,8 @@
<Exec Command="&quot;$(SignToolPath)&quot; sign /as /sha1 &quot;$(ProductionCertificate)&quot; /fd sha1 /tr &quot;$(TimeStampServer)&quot; /td sha1 &quot;$(OutDir)$(ProjectName)\$(ProjectName).cat&quot;" />
<Touch Files="$(IntDir)$(TargetName).cat.sign" AlwaysCreate="true" />
</Target>
- <Target Name="CleanAppendWin7SignatureToCat">
+ <Target Name="CleanAppendWin7Signature">
+ <Delete Files="$(IntDir)$(TargetName).sys.sign" />
<Delete Files="$(IntDir)$(TargetName).cat.sign" />
</Target>
</Project>