Signed Driver Package
Im not sure if this is the right place for this but here goes.
I recently purchased 30 cheapie cheap webcams to use around the school on various desktops and laptops, first ensuring they have signed drivers. The driver install (in .exe format) works fine on the workstation I am trying to build a package from (checking in Device Manager confirms they are indeed signed) but when allocated they only install under an Admin account and display as unsigned in Device Manager. I have since found that the RM Package builder (or in fact any .msi creation tool) removes the drivers signature during the build process. I have also tried searching for alternate drivers, extracting the drivers from the .exe and deploying the .exe rather than creating an .msi, all with no success.
Has anyone had a similar problem before and managed to overcome it?
They way I build signed driver packages is as follows:
- Get the raw driver files (i.e. the .sys, .inf, and .cat files that you would point to when installing using using the Add New Hardware wizard)
- Author a simple MSI using Advanced Installer that intalls these to a folder on the target machine
- Use Orca to add the DIFxApp merge module which sets that new directory up as a search location for the Add New Hardware wizard.
If the drivers are not signed by Microsoft (i.e. WHQL) then you may also need to add the signing signature as a Trusted Publisher. You can extract this as follows:
- Select the .cat file for the drivers, right-click, and select Properties
- Click the Digital Signatures tab
- Select the signer name and click Details
- Click View Certificate
- Select the Details tab and click Copy to File
- Follow the prompts to save as a DER encoded .cer file
You can then add this to Trusted Publishers on your domain via Group Policy. Not sure of the process for doing that on an RM network, and it sounds like that's what you're using. Hopefully someone with experience can clue you in, or even better if your drivers are WHQL signed this step will be unnecessary.
It took a bit of time to get all the required tools together from Microsoft as they don't give you a clear ideas of where to find them. I eventually found that the latest versions of Orca can be found in the Windows Installer 4.5 SDK download, but for the merge module itself you have to download the Windows Driver Kit from Microsoft Connect.
I'm well aware this does not like like the simplest way to go about it but I'm pretty familiar with Orca and the MSI database schema so it didn't take me too long to get working. Now that I have it all set up I can go from a driver package to deployed MSI in about 15 minutes, including testing. It works every time.
@AngryTechnician - Great bit of information there, if ever there was something that desperatly wanted a wiki article it is this as it is one of the most poorly documented issues on the web. :)
If I have time during the Easter break I will try and write that up.
When you say use Advanced Installer, is that just to create the original MSI? So if you have an MSI that puts the driver files somewhere all ready you can go straight to step 3?
Yes, and yes.
Advanced Installer is one of my favourite pieces of software because the Freeware version creates nice clean MSIs that are ripe for augmenting using Orca. I'd love to have the paid version, but it's quite pricey, and by now I've taught myself how to do most of the extra stuff I need (drivers, installing services, etc) by using Orca. I just hope Caphyon never find out how easy it is to do.
...oh wait. BUGGER.
thanks for all the info above... I will have a look into it over the holiday and let you know how we get on
OK so it's half a term later than I intended, but I have now created a wiki article about this. Feel free to add anything I've missed out.