Installing Test Builds of Inbox Drivers on Windows Vista

Installing Test Builds of Inbox Drivers on Windows Vista - 1

Installing Test Builds of Inbox Drivers on WindowsVista

July 18, 2006

Abstract

Microsoft® WindowsVista™ provides a mechanism to rank Microsoft-signed and thirdparty–signed drivers equally, so driver developers can install private builds of inbox drivers for testing purposes. This paper describes how driver developers can configure driver signature ranking in WindowsVista so they can install and test their drivers.

This information applies for the WindowsVista operating system.

The current version of this paper is maintained on the Web at:

References and resources discussed here are listed at the end of this paper.

Contents

Introduction

How Setup Ranks Driver Signatures on WindowsVista

Creating a Private Build that Outranks an Inbox Driver

Configuring WindowsVista to Rank Driver Signatures Equally

Installing the Updated Version of the Driver Package

Resources

Disclaimer

This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred.

Microsoft, Windows, Windows Server, and WindowsVista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Introduction

Microsoft® WindowsVista™ provides a mechanism that can be used to install updated versions of Microsoft-signed drivers. Ordinarily, a Microsoft-signed driver outranks a driver that is signed by a third party, which makes it difficult for driver developers to install private builds of an inbox driver.

This paper describes how driver developers can configure WindowsVista to install updated versions of Microsoft-signed drivers by configuring group policy to treat drivers that are signed by Microsoft the same as those that are signed by third parties. The information in this paper applies only to driver installation packages that contain an INF file and a CAT file.

Important:Windows Update depends on Microsoft Windows®-signed drivers having priority over drivers that have third-party signatures. Configuring a system to treat Microsoft-signed drivers the same as drivers that are signed by third parties can interfere with the ability of Windows Update to provide the correct drivers to consumers. Any combination of drivers that are signed by a third party and a valid Microsoft Windows publisher on a consumer system that is running WindowsVista can result in an installation failure for drivers that are delivered by Windows Update.

The group policy settingthat is described in this paper should be used only by driver developers who are testing private builds of inbox drivers or by enterprise network administrators who sign driver packages internally for installation within the enterprise. It should not be used in setup applications in production environments for drivers to be delivered by Windows Update. Vendors who must distribute an updated version of a Microsoft-signed driver to customers should obtain a Microsoft signature for the driver package in the usual way, such as submitting the driver installation package to Windows Hardware Quality Labs (WHQL).

How Setup Ranks Driver Signatures on WindowsVista

When a Plug and Play device is installed on a system that is running WindowsVista, Setup selects a driver on the basis of a number of factors such as the hardware ID or compatible ID, date, and version. Setup analyzes these factors to assign a rank that indicates how well the driver matches the device. The lower the rank, the better a match the driver is for the device.

By default, WindowsVista ranks drivers that have a Microsoft signature for WindowsVista better than drivers that have a third-party signature or drivers that have a Microsoft signature for a Windows version earlier than the version that is specified by the LowerLogoVersion value that is set for the device setup class of the driver. The Microsoft signature types include the following:

Premium WHQL signatures and standard WHQL signatures
Signatures for inbox drivers
Driver Reliability Signature (DRS) signatures
Windows Sustained Engineering (Windows SE) signatures
A WHQL signature for a Windows version that is the same or later than the Windows version that is specified by the LowerLogoVersion value that is set for the device setup class of a driver

Even when a driver with a third-party signature is in all other respects a better match for the device, Setup selects the driver that has a Microsoft signature for WindowsVista. (The use of a publisher identity certificate [PIC]for the third-party signature does not change this behavior.)

For complete details about driver ranking, see "How Setup Selects a Driver" in the Windows Driver Kit (WDK).

Creating a Private Build that Outranks an Inbox Driver

The AllSignersEqual group policy controls how Setup ranks Microsoft-signed drivers and thirdparty–signed drivers. When AllSignersEqual is TRUE, Setup treats all Microsoft signature types and third-party signatures as equal with respect to rank when selecting the driver that is the best match for a device.

Therefore, to install a private build of an inbox driver, ensure that the private build outranks the Microsoft-signed version when signatures are treated equally. The private build must also be digitally signed by using tools provided with the WDK.

The simplest way to ensure that the updated driver installation package outranks the Microsoft-signed version when signatures are treated equally is to increment the Date and Version fields in the INF file for the driver package. To do this, make the following changes to the makefile that builds the INF file:

1.Modify the makefile to generate a new INF file for the driver package. For example, add the following line to the makefile:

$(O)\sample.inf

2.Add a new section in the makefile to generate the new INF and modify the reference to STAMPINF to add the new options. For example:

$(O)\ sample.inf: $(_INX)\ sample.inx $(_LNG)\ sample.txt

$(C_PREPROCESSOR_NAME) $(PREFLAGS) $(_LNG)\$(@B).txt > $(O)\$(@B).txt1

copy /b $(_INX)\$(@B).inx+$(O)\$(@B).txt1 $@

@del $(O)\$(@B).txt1

stampinf -f sample.inf -d * -v * -c MyCatalogName.CAT

$(TSBINPLACE_CMD)

In the STAMPINF command line:

The -d *switch uses the current date as part of the DriverVer directive in the INF file.
The -v * switch uses the current time for the version number (the same as the PRIVATE_DRIVER_PACKAGE environment variable).
MyCatalogName.CAT is the produced catalog file name.

3.Sign the driver packagewith the same catalog name as in the stampinf statement in the makefile, by using tools provided in the WDK.

For information about signing adriver package, see "Resources" at the end of this paper.

Configuring WindowsVista to Rank Driver Signatures Equally

To configure the AllSignersEqualgroup policy on WindowsVistato rank driver signatures equally:

1.Run the Group Policy editor, GPEdit.MSC.

2.OpenComputer Configuration > Administrative Templates > System > Device Installation.

3.SelectTreat Drivers Signed by Microsoft the Same as Those Signed by Othersand click Properties.

4.On the Settings tab, select Enabled.

5.Open a command window, select Run As Administrator, and run the Group Policy update utility, GPUpdate.exe, to ensure that the settings are updatedon the target system.

This configuration change is made once and applies to all subsequent driver installations until AllSignersEqual is configured so that Microsoft signature types outrank third-party signature types.

Installing the Updated Version of the Driver Package

After WindowsVista is configured to rank driver signatures equally, the private build of the driver can be installed on the system:

1.Add the driver installation package to the driver store by using the pnputil.exe utility that is provided with WindowsVista. For example:

pnputil.exe –a <package INF file>

2.Use the DevCon Remove command to remove the device or device class that is served by the updated driver package and restart the target system.For example:

devcon/rremove"PCI\VEN_8086&DEV_7110"

The DevCon tool is provided in the WDK. The new driver is loaded when the device is reinstalled after the system is restarted.

To install the updated driver installation package interactively on the local system, use Device Manager or the DevCon Update command.

Resources

Windows Driver Kit (WDK)

See the Beta version of the WDK for updated information about the following topics:

How Setup Selects Drivers

Kernel-Mode Code Signing Walkthrough

DevCon