Procedure for Signing the Exar PCI Driver for x64 based Windows Vista System

 

  1. Setup Windows XP or Vista OS: (Windows 2000 won't work)
  2. Install the latest DDK (Preferably WDK 5744+)
  3. Create a folder, say, x64vista.
  4. Copy oemportamd64.inf, ser15xamd64.inf and ser15x.sys (built by “Windows Vista and Windows Server Longhorn x64 Free Build Environment” of WDK 5744) to the above folder.
  5. Launch "Windows Vista and Windows Server Longhorn x64 Free Build Environment" in 'Run As Administrator' mode (right click).
  6. Run "signability" from this folder. This will open signability GUI. In that, select "Vista 64-bit" and "Generate catalogs" (only 2 options) - select Go. This will generate vista64oem.cat and vista64ser.cat files as specified in the inf files.
  7. Follow step 2 of "Kernel Mode Code Signing Walkthrough (KMCS_Walkthrough.doc)" document's How to Release Sign a Kernel Module” to obtain an SPC from .pvk and .spc (If you are using Verisign Class 3 Certificate). Import the pfx file to the present system. Use certmgr.msc to verify that the certificate is in Personal section.
  8. Get the appropriate cross certificate and copy it into x64vista folder. (Ref[2]). As an example, we are using Verisign’s cross certificate (MSCV-VSClass3.cer) in the steps below.
  9. Run "signtool sign /v /ac MSCV-VSClass3.cer vista64ser.cat" (You have to be online to have timestamp option as defined in KMCS_Walkthrough.doc).
  10. Run "signtool sign /v /ac MSCV-VSClass3.cer vista64oem.cat".
  11. Verify the signing by running "signtool verify /kp /v /c vista64oem.cat ser15x.sys". You should have 4 chains starting from Microsoft Code Verification Root to "XXX" (XXX is the company name which has bought the Class 3 Digital ID). For example, refer to Figure 28 of KMCS_Walkthrough.doc
  12. To install the driver for Exar PCI board, the required files are oemportamd64.inf, ser15xamd64.inf, vista64oem.cat, vista64ser.cat and ser15x.sys.

 

Note:

1.      Although .inf files have amd64 decorations, this is for x64 based AMD64 and Intel Extended Memory 64 Technology systems.(Ref[5])

2.       You may have to delete the certificate from the signing system using certmgr.msc so that the certificate won't be used for illegal signing.

References:

1.      Driver Signing Requirements for Windows – Main Page -http://www.microsoft.com/whdc/winlogo/drvsign/drvsign.mspx

2.      MSCV-VSClass3.cer is the cross certificate from Microsft for Verisign. Details of downloading Microsoft Cross-certificates for Windows Vista Kernel Mode Code Signing is available at http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx

3.      Microsoft Authentication Digital ID from Verisign (for step 7) can be bought at http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html

4.      KMCS_Walkthrough.doc is available for download at http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx

5.      INF Requirements for 64-bit Systems - http://www.microsoft.com/whdc/driver/install/64INF_reqs.mspx