Certification if only INF files are changed

Hi all,

We have a driver that has been signed by MS. If a change is made only in
INF file but not in any source file, do we still need to run certification
tests again in HLK? We are running on win 10 1703 using HLK 1703.

Thank you,
*Warm regards,*
Parinitha Kashyap

xxxxx@gmail.com wrote:

We have a driver that has been signed by MS. If a change is made only
in INF file but not in any source file, do we still need to run
certification tests again in HLK? We are running on win 10 1703 using
HLK 1703.

The CAT file, which contains the signature, also contains a checksum of
the INF and every file mentioned in the INF.  If any of the checksums do
not match, then the CAT file is discarded, which means the package is
considered unsigned.

TL;DR, yes, you need to certify again.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

> > We have a driver that has been signed by MS. If a change is made only

> in INF file but not in any source file, do we still need to run
> certification tests again in HLK? We are running on win 10 1703 using
> HLK 1703.

The CAT file, which contains the signature, also contains a checksum of
the INF and every file mentioned in the INF.  If any of the checksums do
not match, then the CAT file is discarded, which means the package is
considered unsigned.

TL;DR, yes, you need to certify again.

100% agreed on it not being possible to change the .INF without
re-signing the entire driver package, since the hash of the .INF is
included in the .CAT, just like the hashes of the other files
referenced by the .INF.

What I don’t know the answer to is “do we need to run the
certification tests again if I only modify the .INF file”, which is a
pre-signing question.

i.e. If I have successfully tested and successfully signed a
particular set of binary files with a particular .INF file, is there
any method by which I can touch or modify just the .INF file and then
re-submit the package again (still with my existing “old” test
results) for signing.

It might be the exact same answer; I just don’t know.

Alan Adams
Client for Open Enterprise Server
Micro Focus
xxxxx@microfocus.com

Hi,

I tried to submit the previously signed driver by modifying only INF using
this link
https://docs.microsoft.com/en-us/windows-hardware/test/hlk/user/create-a-driver-only-update-package.
I got this error on sysdev ‘It looks like you submitted a derived package,
but an initial package is required.’ So may be running the entire set of
tests is required. Do let me know if there is any alternative.

Thank you,

*Warm regards,*
Parinitha Kashyap

On Tue, Jul 24, 2018 at 7:32 AM, Alan Adams <
xxxxx@lists.osr.com> wrote:

> > > We have a driver that has been signed by MS. If a change is made only
> > > in INF file but not in any source file, do we still need to run
> > > certification tests again in HLK? We are running on win 10 1703 using
> > > HLK 1703.
> >
> > The CAT file, which contains the signature, also contains a checksum of
> > the INF and every file mentioned in the INF. If any of the checksums do
> > not match, then the CAT file is discarded, which means the package is
> > considered unsigned.
> >
> > TL;DR, yes, you need to certify again.
>
> 100% agreed on it not being possible to change the .INF without
> re-signing the entire driver package, since the hash of the .INF is
> included in the .CAT, just like the hashes of the other files
> referenced by the .INF.
>
> What I don’t know the answer to is “do we need to run the
> certification tests again if I only modify the .INF file”, which is a
> pre-signing question.
>
> i.e. If I have successfully tested and successfully signed a
> particular set of binary files with a particular .INF file, is there
> any method by which I can touch or modify just the .INF file and then
> re-submit the package again (still with my existing “old” test
> results) for signing.
>
> It might be the exact same answer; I just don’t know.
>
> Alan Adams
> Client for Open Enterprise Server
> Micro Focus
> xxxxx@microfocus.com
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

Alan Adams wrote:
>
> What I don’t know the answer to is “do we need to run the
> certification tests again if I only modify the .INF file”, which is a
> pre-signing question.
>
> i.e. If I have successfully tested and successfully signed a
> particular set of binary files with a particular .INF file, is there
> any method by which I can touch or modify just the .INF file and then
> re-submit the package again (still with my existing “old” test
> results) for signing.

If the package YOU create has a CAT file, that CAT file would be
invalidated and I’m guessing they would reject it.

However, I don’t think you are required to submit the CAT file with your
package. If not, then the question becomes, does the hlkx submission
include a checksum of the INF?

I don’t know the answer to that. However, if you passed once, then
you’re going to pass again, right?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Yes, I did pass again and submitted successfully. Can we submit package
without CAT file? I am not sure about that.

*Warm regards,*
Parinitha Kashyap

On Tue, Jul 24, 2018 at 2:40 PM, xxxxx@probo.com wrote:

> Alan Adams wrote:
> >
> > What I don’t know the answer to is “do we need to run the
> > certification tests again if I only modify the .INF file”, which is a
> > pre-signing question.
> >
> > i.e. If I have successfully tested and successfully signed a
> > particular set of binary files with a particular .INF file, is there
> > any method by which I can touch or modify just the .INF file and then
> > re-submit the package again (still with my existing “old” test
> > results) for signing.
>
> If the package YOU create has a CAT file, that CAT file would be
> invalidated and I’m guessing they would reject it.
>
> However, I don’t think you are required to submit the CAT file with your
> package. If not, then the question becomes, does the hlkx submission
> include a checksum of the INF?
>
> I don’t know the answer to that. However, if you passed once, then
> you’re going to pass again, right?
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>