A signed catalog file (.cat) can be used as a digital signature for an arbitrary collection of files. A catalog file contains a collection of cryptographic hashes, or thumbprints. Each thumbprint corresponds to a file that is included in the collection.
一個簽名的目錄文件(.cat)可以當作任意文件集合的數字簽名。目錄文件包含一組加密哈希值或指紋。每一個指紋都對應於集合中所包含的文件。
Plug and Play (PnP) device installation recognizes the signed catalog file of a driver package as the digital signature for the driver package, where each thumbprint in the catalog file corresponds to a file that is installed by the driver package. Regardless of the intended operating system, cryptographic technology is used to digitally-sign the catalog file.
The CatalogFile directive in the INF Version section of the driver's INF file specifies the name of the catalog file for the driver package. During driver installation, the operating system uses the CatalogFile directive to identify and validate the catalog file. The system copies the catalog file to the%System%\CatRoot directory and the INF file to the %System%\Inf directory.
PnP device installation considers the digital signature of a driver package to be invalid if any file in the driver package is altered after the driver package was signed. Such files include the INF file, the catalog file, and all files that are copied by INF CopyFiles directives. For example, even a single-byte change to correct a misspelling invalidates the digital signature. If the digital signature is invalid, you must either resubmit the driver package to the
Windows Hardware Quality Labs (WHQL) for a new signature or generate a new Authenticode signature for the driver package.
如果任何在驅動程序包內的檔案在簽名以後有所變動,則PnP裝置安裝會認定這個驅動程序包的數位簽名無效。這些檔案包括INF文件,目錄文件以及INF CopyFiles指令複製的所有文件。例如,即使是單字節更改以糾正拼寫錯誤也會使數字簽名無效。 如果數字簽名無效,則必須將驅動程序包重新提交給Windows硬件質量實驗室(WHQL)以獲取新簽名或為驅動程序包生成新的驗證碼簽名。

如果任何在驅動程序包內的檔案在簽名以後有所變動,則PnP裝置安裝會認定這個驅動程序包的數位簽名無效。這些檔案包括INF文件,目錄文件以及INF CopyFiles指令複製的所有文件。例如,即使是單字節更改以糾正拼寫錯誤也會使數字簽名無效。 如果數字簽名無效,則必須將驅動程序包重新提交給Windows硬件質量實驗室(WHQL)以獲取新簽名或為驅動程序包生成新的驗證碼簽名。
Similarly, changes to a device's hardware or firmware require a revised device ID value so that the system can detect the updated device and install the correct driver. Because the revised device ID value must appear in the INF file, you must either resubmit the package to WHQL for a new signature or generate a new Authenticode signature for the driver package. You must do this even if the driver binaries do not change.
If the driver package installs the same binaries on all versions of Windows beginning with Windows 2000, the INF file can contain a single, undecorated CatalogFile directive. However, if the package installs different binaries for different versions of Windows, the INF file should contain decorated CatalogFile directives. For more information about the CatalogFile directive, see INF Version Section.
如果驅動程序包在從Windows 2000開始的所有版本的Windows上安裝相同的二進製文件,則INF文件可以包含一個未修飾的CatalogFile指令。 但是,如果程序包針對不同版本的Windows安裝不同的二進製文件,則INF文件應包含裝飾的CatalogFile指令。 有關CatalogFile指令的更多信息,請參閱INF版本部分。
如果驅動程序包在從Windows 2000開始的所有版本的Windows上安裝相同的二進製文件,則INF文件可以包含一個未修飾的CatalogFile指令。 但是,如果程序包針對不同版本的Windows安裝不同的二進製文件,則INF文件應包含裝飾的CatalogFile指令。 有關CatalogFile指令的更多信息,請參閱INF版本部分。
If you have more than one driver package, you should create a separate catalog file for each driver package and give each catalog file a unique file name. Two unrelated driver packages cannot share a single catalog file. However, a single driver package that serves multiple devices requires only one catalog file.
另外針對.cat files在INF內的配置原則也有說明如下:
- CatalogFile=filename.cat
- Specifies a catalog (.cat) file to be included on the distribution media of a device/driver. Catalog files are supplied by the Microsoft Windows Hardware Quality Lab (WHQL), after WHQL has tested and assigned digital signatures to driver files. (Contact WHQL for more information about the testing and signing of IHV and/or OEM driver packages.)
Catalog files are not listed in the SourceDisksFiles or CopyFiles sections of the INF. Setup assumes that the catalog file is in the same location as the INF file. - 指定要包含在設備/驅動程序的分發介質上的目錄(.cat)文件。 目錄文件由Microsoft Windows硬件質量實驗室(WHQL)提供,在WHQL已經測試並將數字簽名分配給驅動程序文件之後。 (有關IHV和/或OEM驅動程序包的測試和簽署的更多信息,請聯繫WHQL。)
目錄文件未列在INF的SourceDisksFiles或CopyFiles部分中。 安裝程序假定目錄文件與INF文件位於同一位置。 - System-supplied INF files never have CatalogFile= entries because the operating system validates the signature for such an INF against all system-supplied xxx.cat files.
- [CatalogFile.nt=unique-filename.cat] |
[CatalogFile.ntx86=unique-filename.cat] |
[CatalogFile.ntia64=unique-filename.cat] |
[CatalogFile.ntamd64=unique-filename.cat] - Specifies another INF-writer-determined, unique file name, with the .cat extension, of a catalog file that is specific to Windows 2000 or later.
If these optional entries are omitted from a dual-operating system INF file, a givenCatalogFile=filename.cat is used for validating WDM device/driver installations on all Windows 2000 and later and Windows 98/Me machines. If any decorated CatalogFile.xxx= entry exists in an INF'sVersion section together with an undecorated CatalogFile= entry, the undecorated entry is assumed to identify a filename.cat for validating device/driver installations only on Windows 98/Me machines.Note that any cross-platform and/or dual-operating system device/driver INF file that hasCatalogFile= and CatalogFile.xxx= entries must supply a unique IHV/OEM-determined name for each such .cat file.For information about how to use the system-defined .nt, .ntx86, .ntia64, and .ntamd64 extensions, see Creating INF Files for Multiple Platforms and Operating Systems.
沒有留言:
張貼留言