2018年5月16日 星期三

Catalog Files

A signed catalog file (.cat) can be used as a digital signature for an arbitrary collection of files. A catalog file contains a collection of cryptographic hashes, or thumbprints. Each thumbprint corresponds to a file that is included in the collection.
一個簽名的目錄文件(.cat)可以當作任意文件集合的數字簽名。目錄文件包含一組加密哈希值或指紋。每一個指紋都對應於集合中所包含的文件。
Plug and Play (PnP) device installation recognizes the signed catalog file of a driver package as the digital signature for the driver package, where each thumbprint in the catalog file corresponds to a file that is installed by the driver package. Regardless of the intended operating system, cryptographic technology is used to digitally-sign the catalog file.

隨插即用(PnP)設備安裝將驅動程序包的簽名目錄文件識別為驅動程序包的數位簽章,其中目錄文件中的每個指紋都對應於驅動程序包安裝的文件。 無論預期的操作系統如何,都使用加密技術對目錄文件進行數字簽名。
The CatalogFile directive in the INF Version section of the driver's INF file specifies the name of the catalog file for the driver package. During driver installation, the operating system uses the CatalogFile directive to identify and validate the catalog file. The system copies the catalog file to the%System%\CatRoot directory and the INF file to the %System%\Inf directory.

驅動程序INF文件的INF版本部分中的CatalogFile指令指定驅動程序包的目錄文件的名稱。 在驅動程序安裝期間,操作系統使用CatalogFile指令來識別和驗證目錄文件。 系統將目錄文件複製到%System%\ CatRoot目錄,並將INF文件複製到%System%\ Inf目錄。
PnP device installation considers the digital signature of a driver package to be invalid if any file in the driver package is altered after the driver package was signed. Such files include the INF file, the catalog file, and all files that are copied by INF CopyFiles directives. For example, even a single-byte change to correct a misspelling invalidates the digital signature. If the digital signature is invalid, you must either resubmit the driver package to the  Windows Hardware Quality Labs (WHQL) for a new signature or generate a new Authenticode signature for the driver package.

如果任何在驅動程序包內的檔案在簽名以後有所變動,則PnP裝置安裝會認定這個驅動程序包的數位簽名無效。這些檔案包括INF文件,目錄文件以及INF CopyFiles指令複製的所有文件。例如,即使是單字節更改以糾正拼寫錯誤也會使數字簽名無效。 如果數字簽名無效,則必須將驅動程序包重新提交給Windows硬件質量實驗室(WHQL)以獲取新簽名或為驅動程序包生成新的驗證碼簽名。

Similarly, changes to a device's hardware or firmware require a revised device ID value so that the system can detect the updated device and install the correct driver. Because the revised device ID value must appear in the INF file, you must either resubmit the package to WHQL for a new signature or generate a new Authenticode signature for the driver package. You must do this even if the driver binaries do not change.

同樣,對設備硬件或固件的更改需要修改設備ID值,以便系統可以檢測更新的設備並安裝正確的驅動程序。 由於修改後的設備ID值必須出現在INF文件中,因此您必須重新提交包到WHQL以獲取新簽名或為驅動程序包生成新的Authenticode簽名。 即使驅動程序二進製文件沒有更改,您也必須這樣做。
If the driver package installs the same binaries on all versions of Windows beginning with Windows 2000, the INF file can contain a single, undecorated CatalogFile directive. However, if the package installs different binaries for different versions of Windows, the INF file should contain decorated CatalogFile directives. For more information about the CatalogFile directive, see INF Version Section.

如果驅動程序包在從Windows 2000開始的所有版本的Windows上安裝相同的二進製文件,則INF文件可以包含一個未修飾的CatalogFile指令。 但是,如果程序包針對不同版本的Windows安裝不同的二進製文件,則INF文件應包含裝飾的CatalogFile指令。 有關CatalogFile指令的更多信息,請參閱INF版本部分。
If you have more than one driver package, you should create a separate catalog file for each driver package and give each catalog file a unique file name. Two unrelated driver packages cannot share a single catalog file. However, a single driver package that serves multiple devices requires only one catalog file.

如果您有多個驅動程序包,則應為每個驅動程序包創建一個單獨的目錄文件,並為每個目錄文件指定一個唯一的文件名。 兩個不相關的驅動程序包不能共享單個目錄文件。 但是,為多個設備提供服務的單個驅動程序包只需要一個目錄文件。
另外針對.cat files在INF內的配置原則也有說明如下:
CatalogFile=filename.cat

Specifies a catalog (.cat) file to be included on the distribution media of a device/driver. Catalog files are supplied by the Microsoft Windows Hardware Quality Lab (WHQL), after WHQL has tested and assigned digital signatures to driver files. (Contact WHQL for more information about the testing and signing of IHV and/or OEM driver packages.)
Catalog files are not listed in the SourceDisksFiles or CopyFiles sections of the INF. Setup assumes that the catalog file is in the same location as the INF file.
指定要包含在設備/驅動程序的分發介質上的目錄(.cat)文件。 目錄文件由Microsoft Windows硬件質量實驗室(WHQL)提供,在WHQL已經測試並將數字簽名分配給驅動程序文件之後。 (有關IHV和/或OEM驅動程序包的測試和簽署的更多信息,請聯繫WHQL。)

目錄文件未列在INF的SourceDisksFiles或CopyFiles部分中。 安裝程序假定目錄文件與INF文件位於同一位置。

System-supplied INF files never have CatalogFile= entries because the operating system validates the signature for such an INF against all system-supplied xxx.cat files.
[CatalogFile.nt=unique-filename.cat] |
[CatalogFile.ntx86=unique-filename.cat] |
[CatalogFile.ntia64=unique-filename.cat] |
[CatalogFile.ntamd64=unique-filename.cat]
Specifies another INF-writer-determined, unique file name, with the .cat extension, of a catalog file that is specific to Windows 2000 or later.
If these optional entries are omitted from a dual-operating system INF file, a givenCatalogFile=filename.cat is used for validating WDM device/driver installations on all Windows 2000 and later and Windows 98/Me machines. If any decorated CatalogFile.xxx= entry exists in an INF'sVersion section together with an undecorated CatalogFile= entry, the undecorated entry is assumed to identify a filename.cat for validating device/driver installations only on Windows 98/Me machines.
Note that any cross-platform and/or dual-operating system device/driver INF file that hasCatalogFile= and CatalogFile.xxx= entries must supply a unique IHV/OEM-determined name for each such .cat file.
For information about how to use the system-defined .nt.ntx86.ntia64, and .ntamd64 extensions, see Creating INF Files for Multiple Platforms and Operating Systems.

沒有留言:

張貼留言