def PackageWindowsCapsuleFiles(OutputFolder, ProductName, ProductFmpGuid, CapsuleVersion_DotString,
CapsuleVersion_HexString, ProductFwProvider, ProductFwMfgName, ProductFwDesc, CapsuleFileName, PfxFile=None, PfxPass=None,
Rollback=False, Arch='amd64', OperatingSystem_String='Win10'):
logging.debug("CapsulePackage: Create Windows Capsule Files")
#Make INF
InfFilePath = os.path.join(OutputFolder, ProductName + ".inf")
InfTool = InfGenerator(ProductName, ProductFwProvider, ProductFmpGuid, Arch, ProductFwDesc, CapsuleVersion_DotString, CapsuleVersion_HexString)
InfTool.Manufacturer = ProductFwMfgName #optional
ret = InfTool.MakeInf(InfFilePath, CapsuleFileName, Rollback)
if(ret != 0):
raise Exception("CreateWindowsInf Failed with errorcode %d" % ret)
#Make CAT
CatFilePath = os.path.realpath(os.path.join(OutputFolder, ProductName + ".cat"))
CatTool = CatGenerator(Arch, OperatingSystem_String)
ret = CatTool.MakeCat(CatFilePath)
if(ret != 0):
raise Exception("Creating Cat file Failed with errorcode %d" % ret)
if(PfxFile is not None):
#Find Signtool
SignToolPath = FindToolInWinSdk("signtool.exe")
if not os.path.exists(SignToolPath):
raise Exception("Can't find signtool on this machine.")
#dev sign the cat file
ret = CatalogSignWithSignTool(SignToolPath, CatFilePath, PfxFile, PfxPass)
if(ret != 0):
raise Exception("Signing Cat file Failed with errorcode %d" % ret)
return ret
def MakeCat(self, OutputCatFile, PathToInf2CatTool=None):
# Find Inf2Cat tool
if (PathToInf2CatTool is None):
PathToInf2CatTool = FindToolInWinSdk("Inf2Cat.exe")
# check if exists
if not os.path.exists(PathToInf2CatTool):
raise Exception(
"Can't find Inf2Cat on this machine. Please install the Windows 10 WDK - "
"https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit"
)
# Adjust for spaces in the path (when calling the command).
if " " in PathToInf2CatTool:
PathToInf2CatTool = '"' + PathToInf2CatTool + '"'
OutputFolder = os.path.dirname(OutputCatFile)
# Make Cat file
cmd = "/driver:. /os:" + self.OperatingSystem + "_" + self.Arch + " /verbose"
ret = RunCmd(PathToInf2CatTool, cmd, workingdir=OutputFolder)
if (ret != 0):
raise Exception("Creating Cat file Failed with errorcode %d" % ret)
if (not os.path.isfile(OutputCatFile)):
raise Exception("CAT file (%s) not created" % OutputCatFile)
return 0
def PackageFmpImageAuth(InputBin, OutputBin, DevPfxFilePath = None, DevPfxPassword = None, DetachedSignatureFile = None, Eku = None):
logging.debug("CapsulePackage: Fmp Image Auth Header/Signing")
#temp output dir is in the outputbin folder
ret = 0
TempOutDir = os.path.join(os.path.dirname(os.path.abspath(OutputBin)), "_Temp_FmpImageAuth_" + str(datetime.datetime.now().time()).replace(":", "_"))
logging.debug("Temp Output dir for FmpImageAuth: %s" % TempOutDir)
os.mkdir(TempOutDir)
cmd = "GenFmpImageAuth.py"
params = "-o " + OutputBin
params = params + " -p " + InputBin + " -m 1"
params = params + " --debug"
params = params + " -l " + os.path.join(TempOutDir, "GenFmpImageAuth_Log.log")
if(DevPfxFilePath is not None):
logging.debug("FmpImageAuth is dev signed. Do entire process in 1 step locally.")
#Find Signtool
SignToolPath = FindToolInWinSdk("signtool.exe")
if not os.path.exists(SignToolPath):
raise Exception("Can't find signtool on this machine.")
params = params + " --SignTool \"" + SignToolPath + "\""
params = params + " --pfxfile " + DevPfxFilePath
if( DevPfxPassword is not None):
params += " --pfxpass " + DevPfxPassword
if (Eku is not None):
params += " --eku " + Eku
ret = RunPythonScript(cmd, params, workingdir=TempOutDir)
#delete the temp dir
shutil.rmtree(TempOutDir, ignore_errors=True)
else:
#production
logging.debug("FmpImageAuth is Production signed")
if(DetachedSignatureFile is None):
logging.debug("FmpImageAuth Step1: Make ToBeSigned file for production")
params = params + " --production"
ret = RunPythonScript(cmd, params, workingdir=TempOutDir)
if(ret != 0):
raise Exception("GenFmpImageAuth Failed production signing: step 1. Errorcode %d" % ret)
#now we have a file to sign at
TBS = os.path.join(os.path.dirname(OutputBin), "payload.Temp.ToBeSigned")
if(not os.path.exists(TBS)):
raise Exception("GenFmpImageAuth didn't create ToBeSigned file")
os.rename(TBS, OutputBin)
else:
logging.debug("FmpImageAuth Step3: Final Packaging of production signed")
params = params + " --production -s " + DetachedSignatureFile
ret = RunPythonScript(cmd, params, workingdir=TempOutDir)
#delete the temp dir
shutil.rmtree(TempOutDir, ignore_errors=True)
if(ret != 0):
raise Exception("GenFmpImageAuth Failed with errorcode %d" % ret)
return ret
def get_certmgr_path(self):
global CertMgrPath
if CertMgrPath == None:
CertMgrPath = FindToolInWinSdk ("certmgr.exe")
# check if exists
if CertMgrPath is None or not os.path.exists(CertMgrPath):
raise Exception("Can't find certmgr.exe on this machine. Please install the Windows 10 WDK - "
"https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit")
return CertMgrPath
def get_signtool_path(self):
global SignToolPath
if SignToolPath == None:
SignToolPath = FindToolInWinSdk ("signtool.exe")
# check if exists
if SignToolPath is None or not os.path.exists(SignToolPath):
raise Exception("Can't find signtool.exe on this machine. Please install the Windows 10 WDK - "
"https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit")
return SignToolPath