def PackageWindowsCapsuleFiles(OutputFolder, ProductName, ProductFmpGuid, CapsuleVersion_DotString, CapsuleVersion_HexString, ProductFwProvider, ProductFwMfgName, ProductFwDesc, CapsuleFileName, PfxFile=None, PfxPass=None, Rollback=False, Arch='amd64', OperatingSystem_String='Win10'): logging.debug("CapsulePackage: Create Windows Capsule Files") #Make INF InfFilePath = os.path.join(OutputFolder, ProductName + ".inf") InfTool = InfGenerator(ProductName, ProductFwProvider, ProductFmpGuid, Arch, ProductFwDesc, CapsuleVersion_DotString, CapsuleVersion_HexString) InfTool.Manufacturer = ProductFwMfgName #optional ret = InfTool.MakeInf(InfFilePath, CapsuleFileName, Rollback) if(ret != 0): raise Exception("CreateWindowsInf Failed with errorcode %d" % ret) #Make CAT CatFilePath = os.path.realpath(os.path.join(OutputFolder, ProductName + ".cat")) CatTool = CatGenerator(Arch, OperatingSystem_String) ret = CatTool.MakeCat(CatFilePath) if(ret != 0): raise Exception("Creating Cat file Failed with errorcode %d" % ret) if(PfxFile is not None): #Find Signtool SignToolPath = FindToolInWinSdk("signtool.exe") if not os.path.exists(SignToolPath): raise Exception("Can't find signtool on this machine.") #dev sign the cat file ret = CatalogSignWithSignTool(SignToolPath, CatFilePath, PfxFile, PfxPass) if(ret != 0): raise Exception("Signing Cat file Failed with errorcode %d" % ret) return ret
def MakeCat(self, OutputCatFile, PathToInf2CatTool=None): # Find Inf2Cat tool if (PathToInf2CatTool is None): PathToInf2CatTool = FindToolInWinSdk("Inf2Cat.exe") # check if exists if not os.path.exists(PathToInf2CatTool): raise Exception( "Can't find Inf2Cat on this machine. Please install the Windows 10 WDK - " "https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit" ) # Adjust for spaces in the path (when calling the command). if " " in PathToInf2CatTool: PathToInf2CatTool = '"' + PathToInf2CatTool + '"' OutputFolder = os.path.dirname(OutputCatFile) # Make Cat file cmd = "/driver:. /os:" + self.OperatingSystem + "_" + self.Arch + " /verbose" ret = RunCmd(PathToInf2CatTool, cmd, workingdir=OutputFolder) if (ret != 0): raise Exception("Creating Cat file Failed with errorcode %d" % ret) if (not os.path.isfile(OutputCatFile)): raise Exception("CAT file (%s) not created" % OutputCatFile) return 0
def PackageFmpImageAuth(InputBin, OutputBin, DevPfxFilePath = None, DevPfxPassword = None, DetachedSignatureFile = None, Eku = None): logging.debug("CapsulePackage: Fmp Image Auth Header/Signing") #temp output dir is in the outputbin folder ret = 0 TempOutDir = os.path.join(os.path.dirname(os.path.abspath(OutputBin)), "_Temp_FmpImageAuth_" + str(datetime.datetime.now().time()).replace(":", "_")) logging.debug("Temp Output dir for FmpImageAuth: %s" % TempOutDir) os.mkdir(TempOutDir) cmd = "GenFmpImageAuth.py" params = "-o " + OutputBin params = params + " -p " + InputBin + " -m 1" params = params + " --debug" params = params + " -l " + os.path.join(TempOutDir, "GenFmpImageAuth_Log.log") if(DevPfxFilePath is not None): logging.debug("FmpImageAuth is dev signed. Do entire process in 1 step locally.") #Find Signtool SignToolPath = FindToolInWinSdk("signtool.exe") if not os.path.exists(SignToolPath): raise Exception("Can't find signtool on this machine.") params = params + " --SignTool \"" + SignToolPath + "\"" params = params + " --pfxfile " + DevPfxFilePath if( DevPfxPassword is not None): params += " --pfxpass " + DevPfxPassword if (Eku is not None): params += " --eku " + Eku ret = RunPythonScript(cmd, params, workingdir=TempOutDir) #delete the temp dir shutil.rmtree(TempOutDir, ignore_errors=True) else: #production logging.debug("FmpImageAuth is Production signed") if(DetachedSignatureFile is None): logging.debug("FmpImageAuth Step1: Make ToBeSigned file for production") params = params + " --production" ret = RunPythonScript(cmd, params, workingdir=TempOutDir) if(ret != 0): raise Exception("GenFmpImageAuth Failed production signing: step 1. Errorcode %d" % ret) #now we have a file to sign at TBS = os.path.join(os.path.dirname(OutputBin), "payload.Temp.ToBeSigned") if(not os.path.exists(TBS)): raise Exception("GenFmpImageAuth didn't create ToBeSigned file") os.rename(TBS, OutputBin) else: logging.debug("FmpImageAuth Step3: Final Packaging of production signed") params = params + " --production -s " + DetachedSignatureFile ret = RunPythonScript(cmd, params, workingdir=TempOutDir) #delete the temp dir shutil.rmtree(TempOutDir, ignore_errors=True) if(ret != 0): raise Exception("GenFmpImageAuth Failed with errorcode %d" % ret) return ret
def get_certmgr_path(self): global CertMgrPath if CertMgrPath == None: CertMgrPath = FindToolInWinSdk ("certmgr.exe") # check if exists if CertMgrPath is None or not os.path.exists(CertMgrPath): raise Exception("Can't find certmgr.exe on this machine. Please install the Windows 10 WDK - " "https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit") return CertMgrPath
def get_signtool_path(self): global SignToolPath if SignToolPath == None: SignToolPath = FindToolInWinSdk ("signtool.exe") # check if exists if SignToolPath is None or not os.path.exists(SignToolPath): raise Exception("Can't find signtool.exe on this machine. Please install the Windows 10 WDK - " "https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit") return SignToolPath