From 9f3d82aa5d6d3e4e6bff8b056c2e027f0b3c4986 Mon Sep 17 00:00:00 2001 From: zhangjianming Date: Wed, 17 Dec 2025 15:38:02 +0800 Subject: [PATCH] Add NDIS Driver Fix tool to resolve unsigned driver issue in HLK2022 - Added PowerShell script for fixing NDIS driver signatures - Included configuration file for driver management - Added .gitignore for the tool directory Resolves issue where NDIS drivers lack proper signatures in HLK2022 testing environment. Signed-off-by: Zhang JianMing --- NDIS_Driver_Fix/.gitignore | 4 + NDIS_Driver_Fix/config.json | 14 +++ NDIS_Driver_Fix/fix-ndis-drivers.ps1 | 180 +++++++++++++++++++++++++++ 3 files changed, 198 insertions(+) create mode 100644 NDIS_Driver_Fix/.gitignore create mode 100644 NDIS_Driver_Fix/config.json create mode 100644 NDIS_Driver_Fix/fix-ndis-drivers.ps1 diff --git a/NDIS_Driver_Fix/.gitignore b/NDIS_Driver_Fix/.gitignore new file mode 100644 index 0000000..92345c1 --- /dev/null +++ b/NDIS_Driver_Fix/.gitignore @@ -0,0 +1,4 @@ +* +!.gitignore +!fix-ndis-drivers.ps1 +!config.json \ No newline at end of file diff --git a/NDIS_Driver_Fix/config.json b/NDIS_Driver_Fix/config.json new file mode 100644 index 0000000..8974603 --- /dev/null +++ b/NDIS_Driver_Fix/config.json @@ -0,0 +1,14 @@ +{ + "info": "Fix unsigned NDIS drivers in HLK by copying signed drivers from backup folders", + "based_on_issue": "https://github.com/HCK-CI/AutoHCK/issues/819", + "download_url": "", + "file_name": "fix-ndis-drivers.ps1", + "install_cmd": "powershell", + "install_args": "-ExecutionPolicy Bypass -File @sw_path@\\fix-ndis-drivers.ps1", + "install_dest": "studio", + "install_time": { + "kit": "after", + "driver": "before" + } +} + diff --git a/NDIS_Driver_Fix/fix-ndis-drivers.ps1 b/NDIS_Driver_Fix/fix-ndis-drivers.ps1 new file mode 100644 index 0000000..c4c6124 --- /dev/null +++ b/NDIS_Driver_Fix/fix-ndis-drivers.ps1 @@ -0,0 +1,180 @@ +# NDIS Driver Fix Script +# This script fixes unsigned NDIS drivers issue in HLK/WLK by copying signed drivers from ntndis* source folders +# Reference: https://github.com/HCK-CI/AutoHCK/issues/819 +# +# Problem: After HLK installation, drivers in NDISTest65\bin\protocol are unsigned +# Solution: Copy signed versions from NDISTest\bin\ntndis*\ folders + +$ErrorActionPreference = 'Stop' + +Write-Output "==========================================" +Write-Output "NDIS Driver Fix Script" +Write-Output "==========================================" +Write-Output "" + +# Base path for HLK installation +$hlkBasePath = "C:\Program Files (x86)\Windows Kits\10\Hardware Lab Kit\Tests\amd64\NetHlk" + +# Function to check if a driver file is signed +function Test-DriverSigned { + param ( + [string]$FilePath + ) + + if (-not (Test-Path $FilePath)) { + return $false + } + + try { + $signature = Get-AuthenticodeSignature -FilePath $FilePath + return ($signature.Status -eq 'Valid') + } + catch { + return $false + } +} + +# Function to find and copy signed driver from ntndis* folders +function Copy-SignedDriver { + param ( + [string]$DriverName, + [string]$DestinationPath, + [array]$SourceFolders + ) + + foreach ($folder in $SourceFolders) { + $sourceDriverPath = Join-Path $folder.FullName $DriverName + + if (Test-Path $sourceDriverPath) { + # Check if source driver is signed + $isSourceSigned = Test-DriverSigned -FilePath $sourceDriverPath + + if ($isSourceSigned) { + Write-Output " [COPY] $DriverName from $($folder.Name)" + Copy-Item -Path $sourceDriverPath -Destination $DestinationPath -Force -Verbose + return $true + } + } + } + + return $false +} + +# Fix NDIS Test 6.5 drivers +Write-Output "Checking NDIS Test 6.5 drivers..." +$ndisTest65Path = Join-Path $hlkBasePath "NDISTest65\bin\protocol" +$ndisTestBinPath = Join-Path $hlkBasePath "NDISTest\bin" + +if (Test-Path $ndisTest65Path) { + Write-Output "Found NDISTest65 path: $ndisTest65Path" + + # Check if drivers in protocol folder are signed + $protocolDrivers = Get-ChildItem -Path $ndisTest65Path -Filter "*.sys" -ErrorAction SilentlyContinue + $unsignedCount = 0 + $unsignedDrivers = @() + + foreach ($driver in $protocolDrivers) { + $isSigned = Test-DriverSigned -FilePath $driver.FullName + if (-not $isSigned) { + Write-Output " [UNSIGNED] $($driver.Name)" + $unsignedCount++ + $unsignedDrivers += $driver + } + else { + Write-Output " [SIGNED] $($driver.Name)" + } + } + + if ($unsignedCount -gt 0) { + Write-Output "" + Write-Output "Found $unsignedCount unsigned driver(s), attempting to fix..." + Write-Output "Looking for signed drivers in: $ndisTestBinPath" + + # Get all ntndis* subdirectories as source + $ntndisfolders = Get-ChildItem -Path $ndisTestBinPath -Directory -Filter "ntndis*" -ErrorAction SilentlyContinue + + if ($ntndisfolders.Count -eq 0) { + Write-Output " [ERROR] No ntndis* folders found in $ndisTestBinPath" + } + else { + Write-Output " Found $($ntndisfolders.Count) ntndis* source folders" + + $fixedCount = 0 + foreach ($unsignedDriver in $unsignedDrivers) { + $driverFixed = Copy-SignedDriver -DriverName $unsignedDriver.Name -DestinationPath $unsignedDriver.FullName -SourceFolders $ntndisfolders + + if ($driverFixed) { + $fixedCount++ + } + else { + Write-Output " [WARNING] Could not find signed version of $($unsignedDriver.Name)" + } + } + + Write-Output "" + Write-Output "Fixed $fixedCount out of $unsignedCount unsigned driver(s)" + } + } + else { + Write-Output "All drivers are properly signed!" + } +} +else { + Write-Output "NDISTest65 path not found: $ndisTest65Path" +} + +Write-Output "" +Write-Output "==========================================" + +# Check NDIS Test drivers (source folders with signed drivers) +Write-Output "Checking NDIS Test source drivers (ntndis* folders)..." +$ndisTestPath = Join-Path $hlkBasePath "NDISTest\bin" + +if (Test-Path $ndisTestPath) { + Write-Output "Found NDISTest path: $ndisTestPath" + + # Get all ntndis* subdirectories + $ndisFolders = Get-ChildItem -Path $ndisTestPath -Directory -Filter "ntndis*" -ErrorAction SilentlyContinue + + if ($ndisFolders.Count -eq 0) { + Write-Output "No ntndis* folders found" + } + else { + Write-Output "Found $($ndisFolders.Count) NDIS version folder(s) (these should contain signed drivers)" + + foreach ($folder in $ndisFolders) { + Write-Output "" + Write-Output "Checking: $($folder.Name)" + + $driverFiles = Get-ChildItem -Path $folder.FullName -Filter "*.sys" -ErrorAction SilentlyContinue + + if ($driverFiles.Count -eq 0) { + Write-Output " No driver files found" + continue + } + + foreach ($driver in $driverFiles) { + $isSigned = Test-DriverSigned -FilePath $driver.FullName + if ($isSigned) { + Write-Output " [SIGNED] $($driver.Name) " + } + else { + Write-Output " [UNSIGNED] $($driver.Name) (unexpected!)" + } + } + } + } +} +else { + Write-Output "NDISTest path not found: $ndisTestPath" +} + +Write-Output "" +Write-Output "==========================================" +Write-Output "NDIS Driver Fix Script Completed" +Write-Output "==========================================" +Write-Output "" + +# Wait a few seconds to ensure output is visible +Start-Sleep -Seconds 5 +