Add NDIS Driver Fix tool to resolve unsigned driver issue in HLK2022 #21
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| * | ||
| !.gitignore | ||
| !fix-ndis-drivers.ps1 | ||
| !config.json |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| { | ||
| "info": "Fix unsigned NDIS drivers in HLK by copying signed drivers from backup folders", | ||
| "based_on_issue": "https://github.com/HCK-CI/AutoHCK/issues/819", | ||
| "download_url": "", | ||
| "file_name": "fix-ndis-drivers.ps1", | ||
| "install_cmd": "powershell", | ||
| "install_args": "-ExecutionPolicy Bypass -File @sw_path@\\fix-ndis-drivers.ps1", | ||
| "install_dest": "studio", | ||
| "install_time": { | ||
| "kit": "after", | ||
| "driver": "before" | ||
| } | ||
| } | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,180 @@ | ||
| # NDIS Driver Fix Script | ||
| # This script fixes unsigned NDIS drivers issue in HLK/WLK by copying signed drivers from ntndis* source folders | ||
| # Reference: https://github.com/HCK-CI/AutoHCK/issues/819 | ||
| # | ||
| # Problem: After HLK installation, drivers in NDISTest65\bin\protocol are unsigned | ||
| # Solution: Copy signed versions from NDISTest\bin\ntndis*\ folders | ||
|
|
||
| $ErrorActionPreference = 'Stop' | ||
|
|
||
| Write-Output "==========================================" | ||
| Write-Output "NDIS Driver Fix Script" | ||
| Write-Output "==========================================" | ||
| Write-Output "" | ||
|
|
||
| # Base path for HLK installation | ||
| $hlkBasePath = "C:\Program Files (x86)\Windows Kits\10\Hardware Lab Kit\Tests\amd64\NetHlk" | ||
|
|
||
| # Function to check if a driver file is signed | ||
| function Test-DriverSigned { | ||
| param ( | ||
| [string]$FilePath | ||
| ) | ||
|
|
||
| if (-not (Test-Path $FilePath)) { | ||
| return $false | ||
| } | ||
|
|
||
| try { | ||
| $signature = Get-AuthenticodeSignature -FilePath $FilePath | ||
| return ($signature.Status -eq 'Valid') | ||
| } | ||
| catch { | ||
| return $false | ||
| } | ||
| } | ||
|
|
||
| # Function to find and copy signed driver from ntndis* folders | ||
| function Copy-SignedDriver { | ||
| param ( | ||
| [string]$DriverName, | ||
| [string]$DestinationPath, | ||
| [array]$SourceFolders | ||
| ) | ||
|
|
||
| foreach ($folder in $SourceFolders) { | ||
| $sourceDriverPath = Join-Path $folder.FullName $DriverName | ||
|
|
||
| if (Test-Path $sourceDriverPath) { | ||
| # Check if source driver is signed | ||
| $isSourceSigned = Test-DriverSigned -FilePath $sourceDriverPath | ||
|
|
||
| if ($isSourceSigned) { | ||
| Write-Output " [COPY] $DriverName from $($folder.Name)" | ||
| Copy-Item -Path $sourceDriverPath -Destination $DestinationPath -Force -Verbose | ||
| return $true | ||
| } | ||
| } | ||
| } | ||
|
|
||
| return $false | ||
| } | ||
|
|
||
| # Fix NDIS Test 6.5 drivers | ||
| Write-Output "Checking NDIS Test 6.5 drivers..." | ||
| $ndisTest65Path = Join-Path $hlkBasePath "NDISTest65\bin\protocol" | ||
| $ndisTestBinPath = Join-Path $hlkBasePath "NDISTest\bin" | ||
|
|
||
| if (Test-Path $ndisTest65Path) { | ||
| Write-Output "Found NDISTest65 path: $ndisTest65Path" | ||
|
|
||
| # Check if drivers in protocol folder are signed | ||
| $protocolDrivers = Get-ChildItem -Path $ndisTest65Path -Filter "*.sys" -ErrorAction SilentlyContinue | ||
| $unsignedCount = 0 | ||
| $unsignedDrivers = @() | ||
|
|
||
| foreach ($driver in $protocolDrivers) { | ||
| $isSigned = Test-DriverSigned -FilePath $driver.FullName | ||
| if (-not $isSigned) { | ||
| Write-Output " [UNSIGNED] $($driver.Name)" | ||
| $unsignedCount++ | ||
| $unsignedDrivers += $driver | ||
| } | ||
| else { | ||
| Write-Output " [SIGNED] $($driver.Name)" | ||
| } | ||
| } | ||
|
Comment on lines
+73
to
+86
There was a problem hiding this comment. Appending elements to an array using |
||
|
|
||
| if ($unsignedCount -gt 0) { | ||
| Write-Output "" | ||
| Write-Output "Found $unsignedCount unsigned driver(s), attempting to fix..." | ||
| Write-Output "Looking for signed drivers in: $ndisTestBinPath" | ||
|
|
||
| # Get all ntndis* subdirectories as source | ||
| $ntndisfolders = Get-ChildItem -Path $ndisTestBinPath -Directory -Filter "ntndis*" -ErrorAction SilentlyContinue | ||
|
|
||
| if ($ntndisfolders.Count -eq 0) { | ||
| Write-Output " [ERROR] No ntndis* folders found in $ndisTestBinPath" | ||
| } | ||
| else { | ||
| Write-Output " Found $($ntndisfolders.Count) ntndis* source folders" | ||
|
|
||
| $fixedCount = 0 | ||
| foreach ($unsignedDriver in $unsignedDrivers) { | ||
| $driverFixed = Copy-SignedDriver -DriverName $unsignedDriver.Name -DestinationPath $unsignedDriver.FullName -SourceFolders $ntndisfolders | ||
|
|
||
| if ($driverFixed) { | ||
| $fixedCount++ | ||
| } | ||
| else { | ||
| Write-Output " [WARNING] Could not find signed version of $($unsignedDriver.Name)" | ||
| } | ||
| } | ||
|
|
||
| Write-Output "" | ||
| Write-Output "Fixed $fixedCount out of $unsignedCount unsigned driver(s)" | ||
| } | ||
| } | ||
| else { | ||
| Write-Output "All drivers are properly signed!" | ||
| } | ||
| } | ||
| else { | ||
| Write-Output "NDISTest65 path not found: $ndisTest65Path" | ||
| } | ||
|
|
||
| Write-Output "" | ||
| Write-Output "==========================================" | ||
|
|
||
| # Check NDIS Test drivers (source folders with signed drivers) | ||
| Write-Output "Checking NDIS Test source drivers (ntndis* folders)..." | ||
| $ndisTestPath = Join-Path $hlkBasePath "NDISTest\bin" | ||
|
|
||
| if (Test-Path $ndisTestPath) { | ||
| Write-Output "Found NDISTest path: $ndisTestPath" | ||
|
|
||
| # Get all ntndis* subdirectories | ||
| $ndisFolders = Get-ChildItem -Path $ndisTestPath -Directory -Filter "ntndis*" -ErrorAction SilentlyContinue | ||
|
|
||
| if ($ndisFolders.Count -eq 0) { | ||
| Write-Output "No ntndis* folders found" | ||
| } | ||
| else { | ||
| Write-Output "Found $($ndisFolders.Count) NDIS version folder(s) (these should contain signed drivers)" | ||
|
|
||
| foreach ($folder in $ndisFolders) { | ||
| Write-Output "" | ||
| Write-Output "Checking: $($folder.Name)" | ||
|
|
||
| $driverFiles = Get-ChildItem -Path $folder.FullName -Filter "*.sys" -ErrorAction SilentlyContinue | ||
|
|
||
| if ($driverFiles.Count -eq 0) { | ||
| Write-Output " No driver files found" | ||
| continue | ||
| } | ||
|
|
||
| foreach ($driver in $driverFiles) { | ||
| $isSigned = Test-DriverSigned -FilePath $driver.FullName | ||
| if ($isSigned) { | ||
| Write-Output " [SIGNED] $($driver.Name) " | ||
| } | ||
| else { | ||
| Write-Output " [UNSIGNED] $($driver.Name) (unexpected!)" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| else { | ||
| Write-Output "NDISTest path not found: $ndisTestPath" | ||
| } | ||
|
|
||
| Write-Output "" | ||
| Write-Output "==========================================" | ||
| Write-Output "NDIS Driver Fix Script Completed" | ||
| Write-Output "==========================================" | ||
| Write-Output "" | ||
|
|
||
| # Wait a few seconds to ensure output is visible | ||
| Start-Sleep -Seconds 5 | ||
|
Comment on lines
+178
to
+179
There was a problem hiding this comment. The |
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The HLK base path is hardcoded. This will cause the script to fail if the Hardware Lab Kit is installed in a different location or on a different drive. It's more robust to determine this path dynamically by querying the registry, with a fallback to the default path if the registry key is not found. I'd also recommend adding a check to ensure the path exists before proceeding.