Open cedricvanrompay-datadog opened 9 months ago
ebourg
commented
9 months ago If this format is usually signed with signtool then it's a good candidate to have it supported by Jsign.
I have never seen an HLK file, but according to the documentation it's based on the OPC format, so it's probably similar to the APPX format already supported by Jsign.
Do you know where I can download a signed HLKX file? If you have one you can send it to ebourg@apache.org and I'll investigate it.
ebourg
commented
9 months ago There is a fork of OpenOpcSignTool by @monrapps supporting HLKX files, that may give some hints on how to implement it in Jsign.
I struggle to find examples of HLKX files, if someone could send two such files, signed and unsigned, to ebourg@apache.org I'll get a look.
ebourg
commented
9 months ago Actually the HLKX files are signed by the HLK controller (hlk.exe sign on the command line) and not by signtool.
Supporting this format in Jsign is likely to be similar to implementing NuGet signing (#162).
I don't have the time to look into this right now, but if someone wants to implement it I'll review and merge the changes.
cedricvanrompay-datadog
commented
9 months ago Sorry for the delay.
Yes, HLKX packages are signed by "HLK Studio" and not by SignTool. See https://learn.microsoft.com/en-us/windows-hardware/test/hlk/user/digitally-sign-an-hlkx-package
I'll try to get you some HLKX samples, both signed and unsigned.
monrapps
commented
9 months ago The fork of OpenOpcSignTool was created just to make it possible to sign HLKX files using keys stored in Azure Key Vault, which is not possible using "HLK Studio"
How easy/likely is it that JSign supports signing HLKX packages someday soon?
I was not able to find any specification for HLKX signing, the closest thing I found to a specification is this: https://learn.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm
Plus a bit of documentation: