1

Topic: Who can explain current process of signing of drivers for Windows 10?

My initial positions: 1) EVO the certificate is. 2) the driver I am able to sign. 3) there is an account in Microsoft DEV center. 4) Signed and transited check of a test file. What's next? To put Windows HLK for Windows 10? But after all them some pieces. To do the test of the driver and to send? But after all the driver should work and for other Windows versions. I will be grateful for the help.

2

Re: Who can explain current process of signing of drivers for Windows 10?

Hello, greatis, you wrote: G> to Put Windows HLK for Windows 10? G> But after all them some pieces. And in addition it is necessary a minimum three computers (or virtual machines). All is there so awfully heaped up that any desire to understand. G> to do the test of the driver and to send? It is necessary only for server . For client the driver subscribes without tests. Simply load it in a portal and wait for check/signing.

3

Re: Who can explain current process of signing of drivers for Windows 10?

Hello, greatis, you wrote: G> to Do the test of the driver and to send? G> but after all the driver should work and for other Windows versions. As already wrote above - for normal Windows 10, it is enough to sign on portal MS. It is called attestation signing. If in the driver is CAT files, it is necessary to hold two versions as last versions of Windows do not understand signature MS for Windows 10, and CAT file AFAIR can carry only one signature: 1) Signed by the certificate for last Windows versions 2) Signed on portal MS for Windows 10, On an expert did not check, but MS speaks that the driver signed on a portal will not be launched on Windows Server 2016, for this purpose it is necessary to transit HLK tests that there is rather  a procedure. Briefly, it is possible to lift two , in one Windows Server and HLK controler, in the second Client in which actually tested driver. For last to take better at once Windows Server Core without ,  one of tests demands that the driver could work without the user interface. The complete set of tests can occupy more than 24 hours and special stability in operation does not differ. For magnification of speed it is possible to throw off  on FRAMES a disk, but the heap of storage  is required. In my case tests occupied about 20 hours on Xeon c 96 GB RAM, with hundreds reboots of the client.

4

Re: Who can explain current process of signing of drivers for Windows 10?

Hello, the Black Lord, you wrote: >... MS speaks that the driver signed on a portal will not be launched on Windows Server 2016, for this purpose it is necessary to transit HLK tests that there is rather  a procedure. Probably, it concerns only Windows Server 1709, which generally without GUI. Did not check (at me on Hyper-V this server it was not launched at all). I checked on pure setting "normal normal" Windows Server 2016 (14393, i.e. 1607) with included Secure Boot - it turns out that enough normal attestation signing. MS for a long time threatened to make mandatory passage of HLK-tests for server platforms, but meanwhile their threats cannot come true

5

Re: Who can explain current process of signing of drivers for Windows 10?

Hello, greatis, you wrote: G> who Can explain current process of signing of drivers for Windows 10? 1.  the driver (in old WDK or in new - it is not important). 2. By means of a ddf-file and the utility makecab you generate.cab-archive (inside also there should be a.inf-file). 3. You sign.cab-archive the EV-certificate. 4. You send.cab-archive on a portal. 5. It is necessary to wait some time, it is normal minutes 15-20. 6. You download signed MS the driver. For Windows 8.1 and older systems it is necessary to sign on-starinke, i.e. with to sign itself.sys or.cat the cross connect-certificate through signtool.exe. Or it is possible to try to transit HLK-tests for the driver. I transited these tests for FS-minifilters, occupies it of the order of 15 hours. But basically, anything difficult, especially after the first time

6

Re: Who can explain current process of signing of drivers for Windows 10?

Hello, okman, you wrote: Thanks for the help! It's a go. O> hello, greatis, you wrote: O> For Windows 8.1 and older systems it is necessary to sign on-starinke, i.e. with to sign itself O>.sys or.cat the cross connect-certificate through signtool.exe. I.e. it is necessary to have some copies of a file signed differently and to check correspondence of Windows version and the driver signature? And if not that is delivered. BSOD? Or it refuses to be put? O> or it is possible to try to transit HLK-tests for the driver. I transited these tests for FS-minifilters, O> occupies it of the order of 15 hours. But basically, anything difficult, especially after the first time I Will try.

7

Re: Who can explain current process of signing of drivers for Windows 10?

Hello, greatis, you wrote: G> I.e. it is necessary to have some copies of a file signed differently and to check correspondence of Windows version and the driver signature? Yes. Or to use dual signing, i.e. at first to sign a file on-starinke (cross signing) and then to send it on a portal therefore it receives the second signature (attestation signing). G> And if not that is delivered. BSOD? Or it refuses to be put? It refuses to be put.

8

Re: Who can explain current process of signing of drivers for Windows 10?

Hello, okman, you wrote: O> Or to use dual signing, i.e. at first to sign a file on-starinke (cross signing), and O> then to send it on a portal therefore it receives the second signature (attestation signing). To me it did not help to provide setting simultaneously under all 6.x and to ten. In ten it is put without questions, and in 7-8.1 swears on an improper platform. Got out, using the second pair INF/CAT signed by the certificate, with the same SYS-files signed by the double signature.

9

Re: Who can explain current process of signing of drivers for Windows 10?

All thanks for the help! Understood.