Forum Discussion
Driver Signing for pre-Windows 2016 questions
I have some questions about what the recommendations are for generating a signed driver for Windows 2016 and earlier. I set up the HCK test server (2008 R2) and test system(2012 R2), installed my...
Here's a recap of what I've tried - maybe there's something obvious (to someone) that I'm missing.
I've signed my driver with a valid Sectigo cross-signing certificate, with both sha-1 and sha-2, and both signatures timestamped.
I tested this driver under HCK on a Windows 2012 R2 test system, and everything passed. In HCK Studio, I generated an unsigned .hckx file (because I don't have access to the EV certificate on the HCK controller). I copied this hckx to my HLK controller system, and started HLK Studio there. I created a new project, and connected to the hckx. From there I created a package (hklx), adding my driver and symbols folders, and signing the package with the EV Certificate.
Then I logged into the Hardware Dev Center and chose Submit New Hardware. I uploaded the signed hklx. I didn't choose any of the "Requested Signatures" check boxes, and saw that Windows Server 2012 R2 is displayed in the Certification section. I filled in the rest of the form and let the submission proceed.
When the process finished, I downloaded my signed files. I extracted the driver from the zip archive and saw that it now has 3 signatures (2 from my cross-signing certificate, plus one from Microsoft). I installed this on a Windows 2012 R2 system and rebooted and the boot failed to load my driver - I had to go in and repair the system by replacing my driver with an older released version.
I've tried the same thing with choosing "Windows 2008 R2 x64" checkbox in the "Requested Signatures" section. But that doesn't result in a working driver either.
I've signed my driver with a valid Sectigo cross-signing certificate, with both sha-1 and sha-2, and both signatures timestamped.
I tested this driver under HCK on a Windows 2012 R2 test system, and everything passed. In HCK Studio, I generated an unsigned .hckx file (because I don't have access to the EV certificate on the HCK controller). I copied this hckx to my HLK controller system, and started HLK Studio there. I created a new project, and connected to the hckx. From there I created a package (hklx), adding my driver and symbols folders, and signing the package with the EV Certificate.
Then I logged into the Hardware Dev Center and chose Submit New Hardware. I uploaded the signed hklx. I didn't choose any of the "Requested Signatures" check boxes, and saw that Windows Server 2012 R2 is displayed in the Certification section. I filled in the rest of the form and let the submission proceed.
When the process finished, I downloaded my signed files. I extracted the driver from the zip archive and saw that it now has 3 signatures (2 from my cross-signing certificate, plus one from Microsoft). I installed this on a Windows 2012 R2 system and rebooted and the boot failed to load my driver - I had to go in and repair the system by replacing my driver with an older released version.
I've tried the same thing with choosing "Windows 2008 R2 x64" checkbox in the "Requested Signatures" section. But that doesn't result in a working driver either.