Can't sign my driver with sha384 EV code signing certificate

Occasional Contributor
Hello, our company renew EV code signing certificate, and now it has sha384 algorithm, our driver correct pass all HLK tests, and after it i have signed my *.hlkx result with this certificate, but micorosoft partener center can't accept this *.hlkx due to error: "Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again"

 

Help me, please.

10 Replies
I correct sign driver in HLK, all tests are passed, but after i can't upload my *.hlkx result to microsoft, because i have error: "Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again", i have bought certificate on sectigo.com, and now they provide sha384 algorithm, because sha256 is deprecated, but microsoft can't accept this *.hlkx signed with this certificate.

@dshadrin 

https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate

information indicates that you must use the same computer and browser for the signature to be considered valid. 

@AndrzejX, you have signed driver thougth HLK? I've signed drivers about five years, and i know how to buy certificate, how to pass HLK tests, and how to upload *.hlkx to microsoft partner center, but now sectigo.com provide me sha384 certificate and sign *.hlkx result using HLK studio with this certificate, but microsoft partner center don't accept this result, because my certificate is not sha256 :(
Starting from May 28, 2021, 14:00 MDT (20:00 UTC), DigiCert will require 3072-bit RSA keys or larger for code signing certificates. This change is to comply with industry standards. These new RSA key size requirements apply to the complete certificate chain: end-entity, intermediate CA, and root. ECC key requirements however remain unchanged.

So how can i choose SHA256 when i sign my *.hlkx result from HLK STUDIO ?
It's good that you raised this problem!
The suggestion speaks of a switch - SH256 , so maybe there is an error here?
This switch applicable for signtool.exe utility, and i use this switch, but HLT test result signed by HLK studio and i can't use this switch or something else in this step.