I’ve been looking into Windows 10 kernel driver signing for a while now and this is what I’ve found so far:
- The portal accepts submissions using a Symantec certificate (I haven’t tried digicert, but they claim it’s supported as well)
- The signing takes anywhere between 5 - 30 min. But it can apparently take several hours based on server load
- The cab that you upload for signing needs to be in a specific format - https://msdn.microsoft.com/en-us/library/windows/hardware/dn962252(v=vs.85).aspx?f=255&MSPPError=-2147217396
- The driver (.sys) needs to have a .inf along with it. The portal will not accept .sys files without an accompanying .inf (e.g. some non-PnP drivers)
Open questions:
- (this is the biggest open question) The latest preview build of Windows 10 does not enforce this check. My drivers, which are NOT signed by Microsoft, still continue to load fine. When will we start seeing failures? Only after July 29 when Windows 10 releases?
- An API is supposed to exist - https://msdn.microsoft.com/en-us/library/windows/hardware/dn800659.aspx?f=255&MSPPError=-2147217396, but the URL it’s using, https://api.sysdev.microsoft.com is not available
- Will it be possible to sign .sys files on their own without an inf? I think the workaround until then would be to create a dummy inf (which hasn’t worked for me yet).