Driver signing is the most complex and expensive addition to hit drivers since I have been writing them for 20 years. I am unsure why it has to be this way. Answers to any of these questions might help me understand this situation:
1. Why are there different classes of certificates for driver developers? For instance, why can't the VeriSign organization certificate be used for code signing or a GlobalSign code signing certificate be used for winqual?
2. Why are we absolutely required to do business with VeriSign for logo? What would happen if they went out of business?
3. Why are certificates forced to expire every 1-3 years. Why can't we just buy one that lasts forever?
4. Why are certificates so expensive? And why is it an annual fee based rather than a single setup fee? How much work does VeriSign do year 2 compared to year 1?
5. Why is so much red tape necessary to get a certificate issued? It is impractical to get a certificate for some mobile, internet based consultants who need to meet physical presence tests for somewhere they have barely stayed or won't be there much longer anyway.
6. Why is signing the driver not part of the build tool? I modified mine by hand that everytime I press build it pops out a perfectly release signed driver, even for checked builds. I and my customers agree this has every advantage and no disdavantage.
7. Why aren't individuals allowed to write drivers anymore? They are prohibited from obtaining a certificate and thus barred from access to new Windows systems.
8. Since this forum is riddled with posts about driver signing is it time to open a new forum for it?