Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Automating Attestation Signing

OSR_Community_UserOSR_Community_User Member Posts: 110,217
Hello Sirs.,

Some months ago someone wrote here having a partially working attestation signing automation. Researching the topic I've found Microsoft claiming that the REST APIs would not be available anymore after October/2016.

Does anyone have or know about any solution or the API's working status?
My goal is to include our driver's production signing into our pipeline.

Thanks!

Comments

  • Eric_BergeEric_Berge Member Posts: 30
    If that is the same note I saw, they also left the door open for providing the REST API in the future on the new signing portal but there was no commitment or time frame specified.

    I filed a support request that this be brought back for the new portal with an API as similar as possible to the old API as I had mostly implemented that with some python scripts. However I have not received a reply from Microsoft.

    I would recommend adding your voice through whatever channels you have open to Microsoft to request that they provide this as soon as possible as the ability to automate build/signing processes is very necessary. I believe Microsoft understands this to a degree as I suspect it was one of the key issues that caused them to back off from the requirement that drivers by signed directly with an EV Certificate for Windows 10.

    Eric Berge
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hi Eric,
    I'll ask that through the portal feedback form.
    Thanks for sharing.
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,339
    If anybody hears anything about this, please post back here.

    Peter
    OSR
    @OSRDrivers

    Peter Viscarola
    OSR
    @OSRDrivers

  • Frank_HoffmannFrank_Hoffmann Member Posts: 1

    There is now an official REST API from Microsoft for signing drivers and other dashboard features like managing shipping labels. The API ist documented here: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/dashboard-api
    There is also a Microsoft sample in C# how to use this API. I've also tested it with a python script I wrote. The signing works and can now be completely automated.

  • Jason_T.Jason_T. Member Posts: 63

    Thanks for posting that Frank!

    I wish they'd add an architecture selection box to the web UI as well - to pick all x86, x64 or ARM SKUs. The way the various versions are laid out, it's way too easy to miss one version of x64, for example, since some are in the left column, some in the right, and the list is always changing/growing. This alone would be a good reason to build a simple app to automate the process.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,339

    Yes, Mr. Hoffmann... thank you indeed.

    While I would ordinarily chide you for a necropost, this one was indeed very useful. As soon as I read your post, I sent an email to my team members saying "We should do this"

    Peter
    (Still, you know, it WAS a necropost)

    Peter Viscarola
    OSR
    @OSRDrivers

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 238
    via Email
    If anyone does a C/C++ port for the API, it would be nice.
    I will be working on a Delphi, as soon as time permits.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA