I currently have the following flow working :
1. Sign my binaries with the organization's certificate (specifically, EV certificate).
2. Run HLK tests on signed binaries
3. Create HLK project with HLK results and signed binaries, sign the package, and submit it to microsoft.
4. Get binaries signed with microsoft
What I would like to know, is whether I can perform the tests, on binaries that are self signed with self created cross certificates (using makecert). And then in step 2, use those HLK results, along with the *Real "organization signed" binaries".
That is, does microsoft only check that the underlining driver is the same between the HLK results and the submitted drivers is the same ? Or do they check that those are the same binaries *exactly* (including the signature).
The reason that I am even asking, is that our signing machine is in a different networks. And in order to get back signed drivers into the network with the HLK it takes another "round" of bringing files back and forth, which I would be happy if we can do without.