Currently we are in the process of moving our product to Windows 10 x64 OS. We have kernel-mode driver built in VS2015, it is test-signed and successfully runs on the target OS. We need to buy a new code signing certificate and sign this driver. Since this is first time we make such a procedure, I want to ask for details.
Microsoft article "Get a code signing certificate" https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate contains the list of certificate authorities. So, we want to buy a new EV coding certificate from Sectigo: https://sectigo.com/products/signing-certificates/code-signing
Having this certificate, I want to sign the driver as described in this article: "Signing a Driver for Public Release" https://docs.microsoft.com/en-us/windows-hardware/drivers/develop/signing-a-driver-for-public-release
Is this correct and enough to install our driver on Win10 x64 computers?
According to the article "Driver Signing Policy" https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later- the driver should be signed by the Dev Portal. We hope to use our drivers without this additional steps, by setting Secure Boot to OFF in the BIOS. Is this correct?
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|