Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Driver Signing procedure

ramchandra24ramchandra24 Member Posts: 11

I need to sign my KMDF driver on Visual Studio. I have bought a EV Certificate from Sectigo. What is the right way to import it on Visual Studio 2017?

Comments

  • Martin_DrábMartin_Dráb Member - All Emails Posts: 56

    I need to sign my KMDF driver on Visual Studio. I have bought a EV Certificate from Sectigo. What is the right way to import it on Visual Studio 2017?

    Since Visual Studio 2017 does not support double signing (I think) you may want to use the SignTool utility from the WDK (to attach sha1 and sha256 signature). Otherwise, your driver might not work on older versions of Windows (well, they probably are out of support now).

    I cannot elaborate on the Attestation signing process since I own only an OV certificate (which is good enough if you do not intend to support machines with Secure Boot enabled). There should be, however, plenty of topics related to driver signing, so the Search bar is your friend.

    Martin Dráb

  • Jon_K.Jon_K. Member Posts: 6
    edited June 13

    Same as above, I don't know if you can "import" the cert into VS. You could probably write a post build event to automate the process though. Here are some pointers:

    1.) You should have safenet installed

    2.) First step: sign the binary. Your ccert (if in the form of a USB key) should be plugged in. cmd:
    signtool sign /v /sha1 <the sha1 of your cert> /t http://timestamp.digicert.com <your binary>.sys
    safenet should open and promt for your password

    3.) Run inf2cat. cmd:
    inf2cat" /driver:_<directory containing your binary and inf>_ /os:10_X64,6_3_X64

    4.) Sign the cat. cmd:
    signtool sign /v /sha1 <sha1 of your cert> /t http://timestamp.digicert.com <your binary>_cat

    At this point you should either submit for attestation signing OR rung HLK then submit for signing. Searching on the commands above should easily lead to further documentation. Hope this helps!

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA